forked from Dvd848/CTFs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
581 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,144 @@ | ||
| # ∑BIT | ||
| Category: Misc., 100 points | ||
|
|
||
| ## Description | ||
|
|
||
| > We hid an email in this challenge, find it to get the flag (and feel free to send your CV to this email 😉). | ||
| > | ||
| > Note: the flag is cstechnion{sha1(<email>)} | ||
| A binary file was attached. | ||
|
|
||
| ## Solution | ||
|
|
||
| Let's check the attached file: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ file ./sigma_ctf | ||
| ./sigma_ctf: ASCII text, with very long lines | ||
|
|
||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ head ./sigma_ctf | ||
| H4sIAAjdoFwAA+1YfWxUxxGfdz6fD2PgjE0wwUpeUlBNg89nfLYDclobY2wT8xHjIiOhPj/fPfsuOd+d7j1HJqXiwybJH46gAVWopfVJjSr+6B+0jSqk0IqqNJX6oUYNUqiUSneYK4FQyaQprdKG68zu+9h7GEX9I5UqsdLc7Nz8dnd2dmfe7o7Gk0EtMQafZwmFQu3trTLy5vbWkMipNLds2rRJbm4Jt4aaW9tC7S1yiIRmkEOfq1VmmdQNNYOmpDPxSExLPhD3WXo+Gdnm/yflcM/AdkmSbNkDDUDSuWmAMHLvEvoPysMggx91j0M96dPDPoDhlzn5gZPXJFSxtuEjnFiHSOWmvox0KIePcqoBTl4HyssRTlEfp3LzP9Lz/yRGIfxjQOLjkh7thbSPSGK0gPKCaZdlYx/i+45y2gacLN1zBSO6mK+s9k2J+GhTItqYiCcnp4J6KtjC/w+Ytvfu+qrpS97mUbNdrTl30g/e+ChU8+Mv9+/I/PRbZ9bP/fObt73fJ12FiaG25a6xLb94TW7hJBMbiHmaPcIanH3rVP1r4Xu3Ljz1wqpv/LV6RdOuZ+665yQJdRmpDWlmmssrTdtPCnIT0oggb6BxBPkZpIQgg6KMT6SSCkWZoSiArouQy9pQEddTkc2bFT2iJsdAHU1lDIqypDEGupFJYKwpCsHNthNqPAm9A/1bu5VNwXa7FgbT12VIHtMfHrYWAXNeq+PxZeSt3eZ/tUz2wH5TP1MhwSp0RAL5I+i8NHF0oEEc/58ijh0fIo5OP0IcHR7obLz5RYAPA50/++CxYlPem2sseHNzheW5Ezn/ws8L3hns/O0T1/y/mb3m/fhiwar/+29O/WOhfluoXxfq71P9fHYectl5b+C715fJ2bxXxrGgsRC4NFfwXmosVMFcoSo0VygUix8uIL15HNcJx7+AvB7/r5fnCmWhEzmPfOoGwOA82f7nYnGtZTut2TryD2JBfrdAGEnOloH8y3LSn8Y5r8Mx/NgOQidRv3ceXVFZS3isr8hlq2uKTdV+qz+fubP6Gm96z792LdCM40M2X1U9V/gV2ueV5gqXkEMom6/F9oiulELZedx/tz5gNpwqXA+RzU/mcjLJrxc8sDdv4TYi7ncm7gLx0KlCmXwsd5HawKCNexJxPzRxZ02cR47kzrpwdYibMXEzAu6QC7cccQkTd0AY94ALh9vo1kCIz7kuMFc4xOc6T7L3nWevQR/309OYP8+gb6f2hVeeRH4W6cpv38lnkVcE3vvoDeT/Crz3yTnk37l89U8diKd2C72NN4ezc4XhPWjDSDYvpbN5z5Fsfj+O04fjlu95Pkfr3fPc+XxldjqHabwSOrPzPhy/IpDN+2kP/eLbN3Dd8vXYn9Q5c60chvJ3i8UtC73mfi4Wi36kQ0f5Xrf2CsXXeh2gO5XJaBHjCXkopsljCXVcjutb5PV6JS77nk+Lh63cshH3YWDGyTcUg1VIHbjnMBChAee0Bng+X2vmL8o7MZTrwcnLs2jH3+8VUxeP8nw3coznuYWjNDmACNJSs/9VQo4cqZBYXqDzBOXgasoJZMM0r3unea6ib1iNye8Vi6kr2D9OP0U2Y0ylLh9zZ8/PLmmfk2EHphcnsSz9yt7Dvd3dW+SGbdpoXE3K4WBbsKWxObyB18ClDAfbGzdt4BXoomysaupoHKTHgb7aQ+Dz+KUl0kpvrbRKWl1WJ62RHvVslCCoH5ww1FHkRobzmFXDDKxl0hBMpgwt2LW1v9FQx01pPDkZHJ2M47cvHgUmxVQ9BsHowST2x7mR4ZoXtYweTyVLBAV1GS1BOF5JJwwaMI6/hjaFv2MooCoVVQ0Vgl2DO4PaVDw6BUEtpoxl1AmNwxU1k1EPcrhVfz6SYRaoE/EIjprC3ngvo7oOwUhqYkJLGrxP1TAy8dFJQ9P/m7WkvUmrSXuJnV0kvl+sYq30F4B/xwnHzhgS/7Zaxfp+Nwu4GOJiEs/Bblwf8P1OOIqBWYnvZZ+AI6IzDMZvinAUIxclfg5z43YBjxPCUews0IHOtEUC5yyzD5wzBsXaiIfHmHu+XwMeJ4SjGLmMleXCuB6TXgAeV1Sn2Lri4fMQx6XyEtISsw3FpreMx6Q4D5KnBRzFclWZ45dlAm7W7J/+p5zTUeacDUQ/vyLgWGwi7oALR/S6gKNz8jk6E3ju7++MgKMc1+Djec+N+x4I+wpxYd/i++AHHJemNMTO3j4+v+Uu3I+E/kYQN+JzdCLuLbMtrTE/Sy+O+zXSChNHOTn2ANy75riEo+9/4gG4q6ZPCMfP6Px8XiHgaF55oT/K4SMIaHD1R/QXAfcq4l6tWNzPt81+CUfnmdOIq18Ed8fsz7p/Em6zgLPuKJ/wvtLW/79H3JdcOCrV5phW+UcFHRLux1lrZpX3cRPvQd88hvVnwYnLJa7+NuJHbUxoKJ7p3YXyFrD2HNVny7yDmC3zEWZtmXvnoi3z28mCLfPoHDlmyXw1L9uyn/ErtryEce+0JVcyXmXLSxnvsGW+ogO2vIzxc7bMo4DijMsr+HxtmUf8sC1Xc3ttmd1WWBxwmWf2mC3XMp6wZX7CSNvyI7y/CktezfirtlzH+GlbXgNiKWMnHlFey1bIWh/aGV5hvhS5kjAf2mUkX3Xpw7Y+wGTLHkB7qL/rAr5CkD1me/+Moyd8h42vYnKD3f8K/g1y6TcK+tXC/Lxwp4hnc9ufeANj48267AsI4zcJsmVfg6DvAe5fHp9rGI/Z569aGBJkCWVmn9D+64Js9T8s6Pm7g9VfDfteRO3+apj+tG3/GpavxfmS5qQwP6o9LawP2TPiGu/IcUcm/ZvHS/X1Lzuy27+kH7H1K+GCIEsok96+p6H/34bS9fhjif9qYB6c/Y43YJZPRX8Uwdn/ElpD9jrn22VsvAOCzOYryHQHp/l5mbXLYb3E70YUadXoz6ckZ//K6L82qfQtgs5Zlv8DOP99WD0vyKpLT+cta/+uxP2ZdOFfEsYL4HivSKVvG28IiVZG+onk7N9qTx1cknj8eZn9AfiDVPq2QpdFup+nzfnecY1/V3LinfSfSnz/8P7qwO8pxQc8pfOr9/D9NCTx9k8I3wiyt9VT+raz21P6lkPnvQ5bxvy7LgrrVIioiYTwqAORjKEbk2NjwQgoyo7uQWWgf++QoqAQTSnjidSomlCiRiqjK+rkFOA5PJ3QDC0abG1raV8cpDjHegXP7JmDwI7+SnRyYuIgNhEkxbkNmFA68yvpTCqi6Xo8Oc6s2j7YtbNH6dm1jZlFNlr1kuZRULbt39W1s7+7VMPnqfQO7N7aNaDs3r59b8+QMtS1daBHsd6oIvoksxriyfSkwY3gzfiTVmen82ClKHgjsV/EmIBjU1VjFxbekSIqFKHD+17FSvsueW7DhnpKianJaEIDpX83KqLxpDKpa1Hzka20sT0XdifjLuGjTqUySkbTJxNkgGWVPQ9gr3PKjheVQW08ruMFsjuh6jrer0qf+ZzR2vmLX8nwbNCH5WF5WB6Wh+V/Uf4DkjcPHwAeAAA= | ||
| ``` | ||
|
|
||
| Looks like base64, let's decode: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ base64 -d sigma_ctf > phase1 | ||
|
|
||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ file phase1 | ||
| phase1: gzip compressed data, last modified: Sun Mar 31 15:30:16 2019, from Unix, original size modulo 2^32 7680 | ||
| ``` | ||
|
|
||
| Now it's GZip, let's extract: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ mv phase1 phase1.gz | ||
|
|
||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ gunzip -v phase1.gz | ||
| phase1.gz: 65.7% -- replaced with phase1 | ||
|
|
||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ file phase1 | ||
| phase1: POSIX tar archive | ||
|
|
||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ tar -xvf phase1 | ||
| bin.elf | ||
| ``` | ||
|
|
||
| Finally, we got a binary: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ file bin.elf | ||
