GREP CTF 2023 WP
Author: A1andNS
Misc
Approved!
Description: Finally, the clock ticks 3:48 am and I got approved. TIME flies when you are playing CTF. I welcome you all to GREP CTF, enjoy !! Oops, approved of what and where 🤔, I leave that to you, gn…
According to the description of the challenge, We can know the flag is about GREP CTF in CTFTIME. So you can easily find out this CTF in CTFTIME in CTFtime.org / GREP CTF
You can get a hexadecimal encode string, just decode it. You can get the flag.
esoF*ck
DESCRIPTION: I’ve heard about brainf#ck but what the f#ck js this?
They are not a standard jsfuck encoded string, so change “F#ck” to null. Then jsunfuck the encoded string get a text via CoderTab - JSUnFuck - Decode JSFuck Here
Lost Card
DESCRIPTION: Your card got lost while eating at the ANC. You have written it somewhere, but the two digits are unclear.
Firstly, make a mirror of the picture, we can obtain the result follow the picture. Then analyze the structure of the digits, you will find the No.4 digit is lacking the up part. Then, we will find number maybe is 8,3,6,5 by similar. we can easily find The No.5 digit is 1. So have a try, it’s lucky that the number is 8, so we get the flag: GREP{5388110365956729}
Layout
DESCRIPTION: I’ve got this weird keyboard which has all the keys messed up. It’s from someone called the workman.
use the automated cryptogram solver in quipqiup - cryptoquip and cryptogram solver
By observing the word "su;erman’, I can easily know the ; is p
so flag is grepCTF{r4pg0d_em1n3m_3256gd62}
esoF*ck 2
DESCRIPTION: 2 levels of eso should make my message impossible to decipher.
firstly, decode brainfuck then ork decode.https://tool.bugku.com/brainfuck/
grepCTF{3sot3r1c_l4ngu4g3s_4r3_0k!}
Consensual Non Consent
DESCRIPTION: Believe it or not, this is real coding.
Get a file named wp.txt, We can find it’s a G-Code, so run it by a simulator.
Reverse
Simple rev
Download the attachment and open it by IDA Pro. You will find the Flag string directly.
Worst encoding
jadx reverse the .jar file. And read the java code, find its algorithm. so we need to do a prime factoring.
try:
n=int(input("please input integer:"))
list1=[]
if n !=1 and type(n)==int and n>1:
while True:
for i in range(2,n+1):
b=n%i
if b ==0:
list1.append(i)
n=n//i
break
else:
break
print(list1)
dic = {}
for l in list1:
try:
dic[str(l)] += 1
except KeyError:
dic[str(l)] = 1
print(dic)
flag = ''
for i in dic.keys():
flag += chr(dic[i])
print(flag)
elif n==1:
print("1 can not be process")
else: print("please input a right integer")
except ValueError:
print("please input a right integer")
GREP{who_would_encode_like_this?_c1caad3482259933bdf988ade3c073e6}
EXORcist
IDA analyze the outfile.
It’s a easy XOR, so write a decrypt script.
c = "gsgsGQ@|9gn8tRy>c\"Mk$gk"
flag = ''
for i in range(23):
flag += chr(ord(c[i]) ^ i)
print(flag)
Forensics
Monke
DESCRIPTION: I was playing guitar and then this monkey came and broke all my strings 😢
You can use 010 Editor to analyze the picture and find the interesting string in the end of the hexadecimal data.
You can easily decode it by base64 format in Base64 Decode and Encode - Online
Doctored image
DESCRIPTION: Help, my images are all corrupted!!
You can find this picture lacking a file head of jps in 010 editor, so fixed it.
NGGYU
DESCRIPTION: .
Open the audio file by audacity and change to see the spectrogram.
grepCTF{r1ck_4stl3y_g1v1ng_m3_up}
R36
use RX-SSTV to process the .wav file in Mode robot36.
grepCTF{psych3d3l1c_fr0g}
IronMan
The attachment is a picture of IronMan. Nice! Analyze it by zsteg.
zsteg ironman.png -a | grep CTF
Royal Steg
DESCRIPTION: Then Jesus turned, and seeing them following, said to them, 'what do you SEEK?
- JOHN 1:38
do you see the SEEK, so try stegseek.
get a orig.zip and the flag.txt is in it. However, the zip looks encrypted.
use a zip burster to burst the password of the zip file with the rockyou.txt. the password is jesuslove.
get flag : grepCTF{tw0_l3v3ls_0f_st3g}
Cryptography
CaeXOR
DESCRIPTION:I pressed shift key 10 times and lost the flag. Can you find my flag.
#enc.py
from random import *
flag="REDACTED"
a=randint(1,1000)
c=[]
for f in flag:
c.append(str(ord(f)^a))
print(c)
print(a)
#c=['162', '177', '188', '169', '136', '187', '138', '145', '172', '187', '138', '145', '172', '190', '152', '156', '187', '195', '177', '142']
#a=REDACTED
solution script:
f = open('test.txt','w',encoding='utf-8')
c=['162', '177', '188', '169', '136', '187', '138', '145', '172', '187', '138', '145', '172', '190', '152', '156', '187', '195', '177', '142']
for i in range(1,1001):
flag = ''
for j in c:
flag += chr(int(j)^i)
print(flag)
f.write(flag+"\n")
f.close()
I find a string result “QBOZ{Hyb_Hyb_MkoH0B}” is like a flag format, but it is not GREP, so do a caesarcode decryption. Get the flag.
