Skip to content

Instantly share code, notes, and snippets.

@TrebledJ

TrebledJ/rev.cpp

Last active November 16, 2023 10:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save TrebledJ/43792e01ceed0c94f35717c453d2e4da to your computer and use it in GitHub Desktop.
Save TrebledJ/43792e01ceed0c94f35717c453d2e4da to your computer and use it in GitHub Desktop.
Download ZIP
HKCERT CTF 2023 – Decompetition: Vitamin C++ reversed source code and solve scripts. Writeup: https://trebledj.me/posts/hkcert-2023-decompetition-vitamin-cpp.
Raw
rev.cpp
//
// 100% Similarity Reversed Source Code for [HKCERT CTF 2023 – Decompetition: Vitamin C++].
// by @TrebledJ
//
#include <iostream>
#include <string>
#include <unordered_map>
using namespace std;
char wordhash(string s)
{
char hash = 0;
for (int i = 0; i < s.size(); i++)
hash ^= s[i];
return hash;
}
struct TrieNode
{
std::unordered_map<char, TrieNode*> next_node;
bool is_end;
bool should_mix;
TrieNode() : is_end{false}, should_mix{false} {}
void insert(string s)
{
TrieNode* curr = this;
bool to_mix = this->should_mix;
for (int i = 0; i < s.size(); i++)
{
char ch = s[i];
TrieNode* tmp = curr->next_node[ch];
if (!tmp)
{
tmp = new TrieNode();
curr->next_node[s[i]] = tmp;
}
curr = tmp;
}
curr->is_end = true;
if (to_mix)
{
char hash = wordhash(s);
this->mix(hash);
}
}
bool search(string s)
{
TrieNode* curr = this;
for (int i = 0; i < s.size(); i++)
{
char c = s[i];
TrieNode* tmp = curr->next_node[c];
if (!tmp)
return false;
curr = tmp;
}
return true;
}
void mix(char cmix)
{
unordered_map<char, TrieNode*> new_map;
for (const auto& [ch, node] : this->next_node)
{
new_map[ch ^ cmix] = node;
}
this->next_node = new_map;
for (const auto& [ch, node] : this->next_node)
{
node->mix(cmix);
}
}
};
int main()
{
int opt;
string str;
TrieNode* node = new TrieNode();
node->insert("\x72\x50\x54\x52\x73\x66\x51\x5a\x79\x72\x75\x4b\x7f\x4e\x4d\x55\x47\x7e\x68\x7e\x72\x51\x42\x71");
node->insert("\x51\x7f\x52\x53\x53\x4f\x4d\x6e\x4a\x6b\x72\x49\x7c\x72\x6b\x76\x6c\x58\x6a\x6e\x5f\x42\x76\x6a");
node->insert("\x67\x4f\x52\x7f\x56\x67\x6b\x60\x65\x65\x4d\x7f\x6b\x44\x52\x7c\x4f\x4d\x5f\x79\x51\x59\x44\x55");
node->insert("\x6d\x47\x6e\x68\x7f\x57\x69\x42\x66\x4d\x71\x5a\x69\x68\x55\x50\x6e\x44\x4b\x45\x45\x5e\x6d\x3d");
node->insert("\x6d\x71\x73\x4b\x6f\x4c\x53\x47\x74\x7a\x45\x3d\x73\x60\x64\x71\x5b\x65\x72\x49\x76\x53\x45\x75");
node->insert("\x6f\x58\x52\x53\x6a\x68\x71\x7f\x56\x71\x52\x77\x6e\x6a\x53\x79\x4d\x4e\x67\x54\x5a\x4a\x47\x58");
node->insert("\x4f\x7a\x53\x4e\x45\x4e\x6a\x4e\x7e\x64\x6a\x42\x6d\x70\x45\x66\x5b\x3d\x48\x50\x64\x76\x71\x6a");
node->insert("\x4b\x6c\x6f\x60\x65\x4f\x42\x59\x7a\x73\x71\x65\x5f\x54\x5e\x79\x5b\x65\x7a\x72\x56\x55\\\x69");
node->insert("\x4f\\\x5e\x65\\\x7c\x4c\x71\x52\x51\x56\x74\x4f\x74\x76\x48\x55\x6b\x7a\x68\x5e\x58\x65\x4f");
node->insert("\x65\x67\x55\x71\x77\x71\x4f\x5a\x50\x7e\x66\x51\x7b\x54\x65\x53\x4c\x5a\x7e\x56\x44\x47\x68\x7f");
node->insert("\x78\x55\x60\x6d\x6f\x67\x5e\x4f\x48\x74\x55\x7a\x7e\x50\x47\x7e\x47\x59\x48\x4c\x5b\x6b\x79\x45");
node->insert("\x56\x6c\x5f\x54\x73\x75\x6e\x7e\x47\x71\x42\x55\x54\x76\x5a\x75\x6b\x47\x4b\x4b\x49\x66\x58\x70");
node->insert("\x52\x4e\x7e\x7c\x50\x67\x4b\x4d\x44\x68\x69\x76\x66\x5b\x69\x6f\x5e\x56\x66\x54\x4e\x6f\x49\x48");
node->insert("\x56\x7f\x75\x56\x56\x47\x3d\x59\x6f\x52\x70\x45\x60\x73\x51\x53\x73\x66\x78\x75\x53\x5b\x52\x6d");
