# NN2k16 CTF - moneymoneymoney (extra) (55pts)


# cat moneymoneymoney.py
#!/usr/bin/python

import base58
import bs4
import pyblake2
import re
import requests
import socket
import sys
import uu

def base58encode(hex_addr):
 ha = hex_addr[::-1]
 return base58.b58encode(ha.decode('hex'))


def crack_blake2(bh):
 a = ['0', '1', '2', '3','4','5','6','7','8','9','a','b','c','d','e','f']
 for i1 in a:
     for i2 in a:
  for i3 in a:
      for i4 in a:
   for i5 in a:
       for i6 in a:
    p = i1+i2+i3+i4+i5+i6
    if pyblake2.blake2b(p).hexdigest() == bh:
        return p

def get_bitcoins(addr):
 r = requests.get('https://blockchain.info/address/' + addr)
 soup = bs4.BeautifulSoup(r.text)
 tag = soup.findAll('span', {'data-c': True})
 m = re.findall('>(.*) BTC<', str(tag[1]))
 #return m[0].replace(',', '')
 return m[0]

def rot(text, n):
 I = 32
 F = 126
 a = []

 for i in xrange(I, F + 1):
  a.append(chr(i))

 result = ''
 for i in text:
  oi = ord(i)
  if I <= oi and oi <= F:
   r = (oi - I + n) % len(a)
   result += a[r]
  else:
   result += i
 return result

def shamir_secret(ss1, ss2):
 payload = {'message': ss1[2:] + '\r\n' + ss2[2:]}
 r = requests.post('http://asecuritysite.com/encryption/shamir_decode', data = payload)
 m = re.findall('share of 2: (.*?)\n<', r.text)
 flag = m[0]
 return flag

def uudecode(encoded):
 ui = 'uu.in'
 uo = 'uu.out'

 f = open(ui, 'w')
 f.write(encoded)
 f.close()

 uu.decode(ui, uo)

 f = open(uo)
 decoded = f.read()
 f.close()

 return decoded

def xor(text, key):
 r = ''
 lk = len(key)
 for i in range(len(text)):
  r += chr(ord(text[i]) ^ ord(key[i % lk]))
 return r


HOST = 'challenges.ka0labs.org'
PORT = 1337
DELIMITER = '-' * 32

server_socket = (HOST, PORT)

print server_socket
print DELIMITER

client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect(server_socket)

data = client.recv(1024)

print data
print DELIMITER

m = re.findall('= (.*?)\.', data)
blake2_hash = m[0]

print '[+] blake2 hash = ' + blake2_hash 

x = crack_blake2(blake2_hash)

print '[+] x = ' + x
print DELIMITER

client.send(x + '\n')
data = client.recv(1024)
print data
print DELIMITER

m = re.findall('(1-000.*?)\.', data)
shamir_secret_1 = m[0]
print '[+] shamir secret 1 = ' + shamir_secret_1
print DELIMITER

data = client.recv(1024)
print data
print DELIMITER

m = re.findall('([0-9A-Z]+00A)', data)
challenge = m[0]
print '[+] shamir secret 1 = ' + shamir_secret_1
print '[+] challenge = ' + challenge
print DELIMITER

hex_challenge = challenge.decode('hex')
print '[+] hex_challenge = ' + hex_challenge
print DELIMITER

rot52 = rot(hex_challenge, 52)
print '[+] rot52 = ', rot52
print DELIMITER

uud = uudecode(rot52[22:])
print '[+] uudecode = ', uud
print DELIMITER

byte_uud = ''.join(map(chr, map(int, uud[11:].split(','))))
print '[+] byte_uud = ', repr(byte_uud)
print DELIMITER

xored = xor(byte_uud, 'ANDYRLZ')
print '[+] xored = ', xored
print DELIMITER

hex_addr = xored[18:]
bitcoin_addr = base58encode(hex_addr)
print '[+] bitcoin addr = ' + hex_addr + ' --> ' + bitcoin_addr
print DELIMITER

bitcoins = get_bitcoins(bitcoin_addr)
print '[+] bitcoins = ' + bitcoins
print DELIMITER

client.send(bitcoins + '\n')
data = client.recv(1024)
print data
print DELIMITER

m = re.findall('\((.*)\)', data)
shamir_secret_2 = m[0]
print '[+] shamir secret 2 = ' + shamir_secret_2
print DELIMITER
client.close()

flag = shamir_secret(shamir_secret_1, shamir_secret_2)
print '[+] flag = 8===D{' + flag + '}'


# python moneymoneymoney.py
('challenges.ka0labs.org', 1337)
--------------------------------

Welcome to the Dr. Utonium computer! As he usually says, passwords are out-of-style nowadays. So I'm going to test if you're my lovely boss through crypto challenges that only him can solve <3

