I played the Greyhats Welcome CTF with one of the best teams. We made it to the finals :> Here are some noteworthy challenges I solved.
1. Pee Dee Eff
I read abit more about the structure of pee dee eff.
Unfortunately, this still doesn’t give us any flag and it still throws out the xref table error so it seems to still be corrupted. Hence I threw it into a pdf file fixer and the image of the flag is given.
2. Art
I took a huge detour for this one. Initially I thought it had to be either of the approach
- volatility
- GIMP
So scrutinising it on GIMP, we initially see random static. However after toggling the settings, we can see some kind of paint. I guess it has to be in terms of powers of 2 and same to ensure the resolution matches. After adjusting and eye power, we got the flag.
3. We are no strangers to love
This was an osint challenge, and we speculated it has to do with the domain of the url because that’s all we were given. Used domain finders like https://sg.godaddy.com/whois/results.aspx? and it gives some information but they don’t seem important. But we can see it’s hosted on digital ocean.
So we did a dns lookup with https://www.digitalocean.com/community/tools/dns?domain=logppm.cc logppm and the flag is there.
4. Puzzles
This is what we learnt in 2107 crypto (x^y^x = y).
So we realise we can combine the cipher text segments. ct[0] ^ct[1]^ct[2]^ct[3]^ct[4] = key. Then we know pt[0] is grey{
def xor(a, b):
return bytes([k ^ p for k, p in zip(a, b)])
pt1 = b"greyhats"
pt2 = xor(pt1, xor(key, ct_parts[0]))
pt3 = xor(pt2, xor(key, ct_parts[1]))
pt4 = xor(pt3, xor(key, ct_parts[2]))
pt5 = xor(pt4, xor(key, ct_parts[3]))
print(pt1, pt2, pt3, pt4, pt5)