node->insert("\x5f\x69\x64\x7e\x71\x56\x69\x74\x4e\x47\x78\x70\x52\x42\x48\x42\x42\x6b\x73\x66\x53\x75\x54\x7a");
node->insert("\x64\x51\x56\x56\x47\x3d\x7e\x5e\x64\x7c\x44\x65\x6e\x51\x4a\x69\x54\x6b\x4d\x52\x5f\x50\x79\x5b");
node->insert("\x6c\x6c\x64\x4a\x75\x49\x6a\x4c\x59\x4c\x7b\x69\x4f\x69\x6b\x6a\x6a\x7c\x6d\x7c\x6b\x76\x52\x4c");
node->insert("\x64\x45\x54\x72\x76\x59\x6d\x45\x7e\x78\x47\x44\x72\x4e\x6b\x4e\x7b\x50\x79\x7c\x6d\x54\x56\x75");
node->insert("\x4e\x65\x7a\x66\x49\x5b\\\x73\x49\x45\x6b\x75\x51\x6d\x7b\\\x57\x51\x3d\x6e\x5b\x56\x7c\x4f");
node->insert("\x4b\\\x66\x76\x3d\x6e\x42\x49\x53\x4b\x6b\x6f\x54\x66\x6c\x4f\x6b\x74\x6a\x7e\x7f\x67\x78\x45");
node->insert("\x6b\x74\x6e\x6b\x49\x48\x7b\x70\x42\x6b\x6f\x65\x5b\x7a\x65\x72\x76\x68\x3d\x4c\x75\x5f\x52\x6b");
node->insert("\x4b\x7f\x6f\x4b\x67\x4d\x57\x7f\x50\x58\x69\x75\x45\x5e\x67\x52\x5e\x48\x7f\x7e\x53\x78\x55\x52");
node->insert("\x74\x6c\x73\x6c\x70\x52\x75\x78\x4c\x66\x7c\x42\x6e\x78\x66\x7e\x6e\\\x47\x72\x7b\x59\x5e\x6b");
node->insert("\x55\x75\x70\x42\x67\x49\x5e\x5b\x4f\x65\x6e\x6a\x75\x53\x6b\x6f\x4c\x7a\x5a\x4c\x73\x6b\x69\x50");
node->insert("\x4c\x53\x73\x4b\x7e\x47\x42\x4c\x70\x6e\x6e\x73\x4d\x54\x65\x4d\x74\x6d\x66\x7a\x7b\x74\x7c\x59");
node->insert("\x56\x7e\x6a\x7c\x72\x6d\x55\x65\x6a\x73\x56\x64\x58\x59\x54\x54\x66\x6f\x78\x57\x4e\x6c\x52\x44");
node->insert("\x4e\x5a\x5b\x44\x53\x73\x53\x70\x49\x54\x64\x69\x57\x6d\x67\x76\x4a\x44\x49\x66\x6e\x6a\x4f\x69");
node->insert("\x6f\x47\x6a\x4f\x57\x55\x6e\x48\x58\x68\x4a\x47\x60\x58\x42\x5a\x56\x5e\x5a\x7a\x6d\x7e\x44\x78");
node->insert("\x4d\x48\x4b\x4b\x65\x7e\x64\\\x7e\x78\x4a\x55\x69\x6b\x7e\x65\x4c\x4f\x4f\x71\x5f\x45\x51\x59");
node->insert("\x58\x48\x56\x4b\x58\x76\x7f\x57\x77\x54\x4e\x44\x6b\x6a\x4a\x45\x4a\x6c\x64\x4d\x55\x64\x6f\x44");
node->insert("\x66\x71\x6d\x50\x51\x7f\x78\x6d\x64\x57\x6c\x78\x53\x74\x44\x4a\x55\x79\x64\x45\x78\x6b\x45\x78");
node->insert("\x5f\x58\x6c\x5a\x51\x52\x53\\\x6a\x50\x77\x4d\x74\x49\x72\x52\x7b\x73\x4b\x58\x44\x48\\\x7b");
node->insert("\x74\x73\x69\x78\x6f\x73\x7c\x71\x66\x69\x6f\x2c\x78\x42\x78\x73\x7e\x6f\x64\x6d\x69\x2d\x6f\x60");
node->insert("\x45\x77\x7b\x74\x3d\\\x79\x5f\\\x53\x7a\x5e\x70\x6b\x4c\x73\x47\x64\x5b\x70\x73\x6d\x75\x70");
node->insert("\x76\x3d\x47\\\x6e\x44\x5b\x4f\x5a\x5a\x4e\x76\x5f\x7a\x7f\x49\x4d\x71\x4d\x44\x4b\x55\x5e\x6d");
node->insert("\x73\x7e\x7b\x78\x60\x58\x7c\x49\x6b\x77\x70\x4d\x45\x76\x64\x52\x6b\x78\x70\x5b\x53\x4c\x75\x56");
node->insert("\x59\x50\x3d\x70\x5a\x68\x4e\x6f\x71\x75\x6a\x69\x76\x56\\\x50\x5f\x45\x50\x7a\x50\x47\x48\x65");
node->insert("\x47\x6d\x45\x76\x4c\x4b\x74\x66\x49\x5a\\\x54\x54\x44\x45\x6b\x76\x44\x76\x6c\x7b\x72\x64\x73");
node->insert("\x73\x4a\x7e\x7e\x51\x6a\x55\x5a\x66\x7e\x7c\x6d\x50\x49\x54\x54\x73\x45\x73\x67\x77\x52\x67\x6d");
node->insert("\\\x5f\x66\x4c\x49\x66\x4d\x71\x44\x3d\x77\x56\x7b\x60\x5b\x5a\x58\x65\x74\x4d\x49\x48\x72\x5a");
node->insert("\x57\x6f\x7f\x75\x57\x54\x69\x47\x76\x5b\x4a\x4d\x4e\x6b\x5f\x47\x74\x6a\x4d\x5b\x4d\x45\x7f\x6a");
node->insert("\x58\x4c\x7b\x65\x55\x65\x67\x78\x5a\x64\x5f\x76\x66\x4b\x6c\x50\x71\x78\x73\x65\x5a\x4a\x56\x42");
node->insert("\x6d\x51\x4c\x74\x7c\x44\x5e\x75\x6d\x49\x52\x57\x6e\x67\x4b\x5b\x64\x53\x56\x7c\x53\x54\x58\x67");
node->insert("\x7b\x67\x56\x72\x6e\x4f\x48\x67\x4a\x56\x55\x5e\x72\x65\x4d\x77\x4f\x45\x59\x69\x4f\x66\x65\x64");
node->insert("\x73\x64\x70\x56\x47\x75\x6a\x50\x73\x6b\x50\x72\x75\x49\x7c\x4f\x48\x55\x6c\x51\x66\x6d\x5f\x5f");