First of all, let's fight fire with fire. BLAKE2B(X) = b8d1e72b927e9dd122fd4e7cb7574c9b768ad677cf9c0b5435d00c31f0be854efff199ab23dd8f8aa2843321345803b0ad7fd0c0cd3d4090038db421632a68cd. Let me know X. Hint: my $X =~ ^[0-9a-f]{6}$
Solution: 
--------------------------------
[+] blake2 hash = b8d1e72b927e9dd122fd4e7cb7574c9b768ad677cf9c0b5435d00c31f0be854efff199ab23dd8f8aa2843321345803b0ad7fd0c0cd3d4090038db421632a68cd
[+] x = 8d40cf
--------------------------------


Auto-attaching to session 2...
irssi | MojoJojo@CP3kc2.F5htj.virtual (Ka0chat)
<+MojoJojo> Hi my little minion! I have info that can be useful for you. I don't know when, but I'm sure you are going to need what I found last month sniffing Utonium's communications: 1-000O4LkoDev88CEhevvRqbVSc/Fbh+BS47N0NL0jUoQneR9/Ah+yoYr3qDxzlHJ3EI0MITTz4kCwmxHdKye02rjZIMmduk=. I don't know what it means...:_S
Detaching...

--------------------------------
[+] shamir secret 1 = 1-000O4LkoDev88CEhevvRqbVSc/Fbh+BS47N0NL0jUoQneR9/Ah+yoYr3qDxzlHJ3EI0MITTz4kCwmxHdKye02rjZIMmduk=
--------------------------------

Hmmm...ok, here is your challenge. Hint: !yenom eht em wohS

49657021204E657874212074313C4C4B793144404C4B2E3133353A4B6161614B580A785D61607B535D4C5964626C20535D4B24564E5B7E564E5F7D564E4F7D574D7B7C575E5B77576D7B22577D7B21587D7B21594D7B7C574E4F77575E537C0A78564E537B564E5F77576E4B77574D7B7D564E4F7B575D7B7C576E4F77575E4B7E564E5B23564E4F7B585D7B7E586D7B20584D7B7C575E6B77575E4B200A78564E6F22564E5B23564E4F7B587D7B7E585D7B7C576E4B77575E4F25564E4F7B584D7B20595D7B7C575E6377575E4B22564E5723564E4F7C594D7B7C0A78576E5F77595E6777595E6F77584E4F77575E4B24564E4F7C586D7B7C575E6B77575E4F21564E5F22564E4F7B587D7B20576D7B22576D7B7E595D7B7C0A78576E5F77577E5777586E4F77575E4B7B564E4F7C586D7B22576D7B7C575E6F77575E4F24564E4F7C595D7B7C574E6777585E5377575E5322564E6F240A5E564E4F7C586D7B7C576E6377575E4F7E564E4F7B585D7B25594B4B4B0A4B0A313A300A

Solution: 
--------------------------------
[+] shamir secret 1 = 1-000O4LkoDev88CEhevvRqbVSc/Fbh+BS47N0NL0jUoQneR9/Ah+yoYr3qDxzlHJ3EI0MITTz4kCwmxHdKye02rjZIMmduk=
[+] challenge = 49657021204E657874212074313C4C4B793144404C4B2E3133353A4B6161614B580A785D61607B535D4C5964626C20535D4B24564E5B7E564E5F7D564E4F7D574D7B7C575E5B77576D7B22577D7B21587D7B21594D7B7C574E4F77575E537C0A78564E537B564E5F77576E4B77574D7B7D564E4F7B575D7B7C576E4F77575E4B7E564E5B23564E4F7B585D7B7E586D7B20584D7B7C575E6B77575E4B200A78564E6F22564E5B23564E4F7B587D7B7E585D7B7C576E4B77575E4F25564E4F7B584D7B20595D7B7C575E6377575E4B22564E5723564E4F7C594D7B7C0A78576E5F77595E6777595E6F77584E4F77575E4B24564E4F7C586D7B7C575E6B77575E4F21564E5F22564E4F7B587D7B20576D7B22576D7B7E595D7B7C0A78576E5F77577E5777586E4F77575E4B7B564E4F7C586D7B22576D7B7C575E6F77575E4F24564E4F7C595D7B7C574E6777585E5377575E5322564E6F240A5E564E4F7C586D7B7C576E6377575E4F7E564E4F7B585D7B25594B4B4B0A4B0A313A300A
--------------------------------
[+] hex_challenge = Iep! Next! t1<LKy1D@LK.135:KaaaKX
x]a`{S]LYdbl S]K$VN[~VN_}VNO}WM{|W^[wWm{"W}{!X}{!YM{|WNOwW^S|
xVNS{VN_wWnKwWM{}VNO{W]{|WnOwW^K~VN[#VNO{X]{~Xm{ XM{|W^kwW^K 
xVNo"VN[#VNO{X}{~X]{|WnKwW^O%VNO{XM{ Y]{|W^cwW^K"VNW#VNO|YM{|
xWn_wY^gwY^owXNOwW^K$VNO|Xm{|W^kwW^O!VN_"VNO{X}{ Wm{"Wm{~Y]{|
xWn_wW~WwXnOwW^K{VNO|Xm{"Wm{|W^owW^O$VNO|Y]{|WNgwX^SwW^S"VNo$
^VNO|Xm{|WncwW^O~VNO{X]{%YKKK
K
1:0

