GREP CTF2023 WriteUp

GREP CTF 2023 WP

Author: A1andNS

Misc

Approved!

Description: Finally, the clock ticks 3:48 am and I got approved. TIME flies when you are playing CTF. I welcome you all to GREP CTF, enjoy !! Oops, approved of what and where 🤔, I leave that to you, gn…

According to the description of the challenge, We can know the flag is about GREP CTF in CTFTIME. So you can easily find out this CTF in CTFTIME in CTFtime.org / GREP CTF

You can get a hexadecimal encode string, just decode it. You can get the flag.

esoF*ck

DESCRIPTION: I’ve heard about brainf#ck but what the f#ck js this?

They are not a standard jsfuck encoded string, so change “F#ck” to null. Then jsunfuck the encoded string get a text via CoderTab - JSUnFuck - Decode JSFuck Here

Lost Card

DESCRIPTION: Your card got lost while eating at the ANC. You have written it somewhere, but the two digits are unclear.

Firstly, make a mirror of the picture, we can obtain the result follow the picture. Then analyze the structure of the digits, you will find the No.4 digit is lacking the up part. Then, we will find number maybe is 8,3,6,5 by similar. we can easily find The No.5 digit is 1. So have a try, it’s lucky that the number is 8, so we get the flag: GREP{5388110365956729}

Layout

DESCRIPTION: I’ve got this weird keyboard which has all the keys messed up. It’s from someone called the workman.

use the automated cryptogram solver in quipqiup - cryptoquip and cryptogram solver

By observing the word "su;erman’, I can easily know the ; is p

so flag is grepCTF{r4pg0d_em1n3m_3256gd62}

esoF*ck 2

DESCRIPTION: 2 levels of eso should make my message impossible to decipher.

firstly, decode brainfuck then ork decode.https://tool.bugku.com/brainfuck/

grepCTF{3sot3r1c_l4ngu4g3s_4r3_0k!}

Consensual Non Consent

DESCRIPTION: Believe it or not, this is real coding.

Get a file named wp.txt, We can find it’s a G-Code, so run it by a simulator.

Reverse

Simple rev

Download the attachment and open it by IDA Pro. You will find the Flag string directly.

Worst encoding

jadx reverse the .jar file. And read the java code, find its algorithm. so we need to do a prime factoring.

try:                                   
    n=int(input("please input integer："))
    list1=[]                    
    if n !=1 and type(n)==int and n>1: 

        while True:                  
            for i in range(2,n+1):   
                b=n%i               
                if b ==0:            
                    list1.append(i)  
                    n=n//i           
                    break            
            else:
                break                


        print(list1)
        dic = {}
        for l in list1:
            try:
                dic[str(l)] += 1
            except KeyError:
                dic[str(l)] = 1
        print(dic)   
		flag = ''
        for i in dic.keys():
            flag += chr(dic[i])
        print(flag)
    elif n==1:                           
        print("1 can not be process")
    else: print("please input a right integer")     

except ValueError:
    print("please input a right integer")

GREP{who_would_encode_like_this?_c1caad3482259933bdf988ade3c073e6}

EXORcist

IDA analyze the outfile.

It’s a easy XOR, so write a decrypt script.

c = "gsgsGQ@|9gn8tRy>c\"Mk$gk"
flag = ''
for i in range(23):
    flag += chr(ord(c[i]) ^ i)
print(flag)

Forensics

Monke

DESCRIPTION: I was playing guitar and then this monkey came and broke all my strings 😢

You can use 010 Editor to analyze the picture and find the interesting string in the end of the hexadecimal data.

You can easily decode it by base64 format in Base64 Decode and Encode - Online

Doctored image

DESCRIPTION: Help, my images are all corrupted!!

You can find this picture lacking a file head of jps in 010 editor, so fixed it.

NGGYU

DESCRIPTION: .

Open the audio file by audacity and change to see the spectrogram.

grepCTF{r1ck_4stl3y_g1v1ng_m3_up}

R36

use RX-SSTV to process the .wav file in Mode robot36.

grepCTF{psych3d3l1c_fr0g}

IronMan

The attachment is a picture of IronMan. Nice! Analyze it by zsteg.

zsteg ironman.png -a | grep CTF

Royal Steg

DESCRIPTION: Then Jesus turned, and seeing them following, said to them, 'what do you SEEK?

- JOHN 1:38

do you see the SEEK, so try stegseek.

get a orig.zip and the flag.txt is in it. However, the zip looks encrypted.

use a zip burster to burst the password of the zip file with the rockyou.txt. the password is jesuslove.

get flag : grepCTF{tw0_l3v3ls_0f_st3g}

Cryptography

CaeXOR

DESCRIPTION：I pressed shift key 10 times and lost the flag. Can you find my flag.

#enc.py
from random import *
flag="REDACTED"
a=randint(1,1000)
c=[]
for f in flag:
   c.append(str(ord(f)^a))
print(c)
print(a)

#c=['162', '177', '188', '169', '136', '187', '138', '145', '172', '187', '138', '145', '172', '190', '152', '156', '187', '195', '177', '142']
#a=REDACTED

solution script:

f = open('test.txt','w',encoding='utf-8')
c=['162', '177', '188', '169', '136', '187', '138', '145', '172', '187', '138', '145', '172', '190', '152', '156', '187', '195', '177', '142']
for i in range(1,1001):
   flag = ''
   for j in c:
      flag += chr(int(j)^i)
   print(flag)
   f.write(flag+"\n")
f.close()

I find a string result “QBOZ{Hyb_Hyb_MkoH0B}” is like a flag format, but it is not GREP, so do a caesarcode decryption. Get the flag.