node->insert("\x3d\x73\x52\x4f\x64\x77\x4f\x71\x3d\x6e\x48\x72\x54\x68\x4e\x60\x44\x7c\x5f\x51\x76\x42\x54\x44");
node->insert("\x73\x5e\x4f\x4a\x67\x4d\x56\x51\x69\x55\x56\x7e\x7f\x4c\x65\x65\x59\x78\x71\x7e\x4b\x78\x5a\x78");
node->insert("\x5f\x64\x5f\x48\x44\x42\x7a\x50\x53\x42\x71\x7b\x3d\x72\x4d\x57\x57\x5b\x6e\x7f\x53\x54\x5a\x68");
node->insert("\x6c\x4e\x6c\\\x6b\x6d\x59\x7b\\\x75\x54\x45\x7b\x54\x70\x7e\x4d\x53\x76\x7a\x4d\x5b\x56\x72");
node->insert("\x54\x5b\x5f\x7b\x7a\x44\x76\x4e\x6c\x6f\x56\x79\x70\x5a\x75\x52\x6f\x4a\x42\x4d\x75\x4b\x71\x7b");
node->insert("\x72\x75\x48\x66\x6f\x68\x7a\x69\x76\x78\x7b\x77\x79\x42\x66\x7e\x59\x52\x53\x4a\x4c\x47\x52\x56");
node->insert("\x6b\x6d\x65\x78\x79\x74\x73\x77\x4b\x4c\x49\x6d\x71\x6f\x76\x56\x6d\x4c\x72\x4b\x78\x7f\x6f\x7f");
node->insert("\x57\x70\x60\x4c\x4a\x75\x77\x49\x57\x59\x5a\x78\x6b\x58\x4b\x60\x6f\x44\x5b\x67\x71\x68\x60\x7c");
node->insert("\x70\x77\x5b\x4b\x77\x7a\x6d\x64\x73\x50\x75\x51\x50\x4b\x4a\x70\x6f\x65\x51\x7c\x64\x45\x64\x4b");
node->insert("\x3d\x55\x67\x7a\x47\x64\x59\x5e\x47\x7c\x54\x4d\x59\x7c\x65\x6a\x4b\x6e\x42\x67\x47\x4e\x3d\x47");
node->insert("\x70\x64\x65\x59\x57\x7f\x6d\x6f\x73\x60\x59\x70\x70\x51\x5a\x47\x67\x57\x4f\x73\x76\x65\x54\x58");
node->insert("\x54\x70\x49\x6c\x74\x57\x6a\x5f\x64\x58\x58\x64\x79\x76\x73\x5f\x7a\x44\x76\x7b\x55\x7a\x48\x73");
node->insert("\x53\x50\x74\x6b\x6d\x50\x77\x6d\x42\x7f\x42\x5f\x7a\x67\x69\x5f\x73\x7b\x4f\x6f\x52\x54\x6b\x74");
node->insert("\x6c\x42\x7b\x5f\x3d\x5a\x4f\x48\x4b\x57\x5e\x54\x77\x74\x7f\x56\x47\x49\x47\x6d\x7f\x73\x76\x7a");
node->insert("\x42\x70\x48\x7b\x58\x52\x6e\x52\x7e\x67\\\x68\x49\x6b\x50\x67\x70\x51\x5a\x57\x5b\x7c\x6c\x6a");
node->insert("\x45\x79\x55\x50\x77\x50\x7a\x76\x74\x56\x5e\x76\x57\x69\x65\x5b\x58\x72\x57\x71\x74\x57\x5f\x5b");
node->insert("\x67\x75\x68\x4f\x73\x66\\\x77\x3d\x6a\x69\x58\x77\x6c\x57\x7c\x59\x66\x76\x78\\\x76\x6e\x71");
node->insert("\x6e\x68\x53\x4e\x4f\x52\x50\x6f\x78\x5e\x44\x44\x53\x4c\x5e\x79\x56\x65\x7b\x5f\x58\x67\x4e\x50");
node->insert("\x73\x78\x48\x6f\x7b\x77\x56\x65\x45\x65\x53\x51\x7b\x3d\x65\x6f\x74\x47\x4f\x73\x53\x4f\x6b\x6e");
node->insert("\x72\x73\x64\x7c\x4e\x53\x6b\\\x69\x72\x55\x72\x71\x68\x65\x7b\x5f\x73\x60\x45\x48\x49\x6d\x78");
node->insert("\x72\x76\x67\x5e\x64\x58\x52\x53\x57\x45\x65\x4f\x48\x65\x68\x4e\x6e\x77\x3d\x7f\x71\x57\x60\x71");
node->insert("\x71\x72\x70\x55\x5e\x5f\x50\x76\x77\x5a\x5f\x68\x7b\x4c\x7e\x4f\x44\x60\x71\x68\x7a\x69\x57\x4e");
node->insert("\x47\x7c\x59\x4f\x5a\x51\x58\x7f\x64\x70\x47\x44\x5b\x4e\x4d\x49\x44\x64\x77\x4b\x74\x6e\x59\x50");
node->insert("\x7b\x50\x7b\x59\x6a\x55\x4e\x75\x77\x68\x58\x5a\x69\x64\x64\x5a\x76\x59\x52\x64\x5f\x48\x4e\x6c");
node->insert("\x5e\x79\x7e\x74\x50\x59\x51\x51\x7f\x57\x4b\x64\x42\x53\x57\x52\x59\x70\x4f\x5a\x67\x79\x6b\x6d");
node->insert("\x65\x6a\x70\x57\x4e\x5b\x70\\\x67\x73\x44\x6a\x72\x58\x54\x74\x70\x57\x4e\x45\x52\x58\x55\x71");
node->insert("\x5b\x51\x76\x7f\x75\x72\x69\x7e\x52\x6b\x44\x5a\x7c\x4e\x74\x3d\x72\x4b\x51\x5a\x54\x48\x56\x73");
node->insert("\x69\x74\x7c\x71\x57\x77\x4c\x48\x5b\x78\x74\x5e\x4f\x45\x57\x53\x78\x7c\x6d\x52\x7b\x4a\x58\x79");
node->insert("\x7a\x7e\x6d\x50\x72\x4d\x6f\x5b\x4e\x52\x49\x54\x4e\x50\x70\x54\x4c\x60\x5e\x58\x48\x77\x78\x70");
node->insert("\x45\x5b\x57\x76\x75\x45\x5b\x42\x54\x4d\x4a\x73\x65\x7c\x6b\x42\x47\x71\x48\x7a\x4e\x5f\x79\x65");