| bin.elf: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.3, for GNU/Linux 2.6.26, BuildID[sha1]=52e7f23013b23e494a72b69698259ff891ec04a3, not stripped | ||
| ``` | ||
|
|
||
| However it's compiled for ARM, so might not be streightforward to run. Let's start by inspecting the decompilation with Ghidra: | ||
|
|
||
| ```c | ||
| undefined4 main(void) | ||
|
|
||
| { | ||
| size_t sVar1; | ||
| undefined4 uVar2; | ||
|
|
||
| __isoc99_scanf(&DAT_00008638,input); | ||
| sVar1 = strlen(input); | ||
| if (sVar1 == 20) { | ||
| if ((input._0_4_ ^ 0x12345678) == xor_result) { | ||
| if (input._4_4_ + input._0_4_ == -0x1e2f342c) { | ||
| if (input._8_4_ - input._4_4_ == -0xd28eff9) { | ||
| if (input._8_4_ - input._12_4_ == -0x528ef05) { | ||
| if (input._16_4_ + input._12_4_ == -0x26273b65) { | ||
| printf("Correct! The flag is: %s\n",input); | ||
| uVar2 = 0; | ||
| } | ||
| else { | ||
| uVar2 = 1; | ||
| } | ||
| } | ||
| else { | ||
| uVar2 = 1; | ||
| } | ||
| } | ||
| else { | ||
| uVar2 = 1; | ||
| } | ||
| } | ||
| else { | ||
| uVar2 = 1; | ||
| } | ||
| } | ||
| else { | ||
| uVar2 = 1; | ||
| } | ||
| } | ||
| else { | ||
| uVar2 = 1; | ||
| } | ||
| return uVar2; | ||
| } | ||
| ``` | ||
| Seems easy enough to reverse: | ||
| ```c | ||
| #include <stdio.h> | ||
| int main() | ||
| { | ||
| int a[6] = {0}; | ||
| a[0] = 0x12345678 ^ 0x7F533F0B; | ||
| a[1] = -0x1e2f342c - a[0]; | ||
| a[2] = -0xd28eff9 + a[1]; | ||
| a[3] = a[2] + 0x528ef05; | ||
| a[4] = -0x26273b65 - a[3]; | ||
| printf("%s", (char*)&a); | ||
| return 0; | ||
| } | ||
| ``` | ||
|
|
||
| Output: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ gcc solve.c -o solve && ./solve | ||
| sigmabithr@gmail.com | ||
| ``` | ||
|
|
||
| So the flag is: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/BIT] | ||
| └─$ echo -n "sigmabithr@gmail.com" | sha1sum | awk '{ printf "cstechnion{%s}", $1; }' | ||
| cstechnion{cc13535a16336db29c278b29a9c0ce7cf4b1e7c8} | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,108 @@ | ||
| # Course Crawling | ||
| Category: Misc., 250 points | ||
|
|
||
| ## Description | ||
|
|
||
| > The zip file is encrypted using a name of one of the courses in the Technion, see if you can crack it. The password format is `<course number>:<course name in english>` | ||
| > | ||
| > Note: Please try to crawl smartly and do not spam any site with request (we won't take any responsibility if you do so). | ||
| A zip file was attached. | ||
|
|
||
| ## Solution | ||
|
|
||