Blind

⠞⠓⠑⠀⠋⠇⠁⠛⠀⠊⠎⠀⠞⠼⠚⠼⠚_⠃⠇⠼⠁⠝⠙_⠞⠼⠚_⠎⠼⠉⠼⠉

exchange it to English in 盲文翻译器：转换器和解码器 - SYMBL (◕‿◕)

This website can’t translate ⠼⠚

⠼⠚ is 0, so flag is grepCTF{t00_bl1nd_t0_s33}

NOT 13

rot13 decrypted the string.

then, analyze it in quipqiup.

CaeX0R 2

DESCRIPTION: Ooops, i forgot the shift this time. Can you still figure out my flag.

#enc.py
from random import *
flag="REDACTED"
a=randint(1,1000)
c=[]
for f in flag:
   c.append(str(ord(f)^a))
print(c)
print(a)

#c=['313', '296', '295', '304', '274', '280', '263', '280', '263', '310', '315', '310', '316', '345', '268', '263', '310', '302', '345', '296', '276']
#a=REDACTED

f = open('test.txt','w',encoding='utf-8')
c=['313', '296', '295', '304', '274', '280', '263', '280', '263', '310', '315', '310', '316', '345', '268', '263', '310', '302', '345', '296', '276']
for i in range(1,1001):
   flag = ''
   for j in c:
      flag += chr(int(j)^i)
   print(flag)
   f.write(flag+"\n")
f.close()

like CaeXOR, just decrypt by a script and caesar decrypt.

DOGE DOGE DOGE

challenge’s code:

from Crypto.Util.number import *
from pwn import xor
flag = b'REDACTED'
key = b'REDACTED'
enc = b''
for i in range(len(flag)):
    enc += xor(key[i], flag[i])
print(enc)
# enc = b'#="5\x07\x1b\x01>4#s<u! \x1a3~3-\x1b7w7\x1b&4\x1a":)8'

According to the title, I guess the key is many DOGE.

from Crypto.Util.number import *
from pwn import xor
enc = b'#="5\x07\x1b\x01>4#s<u! \x1a3~3-\x1b7w7\x1b&4\x1a":)8'
key = b'DOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGEDOGE'
flag = b''
for i in range(len(enc)):
    flag += xor(key[i], enc[i])
print(flag)
# enc = b'#="5\x07\x1b\x01>4#s<u! \x1a3~3-\x1b7w7\x1b&4\x1a":)8'

Bird Seed

#encrypt.py
import random
flag = open('flag.txt').read()

rand_seed = random.randint(0, 999)
random.seed(rand_seed)
encrypted = ''

for chr in flag:
    encrypted += f'{(ord(chr) ^ random.randint(0, 255)):02x}'

with open('out.txt', 'w') as f:
    f.write(encrypted)
    
#output
encrypted = a282b415279f5aa08cd4649515268910b8968a1eabda7c1bb2898c

1byte = 2 hex number. so change the encrypted result to one decimal number per two hex number.

import random

Deci_Encrypted = [162, 130, 180, 21, 39, 159, 90, 160, 140, 212, 100, 149, 21, 38, 137, 16, 184, 150, 138, 30, 171, 218, 124, 27, 178, 137, 140]

for rand_seed in range(0, 999): 
    random.seed(rand_seed)
    flag = ''
    for char in Deci_Encrypted:
        flag += chr(char ^ random.randint(0, 255))
    if "grep" in flag:
        print(flag)

Uneasy Alliance

DESCRIPTION: You have seen people giving out p, q values and asking you to decrypt the cipher text. This time, you only have the cipher text. Good luck decrypting !

from Crypto.Util.number import *
import math
import time
from random import Random

seed = math.floor(time.time())
rnd = Random(seed)

rand_fn = lambda n: long_to_bytes(rnd.getrandbits(n))
p = getPrime(128, randfunc=rand_fn)
q = getPrime(128, randfunc=rand_fn)
e = 65537
n = p * q

assert p != q

m = bytes_to_long(b"GREP{REDACTED}")
ct = pow(m, e, n)
print("Cipher text:", ct)
# Cipher text: 9898717456951148133749957106576029659879736707349710770560950848503614119828
# Seed: REDACTED

because the seed is the timstamp, so burst way to try.

from Crypto.Util.number import *
import math
import time
from random import Random

for seed in range(0,999999):
    rnd = Random(seed)

    rand_fn = lambda n: long_to_bytes(rnd.getrandbits(n))
    p = getPrime(128, randfunc=rand_fn)
    q = getPrime(128, randfunc=rand_fn)
    e = 65537
    Cipher=9898717456951148133749957106576029659879736707349710770560950848503614119828
    n = p * q
    phi = (p-1)*(q-1)
    d = inverse(e,phi)
    plain=str(long_to_bytes(pow(Cipher,d,n)))
    if 'GREP' in plain:
        print(plain)

b’GREP{Brut3D_M3!_f0r_l1f3}’

OSINT

Sherlock Exhausted

DESCRIPTION: Holmes has reached 221B Baker Street after an exhausting day. A murder has happened, but there is no clue of the name of the murderer. Your task is to help Sherlock figure out the first name of the murderer.

I can know it’s a logo of john GBA lite via google picture search, so the answer is GREP{john}

apogtspi

I think some times, and try to find some result via search engine. However I am fail. So I see the hint, Hint: Always remember the organizers. It’s key. According to the hint, I focus on the organizers.

BITS PILANI & APOGEE 23’

So I try the flag: GREP{apogeebitspilani}, it’s the right flag.

Don’t Deviate

search this photo by google image search. Then find some photo in the internet is similar to the one I obtain.

But it’s always wrong, (28.3560,75.5883)

I don’t know what is the flag, but I think I have closed to it.