node->insert("\x52\x4b\x56\x6b\x5e\x51\\\x7c\x57\x7e\x5a\x58\x6c\x68\x54\x7a\x56\x57\x50\x78\x73\x50\x48\x4a");
node->insert("\x5e\x42\x76\x5a\x7c\x47\x79\x79\x55\x4f\x74\x72\x68\x58\x79\x7f\x7f\x4d\x73\x76\x5b\x55\x56\x64");
node->insert("\x7c\x4d\x78\x5a\x77\x75\x65\x71\x79\x60\x73\x75\x66\x58\x50\x51\x5f\x6a\x66\x78\x66\x47\x51\x78");
node->insert("\x6c\x70\x52\x45\x50\x7a\x5a\x4c\x3d\x6f\x60\x59\x7b\x53\x5f\x5b\x68\x4b\x45\x51\x4b\x51\x42\x48");
node->insert("\x55\x54\x5a\x7e\x72\x54\x45\x68\x59\x7a\x44\x78\x55\x6d\x5e\x55\x60\x57\x7b\x5a\x60\x5b\x6f\x6b");
node->insert("\x5b\x5a\x68\x4c\x6c\x66\x79\x77\x4f\x64\x55\x44\x6e\x4c\x42\x7b\x4c\x6c\x50\x4e\x64\x5e\x6e\x4c");
node->insert("\x60\x48\x72\x4b\x69\x6e\x75\x49\x57\x70\x76\x75\x56\x5a\x79\x3d\x72\x6b\x4d\x4c\x6e\x52\x3d\x7c");
node->insert("\x71\x75\x68\x58\x4f\x49\x4c\x4b\x71\x79\x58\x4c\x66\x58\x50\x65\x47\x64\x65\x4f\x66\x71\x7e\x42");
node->insert("\x48\x6b\x7f\x64\x7a\x6c\x7f\x5e\x4d\x6a\x53\x5e\x5b\x75\x71\x68\x67\x6f\x79\x5a\x69\x70\x69\x67");
node->insert("\x5b\x70\x79\x6d\x4e\x59\x42\x4e\x4d\x64\x7f\x3d\x56\x54\x6b\x48\x4b\x7a\x3d\x3d\x6c\x70\x5a\x58");
node->insert("\x53\x4d\x48\x5f\x4e\x71\x6c\x68\x77\x6f\x6a\x67\x52\x69\x60\x66\x57\x7a\x78\x57\x5e\x42\x7c\x51");
node->insert("\x6e\x52\x4a\x48\x57\x73\x48\x79\x69\x74\x69\x6e\x77\x6e\x59\x7b\x65\x5a\x55\x55\x45\x49\x49\x52");
node->insert("\x71\x73\x5b\x70\\\x4f\x71\x50\x79\x45\x5b\x6d\x6e\x6c\x52\x6d\\\x73\x5a\x4a\x73\x4f\x72\x47");
node->insert("\x65\x6b\x70\x55\x7f\x4a\x7f\x7a\x59\x74\x6e\x55\x67\x53\x6e\x44\x7a\x64\x54\x6c\x5e\x67\x5e\x5f");
node->insert("\x73\x72\x50\x5b\x48\x69\x55\x77\x73\x5a\x6d\x4d\x6c\x5f\x64\x6e\x7f\x56\x60\x49\x5b\x52\x4d\x7e");
node->insert("\x4f\x79\x7b\x74\x4d\x51\x6e\x4a\x55\x7f\x47\x64\x4f\x51\x69\x59\x7a\x5a\x49\x68\x51\x50\x7f\x5e");
node->insert("\x50\x44\x69\x52\x66\x6d\x78\x55\\\x67\x49\x5a\x49\x69\x53\x68\x75\x6e\x56\x6b\x64\x6c\x53\x49");
node->insert("\x5a\x70\x7f\x66\x75\x7b\x6c\\\x67\x65\x49\x44\x70\x5a\x5e\x56\x49\x52\x54\x53\x7e\x54\x55\x5f");
node->insert("\x7b\x7f\x74\x58\x51\x79\x48\x70\x6f\x49\x7f\x5a\x5a\x45\x59\x79\x66\x7b\x4b\x7a\x49\x57\x6c\x59");
node->insert("\x65\x6b\x4b\x4d\x56\x49\x5e\x71\x7e\\\x4b\x52\x4d\x4b\x53\x7a\x56\x51\x78\x4d\x3d\x4b\x49\x57");
node->insert("\x5b\x4d\x76\x6f\x44\x5b\x7a\x45\x6d\x6f\x51\x55\x79\x56\x55\x4d\x66\x60\x7e\x4a\x6d\x52\x7b\x4d");
node->insert("\x4f\x72\x68\x3d\x4d\x53\x7b\x54\x44\x7e\x50\x7f\x50\x52\x45\\\x55\x42\x6c\x7a\x57\x73\x77\x4c");
node->insert("\x76\x78\x58\x5b\x5b\x60\x64\x47\x65\x6f\x6b\x47\x71\x52\x73\x4f\x68\x51\x48\x4e\x70\x6b\x44\x42");
node->insert("\x5a\x73\x7e\x6b\x4c\x53\x53\x4f\x7a\x70\x45\x6d\x6c\x73\x44\x56\x75\x78\x6b\x52\x60\x57\x7f\x52");
node->insert("\x78\x50\x4b\x4c\x48\x72\x6e\x60\x53\x4e\x74\x7b\x6e\x7b\x73\x4d\x7f\x57\x69\x4d\x74\x70\x7e\x7b");
node->insert("\x5a\x4d\x5a\x59\x72\x58\x78\x45\x55\x4d\x51\x60\x45\\\x5e\x47\x72\x4a\x57\x4b\x73\x79\x52\x50");
node->should_mix = true;
cout << "Enter [1] for insert string" << endl;
cout << "Enter [2] for search string" << endl;
while (true)
{
cout << "Option: ";
cin >> opt;
switch (opt)
{
case 1:
cout << "Input string to insert: " << endl;
cin >> str;
node->insert(str);
break;
case 2:
{
cout << "Input string to search: " << endl;
cin >> str;
bool res = node->search(str);
if (res)
cout << "String " << str << " exists." << endl;
else
cout << "String " << str << " does not exists." << endl;
break;
}
default:
cout << "Bye" << endl;
return 0;