| The easiest way to crawl the English Technion course names is using their official [search engine](https://students.technion.ac.il/local/technionsearch/search?lang=en). It is session-based, so we basically need to open it in a browser and just perform a simple search with the default parameters. This action redirects us to `https://students.technion.ac.il/local/technionsearch/results`, but if we grab the session ID and use it for a cURL request, we can access the same data via the command line. | ||
|
|
||
| Each course name is included in a `div` such as: | ||
|
|
||
| ```html | ||
| <div class="d-flex w-100 justify-content-between"> | ||
| <h6 class="mb-1" style="font-weight: bold;"> | ||
| 14003 - Statistics | Winter 2021/22 | ||
| </h6> | ||
| <small> | ||
| |Undergraduate Studies | ||
| </small> | ||
| </div> | ||
| ``` | ||
|
|
||
| After applying some bash magic, we can get the course list for each search page: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/Course_Crawling] | ||
| └─$ curl 'https://students.technion.ac.il/local/technionsearch/results?page=0' -X POST -H 'Cookie: MoodleSessionstudentsprod=jr4nar1q2md2a3a7tae043mqae' -s | grep "<h6" -A 1 | grep "|" | egrep -o '^[^|]+' | sed -e 's/^[[:space:]]*//' | ||
| 14003 - Statistics | ||
| 14004 - System Analysis | ||
| 14005 - Engineering Laboratory | ||
| 14006 - Introduction to Numerical Methods | ||
| 14008 - Graphical and Engineering Information | ||
| 14010 - Engineering For Developing Communities | ||
| 14101 - Project in Structures | ||
| 14103 - Intro.to Engineering Mechanics | ||
| 14107 - Introduction to The Theory of Elasticity | ||
| 14108 - Structural Analysis | ||
| ``` | ||
|
|
||
| Now we just need to loop for each search page result. From our search via the browser we can see that currently there are 440 result pages. | ||
|
|
||
| ```bash | ||
| #!/bin/bash | ||
|
|
||
| output_file=course_list.txt | ||
|
|
||
| echo "" > $output_file | ||
|
|
||
| for i in {0..440} | ||
| do | ||
| echo -ne "$i\r" | ||
| curl "https://students.technion.ac.il/local/technionsearch/results?page=$i" -X POST -H 'Cookie: MoodleSessionstudentsprod=jr4nar1q2md2a3a7tae043mqae' -s | grep "<h6" -A 1 | grep "|" | egrep -o '^[^|]+' | sed -e 's/^[[:space:]]*//' >> $output_file | ||
| sleep 0.1 | ||
| done | ||
|
|
||
| head $output_file | ||
| ``` | ||
|
|
||
| Once we have all the course names and numbers, all that's left is to try them all: | ||
|
|
||
| ```python | ||
| from pwn import * | ||
| import zipfile | ||
| import zlib | ||
|
|
||
| pwd_filename = "course_list.txt" | ||
| zip_filename = "course_crawling.zip" | ||
|
|
||
| with open(pwd_filename, "r") as passwords, log.progress("Brute forcing password") as p: | ||
| zip_file = zipfile.ZipFile(zip_filename) | ||
|
|
||
| for line in passwords: | ||
| password = line.strip() | ||
|
|
||
| course_number, course_name = password.split(" - ", maxsplit = 1) | ||
| password = ":".join([course_number, course_name]) | ||
|
|
||
| try: | ||
| p.status(f"Trying {password}") | ||
| zip_file.extractall(path="Output", pwd=bytes(password, 'utf-8')) | ||
| log.success(f"Password Found: {password}") | ||
| break | ||
|
|
||
| except (RuntimeError, zlib.error): | ||
| continue | ||
| ``` | ||
|
|
||
| Output: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/Course_Crawling] | ||
| └─$ python3 solve.py | ||
| [+] Brute forcing password: Done [+] Password Found: 324432:Psychology of Music | ||
| ``` | ||
|
|
||
| And the contents: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/Course_Crawling] | ||
| └─$ cat Output/course_crawling.txt | ||
| cstechnion{waiting_for_a_course_on_CTFs} | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,61 @@ | ||
| # Finding Ducky - Part 4 | ||
| Category: Cryptography, 100 points | ||
|
|
||
| ## Description | ||
|
|
||
| > Okay so we found a cipher, but what is it? and what twitter has to do with it ? | ||
|
|
||
| ## Solution | ||
|
|
||
| In the [previous challenge](Finding_Ducky_-_Part_3.md) we got the following text: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/Finding_Ducky_-_Part_3] | ||
| └─$ cat cipher.txt | ||
| Look at my twitter, the flag is cstechnion{the_new_logo_is_great_right} | ||
| 84 366 446 496 402 66 111 340 280 243 131 157 429 263 181 273 143 407 470 356 125 176 333 467 343 161 188 115 306 179 419 466 253 156 278 316 72 317 485 348 320 | ||
| ``` | ||
|
|
||
| If we check Ducky's twitter, we see that a mysterious tweet: | ||
|
|
||
| ``` | ||
| Aekv5OXXuaSa8KK09ZlLorK;JfKSygNa7DvP34WzRmcy0xuA;nkChdfWjy81HzgDuI/ewZ9LaqWMKFaVBVoZhBi6DuZFxih6QH.tstHN0Eb:joz/tIntJXyogXp2/cvr9MSoYL8nv9lRkFp5aOV1GWo1j3LZoai45sl:nzrqDT32vi;1t23cB2;CX0QS.ebHv;kw.B.T5Zw0qbro.2GT6DeazvBt1ZUuQ5V7LJeCVbjrPadeE;:hxuj3;JQ92i9ZYCq1Xfr4QvKAGdckL1;nhNnXcUkV3mERXjYT4TR7H,rUldD/iqe6xUFbs9A4.c06l,E2Zoon7hFtWf1s:KYaeh1cbW7wi2uOcStW.wEeqJi1c7tK2xC57n87EQNrk4XQ/CHg4m,:n7nB8UdK3Z:pDu32WTIkm8Iv6FFhFjeCJ7,qdi1AcqC,Hb0KNjTb48tX/Y7L,E8C6d13.;pywLn.8V1RKzIobWy9:acRx.yMIw6fjKFMpdrP | ||
| ``` | ||
|
|
||
| This might look like a hash but none of [hashcat's example hashes](https://hashcat.net/wiki/doku.php?id=example_hashes) seem to match, and what should we do with the list of numbers anyway? | ||
|
|
||
| What if we use them as indices to the text? | ||
|
|
||
| ```python | ||