Blind
⠞⠓⠑⠀⠋⠇⠁⠛⠀⠊⠎⠀⠞⠼⠚⠼⠚_⠃⠇⠼⠁⠝⠙_⠞⠼⠚_⠎⠼⠉⠼⠉
exchange it to English in 盲文翻译器:转换器和解码器 - SYMBL (◕‿◕)
This website can’t translate ⠼⠚
⠼⠚ is 0, so flag is grepCTF{t00_bl1nd_t0_s33}
NOT 13
rot13 decrypted the string.
then, analyze it in quipqiup.
CaeX0R 2
DESCRIPTION: Ooops, i forgot the shift this time. Can you still figure out my flag.
#enc.py
from random import *
flag="REDACTED"
a=randint(1,1000)
c=[]
for f in flag:
c.append(str(ord(f)^a))
print(c)
print(a)
#c=['313', '296', '295', '304', '274', '280', '263', '280', '263', '310', '315', '310', '316', '345', '268', '263', '310', '302', '345', '296', '276']
#a=REDACTED
f = open('test.txt','w',encoding='utf-8')
c=['313', '296', '295', '304', '274', '280', '263', '280', '263', '310', '315', '310', '316', '345', '268', '263', '310', '302', '345', '296', '276']
for i in range(1,1001):
flag = ''
for j in c:
flag += chr(int(j)^i)
print(flag)
f.write(flag+"\n")
f.close()
like CaeXOR, just decrypt by a script and caesar decrypt.
DOGE DOGE DOGE
challenge’s code:
from Crypto.Util.number import *
from pwn import xor
flag = b'REDACTED'
key = b'REDACTED'
enc = b''
for i in range(len(flag)):
enc += xor(key[i], flag[i])
print(enc)
# enc = b'#="5\x07\x1b\x01>4#s<u! \x1a3~3-\x1b7w7\x1b&4\x1a":)8'
According to the title, I guess the key is many DOGE.
from Crypto.Util.number import *
from pwn import xor
enc = b'#="5\x07\x1b\x01>4#s<u! \x1a3~3-\x1b7w7\x1b&4\x1a":)8'
key = b'DOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGE'
flag = b''
for i in range(len(enc)):
flag += xor(key[i], enc[i])
print(flag)
# enc = b'#="5\x07\x1b\x01>4#s<u! \x1a3~3-\x1b7w7\x1b&4\x1a":)8'
Bird Seed
#encrypt.py
import random
flag = open('flag.txt').read()
rand_seed = random.randint(0, 999)
random.seed(rand_seed)
encrypted = ''
for chr in flag:
encrypted += f'{(ord(chr) ^ random.randint(0, 255)):02x}'
with open('out.txt', 'w') as f:
f.write(encrypted)
#output
encrypted = a282b415279f5aa08cd4649515268910b8968a1eabda7c1bb2898c
1byte = 2 hex number. so change the encrypted result to one decimal number per two hex number.
import random
Deci_Encrypted = [162, 130, 180, 21, 39, 159, 90, 160, 140, 212, 100, 149, 21, 38, 137, 16, 184, 150, 138, 30, 171, 218, 124, 27, 178, 137, 140]
for rand_seed in range(0, 999):
random.seed(rand_seed)
flag = ''
for char in Deci_Encrypted:
flag += chr(char ^ random.randint(0, 255))
if "grep" in flag:
print(flag)
Uneasy Alliance
DESCRIPTION: You have seen people giving out p, q values and asking you to decrypt the cipher text. This time, you only have the cipher text. Good luck decrypting !
from Crypto.Util.number import *
import math
import time
from random import Random
seed = math.floor(time.time())
rnd = Random(seed)
rand_fn = lambda n: long_to_bytes(rnd.getrandbits(n))
p = getPrime(128, randfunc=rand_fn)
q = getPrime(128, randfunc=rand_fn)
e = 65537
n = p * q
assert p != q
m = bytes_to_long(b"GREP{REDACTED}")
ct = pow(m, e, n)
print("Cipher text:", ct)
# Cipher text: 9898717456951148133749957106576029659879736707349710770560950848503614119828
# Seed: REDACTED
because the seed is the timstamp, so burst way to try.
from Crypto.Util.number import *
import math
import time
from random import Random
for seed in range(0,999999):
rnd = Random(seed)
rand_fn = lambda n: long_to_bytes(rnd.getrandbits(n))
p = getPrime(128, randfunc=rand_fn)
q = getPrime(128, randfunc=rand_fn)
e = 65537
Cipher=9898717456951148133749957106576029659879736707349710770560950848503614119828
n = p * q
phi = (p-1)*(q-1)
d = inverse(e,phi)
plain=str(long_to_bytes(pow(Cipher,d,n)))
if 'GREP' in plain:
print(plain)
b’GREP{Brut3D_M3!_f0r_l1f3}’
OSINT
Sherlock Exhausted
DESCRIPTION: Holmes has reached 221B Baker Street after an exhausting day. A murder has happened, but there is no clue of the name of the murderer. Your task is to help Sherlock figure out the first name of the murderer.
I can know it’s a logo of john GBA lite via google picture search, so the answer is GREP{john}
apogtspi
I think some times, and try to find some result via search engine. However I am fail. So I see the hint, Hint: Always remember the organizers. It’s key. According to the hint, I focus on the organizers.
BITS PILANI & APOGEE 23’
So I try the flag: GREP{apogeebitspilani}, it’s the right flag.
Don’t Deviate
search this photo by google image search. Then find some photo in the internet is similar to the one I obtain.
But it’s always wrong, (28.3560,75.5883)
I don’t know what is the flag, but I think I have closed to it.