}
}
}
Raw
send.py
#
# Driver program to test rev.cpp.
# by @TrebledJ
#
from pwn import *
with open('rev.cpp') as f:
xs = f.read()
# Remove comments.
code = '\n'.join(filter(lambda s: not s.startswith('#'), xs.splitlines()))
r = remote('chal.hkcert23.pwnable.hk', 28157)
r.sendline(code)
r.sendline(b'EOF')
def report(diff):
diff = diff.decode()
lines = diff.splitlines()
# Count number of extra/missing lines.
num_shouldnt_be_there = len([l for l in lines if l.startswith('-')])
num_missing = len([l for l in lines if l.startswith('+')])
print(diff)
print(f"{num_shouldnt_be_there} extra lines")
print(f"{num_missing} missing lines")
try:
# Success.
out = r.recvuntil(b'inside the binary file?')
report(out)
r.sendline(b'internal{tr1e_encrypt0r}')
print(r.recvall())
except:
# Fail. Similarity < 97.5%.
out = r.recvuntil('You only get ')
report(out)
score = r.recvuntil(' ')
print()
print('Score:', score.decode().strip(', '))
Raw
solve.py
#
# Brute-force script to crack the internal flag.
# by @TrebledJ
#
strings = [
b"\x72\x50\x54\x52\x73\x66\x51\x5a\x79\x72\x75\x4b\x7f\x4e\x4d\x55\x47\x7e\x68\x7e\x72\x51\x42\x71",
b"\x51\x7f\x52\x53\x53\x4f\x4d\x6e\x4a\x6b\x72\x49\x7c\x72\x6b\x76\x6c\x58\x6a\x6e\x5f\x42\x76\x6a",
b"\x67\x4f\x52\x7f\x56\x67\x6b\x60\x65\x65\x4d\x7f\x6b\x44\x52\x7c\x4f\x4d\x5f\x79\x51\x59\x44\x55",
b"\x6d\x47\x6e\x68\x7f\x57\x69\x42\x66\x4d\x71\x5a\x69\x68\x55\x50\x6e\x44\x4b\x45\x45\x5e\x6d\x3d",
b"\x6d\x71\x73\x4b\x6f\x4c\x53\x47\x74\x7a\x45\x3d\x73\x60\x64\x71\x5b\x65\x72\x49\x76\x53\x45\x75",
b"\x6f\x58\x52\x53\x6a\x68\x71\x7f\x56\x71\x52\x77\x6e\x6a\x53\x79\x4d\x4e\x67\x54\x5a\x4a\x47\x58",
b"\x4f\x7a\x53\x4e\x45\x4e\x6a\x4e\x7e\x64\x6a\x42\x6d\x70\x45\x66\x5b\x3d\x48\x50\x64\x76\x71\x6a",
b"\x4b\x6c\x6f\x60\x65\x4f\x42\x59\x7a\x73\x71\x65\x5f\x54\x5e\x79\x5b\x65\x7a\x72\x56\x55\x5c\x69",
b"\x4f\x5c\x5e\x65\x5c\x7c\x4c\x71\x52\x51\x56\x74\x4f\x74\x76\x48\x55\x6b\x7a\x68\x5e\x58\x65\x4f",
b"\x65\x67\x55\x71\x77\x71\x4f\x5a\x50\x7e\x66\x51\x7b\x54\x65\x53\x4c\x5a\x7e\x56\x44\x47\x68\x7f",
b"\x78\x55\x60\x6d\x6f\x67\x5e\x4f\x48\x74\x55\x7a\x7e\x50\x47\x7e\x47\x59\x48\x4c\x5b\x6b\x79\x45",
b"\x56\x6c\x5f\x54\x73\x75\x6e\x7e\x47\x71\x42\x55\x54\x76\x5a\x75\x6b\x47\x4b\x4b\x49\x66\x58\x70",
b"\x52\x4e\x7e\x7c\x50\x67\x4b\x4d\x44\x68\x69\x76\x66\x5b\x69\x6f\x5e\x56\x66\x54\x4e\x6f\x49\x48",
b"\x56\x7f\x75\x56\x56\x47\x3d\x59\x6f\x52\x70\x45\x60\x73\x51\x53\x73\x66\x78\x75\x53\x5b\x52\x6d",
b"\x5f\x69\x64\x7e\x71\x56\x69\x74\x4e\x47\x78\x70\x52\x42\x48\x42\x42\x6b\x73\x66\x53\x75\x54\x7a",
b"\x64\x51\x56\x56\x47\x3d\x7e\x5e\x64\x7c\x44\x65\x6e\x51\x4a\x69\x54\x6b\x4d\x52\x5f\x50\x79\x5b",
b"\x6c\x6c\x64\x4a\x75\x49\x6a\x4c\x59\x4c\x7b\x69\x4f\x69\x6b\x6a\x6a\x7c\x6d\x7c\x6b\x76\x52\x4c",
b"\x64\x45\x54\x72\x76\x59\x6d\x45\x7e\x78\x47\x44\x72\x4e\x6b\x4e\x7b\x50\x79\x7c\x6d\x54\x56\x75",
b"\x4e\x65\x7a\x66\x49\x5b\x5c\x73\x49\x45\x6b\x75\x51\x6d\x7b\x5c\x57\x51\x3d\x6e\x5b\x56\x7c\x4f",