| >>> text = "Aekv5OXXuaSa8KK09ZlLorK;JfKSygNa7DvP34WzRmcy0xuA;nkChdfWjy81HzgDuI/ewZ9LaqWMKFaVBVoZhBi6DuZFxih6QH.tstHN0Eb:joz/tIntJXyogXp2/cvr9MSoYL8nv9lRkFp5aOV1GWo1j3LZoai45sl:nzrqDT32vi;1t23cB2;CX0QS.ebHv;kw.B.T5Zw0qbro.2GT6DeazvBt1ZUuQ5V7LJeCVbjrPadeE;:hxuj3;JQ92i9ZYCq1Xfr4QvKAGdckL1;nhNnXcUkV3mERXjYT4TR7H,rUldD/iqe6xUFbs9A4.c06l,E2Zoon7hFtWf1s:KYaeh1cbW7wi2uOcStW.wEeqJi1c7tK2xC57n87EQNrk4XQ/CHg4m,:n7nB8UdK3Z:pDu32WTIkm8Iv6FFhFjeCJ7,qdi1AcqC,Hb0KNjTb48tX/Y7L,E8C6d13.;pywLn.8V1RKzIobWy9:acRx.yMIw6fjKFMpdrP" | ||
| >>> for x in "84 366 446 496 402 66 111 340 280 243 131 157 429 263 181 273 143 407 470 356 125 176 333 467 343 161 188 115 306 179 419 466 253 156 278 316 72 317 485 348 320".split(): | ||
| ... print(text[int(x)], end="") | ||
| ... | ||
| http://echoai421521.ctf.cs.technion.ac.il>>> | ||
| ``` | ||
|
|
||
| We visit the URL to get the flag: | ||
|
|
||
| ```console | ||
| ┌──(user@kali)-[/media/sf_CTFs/technion/Finding_Ducky_-_Part_4] | ||
| └─$ curl http://echoai421521.ctf.cs.technion.ac.il | ||
| <!DOCTYPE html> | ||
| <html lang="en"> | ||
| <head> | ||
| <meta charset="UTF-8"> | ||
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | ||
| <title>Echo AI</title> | ||
| </head> | ||
| <body style="background-color:#040720;"> | ||
| <div align="center"> | ||
| <h1 style="color:#e5e5e5;">cstechnion{an_ai_duck,_now_i've_seen_everything} | ||
| </h1> | ||
| <video width="960" height="600" controls autoplay> | ||
| <source src="ducky.mp4" type="video/mp4"> | ||
| </video> | ||
| </div> | ||
| </body> | ||
| </html> | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # Outsiders | ||
| Category: Cryptography, 100 points | ||
|
|
||
| ## Description | ||
|
|
||
| > While searching abroad for ducky, we found this code etched to a stone, can you figure out what it is? | ||
|  | ||
|
|
||
| ## Solution | ||
|
|
||
| We know that the flag format is `cstechnion{}`. The `<` character in the ciphertext seems to match the `c` of the flag format. Using the flag format, we can decipher the following: | ||
|
|
||
| ``` | ||
| cstechnion{??c?n??o?_i?_co?in?} | ||
| ``` | ||
|
|
||
| We might be able to guess a few more letters based on common sense (does in end with "is coming"?), and maybe a few more if we notice that some of the characters have a slight resemblance to the latin alphabet, but the easiest way to crack the code is to use Google Image search and find the [key](https://thehistoricallinguistchannel.com/runes/): | ||
|
|
||
|  | ||
|
|
||
| Using this key, we can decipher the text: | ||
|
|
||
| ``` | ||
| cstechnion{ducknarok_is_coming} | ||
| ``` |
Oops, something went wrong.