--------------------------------
[+] rot52 =  }:EUT#:MIUTIep! Next! begin 666 -
M265P(2!.97AT(2 X+#0S+#4R+#$R,"PQ,30L,BPV,RPU-RPU."PQ,#$L,3(Q
M+#(P+#4L,C L,"PR+#$P,2PQ,C$L,3 S+#0W+#$P-2PS-BPT-"PQ,3@L,3 T
M+#DV+#0W+#$P-RPS-2PQ,C L,3$Y+#$P-"PT.2PQ,38L,3 V+#,W+#$Q."PQ
M,C4L.3<L.3DL-#$L,3 X+#$Q-BPQ,3@L,3$U+#4V+#$P-RPT,BPV,BPS.2PQ
M,C4L,S,L-C$L,3 P+#$Q-BPV,BPQ,3DL,3$X+#$Q.2PQ,#<L-3(L,3(V+#DX
3+#$Q-BPQ,C8L,3$S+#$P-2PY.   
 
end

--------------------------------
[+] uudecode =  Iep! Next! 8,43,52,120,114,2,63,57,58,101,121,20,5,20,0,2,101,121,103,47,105,36,44,118,104,96,47,107,35,120,119,104,49,116,106,37,118,125,97,99,41,108,116,118,115,56,107,42,62,39,125,33,61,100,116,62,119,118,119,107,52,126,98,116,126,113,105,98
--------------------------------
[+] byte_uud =  "\x08+4xr\x02?9:ey\x14\x05\x14\x00\x02eyg/i$,vh`/k#xwh1tj%v}ac)ltvs8k*>'}!=dt>wvwk4~bt~qib"
--------------------------------
[+] xored =  Iep! Next! FINAL! 5c3eb212c1b631c80d8981e6587a9fdf3ed68d6832f2850500
--------------------------------
[+] bitcoin addr = 5c3eb212c1b631c80d8981e6587a9fdf3ed68d6832f2850500 --> 18KphVHKBw2brgxc2SQtEWWijQYA8LMsFa
--------------------------------
[+] bitcoins = 0.67472019
--------------------------------
YEAH! 8===D{Shamir(2-00124TdmxdOWx6fO3Ju/OPaW1kutWmNKsWrhLxH2W+T7R4QfQ/+NzDebCfTltfTKbgukGlR4yweJn3UW1qw2s5TBCnSQUw=)}

--------------------------------
[+] shamir secret 2 = 2-00124TdmxdOWx6fO3Ju/OPaW1kutWmNKsWrhLxH2W+T7R4QfQ/+NzDebCfTltfTKbgukGlR4yweJn3UW1qw2s5TBCnSQUw=
--------------------------------
[+] flag = 8===D{Enc0ders_D0_N0t_G1v3_R34l_Secur1ty_But_S3cret_Shar1ng_M4ybe_D03s}


Known-plaintext attack

# ipython

In [1]: challenge = '49657021204E657874212074313C4C4B793144404C4B2E3133353A4B6161614B580A785D61607B535D4C5964626C20535D4B24564E5B7E564E5F7D564E4F7D574D7B7C575E5B77576D7B22577D7B21587D7B21594D7B7C574E4F77575E537C0A78564E537B564E5F77576E4B77574D7B7D564E4F7B575D7B7C576E4F77575E4B7E564E5B23564E4F7B585D7B7E586D7B20584D7B7C575E6B77575E4B200A78564E6F22564E5B23564E4F7B587D7B7E585D7B7C576E4B77575E4F25564E4F7B584D7B20595D7B7C575E6377575E4B22564E5723564E4F7C594D7B7C0A78576E5F77595E6777595E6F77584E4F77575E4B24564E4F7C586D7B7C575E6B77575E4F21564E5F22564E4F7B587D7B20576D7B22576D7B7E595D7B7C0A78576E5F77577E5777586E4F77575E4B7B564E4F7C586D7B22576D7B7C575E6F77575E4F24564E4F7C595D7B7C574E6777585E5377575E5322564E6F240A5E564E4F7C586D7B7C576E6377575E4F7E564E4F7B585D7B25594B4B4B0A4B0A313A300A'