b"\x4b\x5c\x66\x76\x3d\x6e\x42\x49\x53\x4b\x6b\x6f\x54\x66\x6c\x4f\x6b\x74\x6a\x7e\x7f\x67\x78\x45",
b"\x6b\x74\x6e\x6b\x49\x48\x7b\x70\x42\x6b\x6f\x65\x5b\x7a\x65\x72\x76\x68\x3d\x4c\x75\x5f\x52\x6b",
b"\x4b\x7f\x6f\x4b\x67\x4d\x57\x7f\x50\x58\x69\x75\x45\x5e\x67\x52\x5e\x48\x7f\x7e\x53\x78\x55\x52",
b"\x74\x6c\x73\x6c\x70\x52\x75\x78\x4c\x66\x7c\x42\x6e\x78\x66\x7e\x6e\x5c\x47\x72\x7b\x59\x5e\x6b",
b"\x55\x75\x70\x42\x67\x49\x5e\x5b\x4f\x65\x6e\x6a\x75\x53\x6b\x6f\x4c\x7a\x5a\x4c\x73\x6b\x69\x50",
b"\x4c\x53\x73\x4b\x7e\x47\x42\x4c\x70\x6e\x6e\x73\x4d\x54\x65\x4d\x74\x6d\x66\x7a\x7b\x74\x7c\x59",
b"\x56\x7e\x6a\x7c\x72\x6d\x55\x65\x6a\x73\x56\x64\x58\x59\x54\x54\x66\x6f\x78\x57\x4e\x6c\x52\x44",
b"\x4e\x5a\x5b\x44\x53\x73\x53\x70\x49\x54\x64\x69\x57\x6d\x67\x76\x4a\x44\x49\x66\x6e\x6a\x4f\x69",
b"\x6f\x47\x6a\x4f\x57\x55\x6e\x48\x58\x68\x4a\x47\x60\x58\x42\x5a\x56\x5e\x5a\x7a\x6d\x7e\x44\x78",
b"\x4d\x48\x4b\x4b\x65\x7e\x64\x5c\x7e\x78\x4a\x55\x69\x6b\x7e\x65\x4c\x4f\x4f\x71\x5f\x45\x51\x59",
b"\x58\x48\x56\x4b\x58\x76\x7f\x57\x77\x54\x4e\x44\x6b\x6a\x4a\x45\x4a\x6c\x64\x4d\x55\x64\x6f\x44",
b"\x66\x71\x6d\x50\x51\x7f\x78\x6d\x64\x57\x6c\x78\x53\x74\x44\x4a\x55\x79\x64\x45\x78\x6b\x45\x78",
b"\x5f\x58\x6c\x5a\x51\x52\x53\x5c\x6a\x50\x77\x4d\x74\x49\x72\x52\x7b\x73\x4b\x58\x44\x48\x5c\x7b",
b"\x74\x73\x69\x78\x6f\x73\x7c\x71\x66\x69\x6f\x2c\x78\x42\x78\x73\x7e\x6f\x64\x6d\x69\x2d\x6f\x60",
b"\x45\x77\x7b\x74\x3d\x5c\x79\x5f\x5c\x53\x7a\x5e\x70\x6b\x4c\x73\x47\x64\x5b\x70\x73\x6d\x75\x70",
b"\x76\x3d\x47\x5c\x6e\x44\x5b\x4f\x5a\x5a\x4e\x76\x5f\x7a\x7f\x49\x4d\x71\x4d\x44\x4b\x55\x5e\x6d",
b"\x73\x7e\x7b\x78\x60\x58\x7c\x49\x6b\x77\x70\x4d\x45\x76\x64\x52\x6b\x78\x70\x5b\x53\x4c\x75\x56",
b"\x59\x50\x3d\x70\x5a\x68\x4e\x6f\x71\x75\x6a\x69\x76\x56\x5c\x50\x5f\x45\x50\x7a\x50\x47\x48\x65",
b"\x47\x6d\x45\x76\x4c\x4b\x74\x66\x49\x5a\x5c\x54\x54\x44\x45\x6b\x76\x44\x76\x6c\x7b\x72\x64\x73",
b"\x73\x4a\x7e\x7e\x51\x6a\x55\x5a\x66\x7e\x7c\x6d\x50\x49\x54\x54\x73\x45\x73\x67\x77\x52\x67\x6d",
b"\x5c\x5f\x66\x4c\x49\x66\x4d\x71\x44\x3d\x77\x56\x7b\x60\x5b\x5a\x58\x65\x74\x4d\x49\x48\x72\x5a",
b"\x57\x6f\x7f\x75\x57\x54\x69\x47\x76\x5b\x4a\x4d\x4e\x6b\x5f\x47\x74\x6a\x4d\x5b\x4d\x45\x7f\x6a",
b"\x58\x4c\x7b\x65\x55\x65\x67\x78\x5a\x64\x5f\x76\x66\x4b\x6c\x50\x71\x78\x73\x65\x5a\x4a\x56\x42",
b"\x6d\x51\x4c\x74\x7c\x44\x5e\x75\x6d\x49\x52\x57\x6e\x67\x4b\x5b\x64\x53\x56\x7c\x53\x54\x58\x67",
b"\x7b\x67\x56\x72\x6e\x4f\x48\x67\x4a\x56\x55\x5e\x72\x65\x4d\x77\x4f\x45\x59\x69\x4f\x66\x65\x64",
b"\x73\x64\x70\x56\x47\x75\x6a\x50\x73\x6b\x50\x72\x75\x49\x7c\x4f\x48\x55\x6c\x51\x66\x6d\x5f\x5f",
b"\x3d\x73\x52\x4f\x64\x77\x4f\x71\x3d\x6e\x48\x72\x54\x68\x4e\x60\x44\x7c\x5f\x51\x76\x42\x54\x44",
b"\x73\x5e\x4f\x4a\x67\x4d\x56\x51\x69\x55\x56\x7e\x7f\x4c\x65\x65\x59\x78\x71\x7e\x4b\x78\x5a\x78",
b"\x5f\x64\x5f\x48\x44\x42\x7a\x50\x53\x42\x71\x7b\x3d\x72\x4d\x57\x57\x5b\x6e\x7f\x53\x54\x5a\x68",
b"\x6c\x4e\x6c\x5c\x6b\x6d\x59\x7b\x5c\x75\x54\x45\x7b\x54\x70\x7e\x4d\x53\x76\x7a\x4d\x5b\x56\x72",
b"\x54\x5b\x5f\x7b\x7a\x44\x76\x4e\x6c\x6f\x56\x79\x70\x5a\x75\x52\x6f\x4a\x42\x4d\x75\x4b\x71\x7b",
b"\x72\x75\x48\x66\x6f\x68\x7a\x69\x76\x78\x7b\x77\x79\x42\x66\x7e\x59\x52\x53\x4a\x4c\x47\x52\x56",
b"\x6b\x6d\x65\x78\x79\x74\x73\x77\x4b\x4c\x49\x6d\x71\x6f\x76\x56\x6d\x4c\x72\x4b\x78\x7f\x6f\x7f",
b"\x57\x70\x60\x4c\x4a\x75\x77\x49\x57\x59\x5a\x78\x6b\x58\x4b\x60\x6f\x44\x5b\x67\x71\x68\x60\x7c",
b"\x70\x77\x5b\x4b\x77\x7a\x6d\x64\x73\x50\x75\x51\x50\x4b\x4a\x70\x6f\x65\x51\x7c\x64\x45\x64\x4b",
b"\x3d\x55\x67\x7a\x47\x64\x59\x5e\x47\x7c\x54\x4d\x59\x7c\x65\x6a\x4b\x6e\x42\x67\x47\x4e\x3d\x47",
b"\x70\x64\x65\x59\x57\x7f\x6d\x6f\x73\x60\x59\x70\x70\x51\x5a\x47\x67\x57\x4f\x73\x76\x65\x54\x58",
b"\x54\x70\x49\x6c\x74\x57\x6a\x5f\x64\x58\x58\x64\x79\x76\x73\x5f\x7a\x44\x76\x7b\x55\x7a\x48\x73",
b"\x53\x50\x74\x6b\x6d\x50\x77\x6d\x42\x7f\x42\x5f\x7a\x67\x69\x5f\x73\x7b\x4f\x6f\x52\x54\x6b\x74",
b"\x6c\x42\x7b\x5f\x3d\x5a\x4f\x48\x4b\x57\x5e\x54\x77\x74\x7f\x56\x47\x49\x47\x6d\x7f\x73\x76\x7a",
b"\x42\x70\x48\x7b\x58\x52\x6e\x52\x7e\x67\x5c\x68\x49\x6b\x50\x67\x70\x51\x5a\x57\x5b\x7c\x6c\x6a",
b"\x45\x79\x55\x50\x77\x50\x7a\x76\x74\x56\x5e\x76\x57\x69\x65\x5b\x58\x72\x57\x71\x74\x57\x5f\x5b",
b"\x67\x75\x68\x4f\x73\x66\x5c\x77\x3d\x6a\x69\x58\x77\x6c\x57\x7c\x59\x66\x76\x78\x5c\x76\x6e\x71",
b"\x6e\x68\x53\x4e\x4f\x52\x50\x6f\x78\x5e\x44\x44\x53\x4c\x5e\x79\x56\x65\x7b\x5f\x58\x67\x4e\x50",
b"\x73\x78\x48\x6f\x7b\x77\x56\x65\x45\x65\x53\x51\x7b\x3d\x65\x6f\x74\x47\x4f\x73\x53\x4f\x6b\x6e",
b"\x72\x73\x64\x7c\x4e\x53\x6b\x5c\x69\x72\x55\x72\x71\x68\x65\x7b\x5f\x73\x60\x45\x48\x49\x6d\x78",
b"\x72\x76\x67\x5e\x64\x58\x52\x53\x57\x45\x65\x4f\x48\x65\x68\x4e\x6e\x77\x3d\x7f\x71\x57\x60\x71",
b"\x71\x72\x70\x55\x5e\x5f\x50\x76\x77\x5a\x5f\x68\x7b\x4c\x7e\x4f\x44\x60\x71\x68\x7a\x69\x57\x4e",
b"\x47\x7c\x59\x4f\x5a\x51\x58\x7f\x64\x70\x47\x44\x5b\x4e\x4d\x49\x44\x64\x77\x4b\x74\x6e\x59\x50",
b"\x7b\x50\x7b\x59\x6a\x55\x4e\x75\x77\x68\x58\x5a\x69\x64\x64\x5a\x76\x59\x52\x64\x5f\x48\x4e\x6c",
b"\x5e\x79\x7e\x74\x50\x59\x51\x51\x7f\x57\x4b\x64\x42\x53\x57\x52\x59\x70\x4f\x5a\x67\x79\x6b\x6d",
b"\x65\x6a\x70\x57\x4e\x5b\x70\x5c\x67\x73\x44\x6a\x72\x58\x54\x74\x70\x57\x4e\x45\x52\x58\x55\x71",
b"\x5b\x51\x76\x7f\x75\x72\x69\x7e\x52\x6b\x44\x5a\x7c\x4e\x74\x3d\x72\x4b\x51\x5a\x54\x48\x56\x73",
b"\x69\x74\x7c\x71\x57\x77\x4c\x48\x5b\x78\x74\x5e\x4f\x45\x57\x53\x78\x7c\x6d\x52\x7b\x4a\x58\x79",
b"\x7a\x7e\x6d\x50\x72\x4d\x6f\x5b\x4e\x52\x49\x54\x4e\x50\x70\x54\x4c\x60\x5e\x58\x48\x77\x78\x70",
b"\x45\x5b\x57\x76\x75\x45\x5b\x42\x54\x4d\x4a\x73\x65\x7c\x6b\x42\x47\x71\x48\x7a\x4e\x5f\x79\x65",
b"\x52\x4b\x56\x6b\x5e\x51\x5c\x7c\x57\x7e\x5a\x58\x6c\x68\x54\x7a\x56\x57\x50\x78\x73\x50\x48\x4a",
b"\x5e\x42\x76\x5a\x7c\x47\x79\x79\x55\x4f\x74\x72\x68\x58\x79\x7f\x7f\x4d\x73\x76\x5b\x55\x56\x64",
b"\x7c\x4d\x78\x5a\x77\x75\x65\x71\x79\x60\x73\x75\x66\x58\x50\x51\x5f\x6a\x66\x78\x66\x47\x51\x78",
b"\x6c\x70\x52\x45\x50\x7a\x5a\x4c\x3d\x6f\x60\x59\x7b\x53\x5f\x5b\x68\x4b\x45\x51\x4b\x51\x42\x48",
b"\x55\x54\x5a\x7e\x72\x54\x45\x68\x59\x7a\x44\x78\x55\x6d\x5e\x55\x60\x57\x7b\x5a\x60\x5b\x6f\x6b",
b"\x5b\x5a\x68\x4c\x6c\x66\x79\x77\x4f\x64\x55\x44\x6e\x4c\x42\x7b\x4c\x6c\x50\x4e\x64\x5e\x6e\x4c",
b"\x60\x48\x72\x4b\x69\x6e\x75\x49\x57\x70\x76\x75\x56\x5a\x79\x3d\x72\x6b\x4d\x4c\x6e\x52\x3d\x7c",
b"\x71\x75\x68\x58\x4f\x49\x4c\x4b\x71\x79\x58\x4c\x66\x58\x50\x65\x47\x64\x65\x4f\x66\x71\x7e\x42",
b"\x48\x6b\x7f\x64\x7a\x6c\x7f\x5e\x4d\x6a\x53\x5e\x5b\x75\x71\x68\x67\x6f\x79\x5a\x69\x70\x69\x67",
b"\x5b\x70\x79\x6d\x4e\x59\x42\x4e\x4d\x64\x7f\x3d\x56\x54\x6b\x48\x4b\x7a\x3d\x3d\x6c\x70\x5a\x58",
b"\x53\x4d\x48\x5f\x4e\x71\x6c\x68\x77\x6f\x6a\x67\x52\x69\x60\x66\x57\x7a\x78\x57\x5e\x42\x7c\x51",
b"\x6e\x52\x4a\x48\x57\x73\x48\x79\x69\x74\x69\x6e\x77\x6e\x59\x7b\x65\x5a\x55\x55\x45\x49\x49\x52",
b"\x71\x73\x5b\x70\x5c\x4f\x71\x50\x79\x45\x5b\x6d\x6e\x6c\x52\x6d\x5c\x73\x5a\x4a\x73\x4f\x72\x47",
b"\x65\x6b\x70\x55\x7f\x4a\x7f\x7a\x59\x74\x6e\x55\x67\x53\x6e\x44\x7a\x64\x54\x6c\x5e\x67\x5e\x5f",
b"\x73\x72\x50\x5b\x48\x69\x55\x77\x73\x5a\x6d\x4d\x6c\x5f\x64\x6e\x7f\x56\x60\x49\x5b\x52\x4d\x7e",
b"\x4f\x79\x7b\x74\x4d\x51\x6e\x4a\x55\x7f\x47\x64\x4f\x51\x69\x59\x7a\x5a\x49\x68\x51\x50\x7f\x5e",
b"\x50\x44\x69\x52\x66\x6d\x78\x55\x5c\x67\x49\x5a\x49\x69\x53\x68\x75\x6e\x56\x6b\x64\x6c\x53\x49",
b"\x5a\x70\x7f\x66\x75\x7b\x6c\x5c\x67\x65\x49\x44\x70\x5a\x5e\x56\x49\x52\x54\x53\x7e\x54\x55\x5f",
b"\x7b\x7f\x74\x58\x51\x79\x48\x70\x6f\x49\x7f\x5a\x5a\x45\x59\x79\x66\x7b\x4b\x7a\x49\x57\x6c\x59",
b"\x65\x6b\x4b\x4d\x56\x49\x5e\x71\x7e\x5c\x4b\x52\x4d\x4b\x53\x7a\x56\x51\x78\x4d\x3d\x4b\x49\x57",
b"\x5b\x4d\x76\x6f\x44\x5b\x7a\x45\x6d\x6f\x51\x55\x79\x56\x55\x4d\x66\x60\x7e\x4a\x6d\x52\x7b\x4d",
b"\x4f\x72\x68\x3d\x4d\x53\x7b\x54\x44\x7e\x50\x7f\x50\x52\x45\x5c\x55\x42\x6c\x7a\x57\x73\x77\x4c",
b"\x76\x78\x58\x5b\x5b\x60\x64\x47\x65\x6f\x6b\x47\x71\x52\x73\x4f\x68\x51\x48\x4e\x70\x6b\x44\x42",
b"\x5a\x73\x7e\x6b\x4c\x53\x53\x4f\x7a\x70\x45\x6d\x6c\x73\x44\x56\x75\x78\x6b\x52\x60\x57\x7f\x52",
b"\x78\x50\x4b\x4c\x48\x72\x6e\x60\x53\x4e\x74\x7b\x6e\x7b\x73\x4d\x7f\x57\x69\x4d\x74\x70\x7e\x7b",
b"\x5a\x4d\x5a\x59\x72\x58\x78\x45\x55\x4d\x51\x60\x45\x5c\x5e\x47\x72\x4a\x57\x4b\x73\x79\x52\x50",
]
def hash_string(bs, n):
return bytes([b ^ n for b in bs])
def mix(n):
assert 0 <= n < 256
for bs in strings:
res = hash_string(bs, n)
if b'internal' in res:
return res.decode()
for n in range(256):
if res := mix(n) or '':
break
print(res)
assert res == 'internal{tr1e_encrypt0r}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment