Intigriti -1337up CTF — Warmup Encoder writeup

1337 up CTF

1337UP was a 24 hours long CTF was organized by Intigriti . I personally solved a couple of challenges in the web and cryptography category, but I’ll be posting writeups only for cryptography challenges. So let’s start with something easy.

The warmup encoder problem was an easy problem to solve (hence the name “warmup”). The challenge provided a python file (encrypt.py) with the logic of encrypting the flag and the encrypting result of the flag. our job is to decrypt the provided result, so we can see the flag.

encrypt.py

let’s understand each function’s logic and try to reverse its doing.

0rd function:

  1. It’s taking the flag (which is redacted in the given file) and converting each character of the flag to its Unicode code point using the ord() function. e.g. ord(‘a’) = 97
  2. storing each Unicode code point to a list and passing that to x0r function.

x0r function:

  1. It’s iterating the given list, checking if i’th iterating number (which is Unicode code point) is prime and if it’s prime then perform bitwise xor(^) between i’th prime number and 0x1337 , and append to a list. e.g if i’th number is 3 then perform bitwise xor between 3rd prime i.e. 5 and 0x1337
  2. If i’th iterating number isn’t prime, then just perform bitwise xor(^) between i’th number and 0x1337 , and append to the list.
  3. Finally, call b1n the function with the result list.

b1n function:

  1. It’s iterating the given list and converting each value (i.e. decimal number) of the list to a binary number using the bin() function and removing the prefix 0b from it.
  2. then converting that to an integer and appending it to a list.

This final list is what we’re given. Now that we understand what each function does, let’s see what their reverse logic will be to undo their doing.

reverse logic of b1n function:

  1. we need to convert each integer to a string with 0b prefix and then convert it decimal number. And store them in a list.

reverse logic of x0r function:

  1. Take each decimal number and perform bitwise xor(^) operation to it with 0x1337to get original input again. This is one of the xor properties i.e. inverse of xor is xor itself. e.g. if you have a=b^c, you can get bor cback if another value is available. b=a^c or c=a^b .
  2. Now, we’ll check if the result decimal number is any of the first 200 prime numbers (a range of 200 will be enough). If it is, then will put n (of n’th prime number, e.g. if it is 3rd prime number, then 3) to a list. If it isn’t, then will add the result integer to that list.

reverse logic of 0rd function:

  1. Now, we have a list of integers which are Unicode code integers. We will take each integer and convert it to character using chr() function (ord() does opposite of that)and after concatenating all characters, we will have our flag.

The final code looks like this:

decrypt.py

Note that the calling of reverse logic functions in decrypt.py is also reversed of calling original functions in encrypt.py. This is obvious because the process needs to be reversed to decrypt the flag.

flag : 1337UP{x0r_4nD_Bin4aRy_EnC0d3r_4r3_tH3_W34k35t_80790756}

I have been learning cryptography using cryptohack platform. Check that out if you’re also interested in cryptography. Feel free to connect on Twitter. @0verread. You can DM me over there if you have any questions or just want to chat about something interesting.

I will be posting writeups for other crypto challenges as well. Until then, take care.

--

--

InfoSec researcher, and a little bit developer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store