In [2]: hex_challenge = challenge.decode('hex')

In [3]: %paste
def rot(text, n):
        I = 32
        F = 126
        a = []

        for i in xrange(I, F + 1):
                a.append(chr(i))

        result = ''
        for i in text:
                oi = ord(i)
                if I <= oi and oi <= F:
                        r = (oi - I + n) % len(a)
                        result += a[r]
                else:
                        result += i
        return result
## -- End pasted text --


In [4]: for i in xrange(126 - 32)
 print rot(hex_challenge, i)
 print i
 print '-' * 20
 raw_input()

...

50
--------------------

|9DTS"9LHTSHdo ~Mdws ~adfhm~555~,
L154O'1 -86@S'1~W*"/R*"3Q*"#Q+!OP+2/K+AOU+QOT,QOT-!OP+"#K+2'P
L*"'O*"3K+B~K+!OQ*"#O+1OP+B#K+2~R*"/V*"#O,1OR,AOS,!OP+2?K+2~S
L*"CU*"/V*"#O,QOR,1OP+B~K+2#X*"#O,!OS-1OP+27K+2~U*"+V*"#P-!OP
L+B3K-2;K-2CK,"#K+2~W*"#P,AOP+2?K+2#T*"3U*"#O,QOS+AOU+AOR-1OP
L+B3K+R+K,B#K+2~O*"#P,AOU+AOP+2CK+2#W*"#P-1OP+";K,2'K+2'U*"CW
2*"#P,AOP+B7K+2#R*"#O,1OX-~~~
~
dmc

51
--------------------

}:EUT#:MIUTIep! Next! begin 666 -
M265P(2!.97AT(2 X+#0S+#4R+#$R,"PQ,30L,BPV,RPU-RPU."PQ,#$L,3(Q
M+#(P+#4L,C L,"PR+#$P,2PQ,C$L,3 S+#0W+#$P-2PS-BPT-"PQ,3@L,3 T
M+#DV+#0W+#$P-RPS-2PQ,C L,3$Y+#$P-"PT.2PQ,38L,3 V+#,W+#$Q."PQ
M,C4L.3<L.3DL-#$L,3 X+#$Q-BPQ,3@L,3$U+#4V+#$P-RPT,BPV,BPS.2PQ
M,C4L,S,L-C$L,3 P+#$Q-BPV,BPQ,3DL,3$X+#$Q.2PQ,#<L-3(L,3(V+#DX
3+#$Q-BPQ,C8L,3$S+#$P-2PY.   
 
end

52
--------------------


# ipython

In [1]: byte_uud =  "\x08+4xr\x02?9:ey\x14\x05\x14\x00\x02eyg/i$,vh`/k#xwh1tj%v}ac)ltvs8k*>'}!=dt>wvwk4~bt~qib"

In [2]: r = byte_uud

In [3]: %paste
def xor(text, key):
 r = ''
 lk = len(key)
 for i in range(len(text)):
  r += chr(ord(text[i]) ^ ord(key[i % lk]))
 return r
## -- End pasted text --

In [4]: find = 'Iep! Next!'

In [5]: %paste
keys = []

for i in xrange(len(r)):
 key = xor(r[i:i+len(find)], find)
 if len(key) == len(find):
  keys.append(key)

for k in keys:
 for i in xrange(len(find)):
  nk = k[i:]+k[:i]
  result = xor(r, nk)
  if find in result:
   print '-----------------------------', nk
   print result
   raw_input()
## -- End pasted text --
----------------------------- ANDYRLZAND
Iep! Next!8ZAMRN?8)k(jh/:,u*m<6&u-8i,</'h"0/!t1kpc<oy=&r-79/u0&-,=3#
---------------------------------------------------------------------------
KeyboardInterrupt

In [6]: find = 'Iep! Ne'

In [7]: %paste
keys = []

for i in xrange(len(r)):
 key = xor(r[i:i+len(find)], find)
 if len(key) == len(find):
  keys.append(key)

for k in keys:
 for i in xrange(len(find)):
  nk = k[i:]+k[:i]
  result = xor(r, nk)
  if find in result:
   print '-----------------------------', nk
   print result
   raw_input()
## -- End pasted text --
----------------------------- ANDYRLZ
Iep! Next! FINAL! 5c3eb212c1b631c80d8981e6587a9fdf3ed68d6832f2850500

No comments: