Skip to content

Instantly share code, notes, and snippets.

@cetaSYN

cetaSYN/README.md

Created Dec 12, 2020
Embed
What would you like to do?
Solve for 5CTF Disorderly2
#!/usr/bin/env python3
import itertools
import re
from multiprocessing import Pool
from disorderly2 import decrypt
FLAG_PTRN = re.compile(r"flag{[a-zA-Z0-9$!@_-]+}")
with open("encoded.txt") as f:
encmsg = f.read().strip()
def alphagen():
# Generate all possible usable alpabets
ALPHABET = list("beghiklnptuv") # Removed known
a0 = ["x", "y", "m", "j", "r"] # Delim
a1 = ["f", "c", "a"] # 64
a2 = ["w", "d", "z"] # 32
a3_sub = [c for c in ALPHABET if c not in a2]
for a3 in list(itertools.combinations(a3_sub, 3)): # 16
a4_sub = [c for c in a3_sub if c not in a3]
for a4 in list(itertools.combinations(a4_sub, 3)): # 8
a5_sub = [c for c in a4_sub if c not in a4]
for a5 in list(itertools.combinations(a5_sub, 3)): # 4
a6_sub = [c for c in a5_sub if c not in a5]
for a6 in list(itertools.combinations(a6_sub, 3)): # 2
a7_sub = [c for c in a6_sub if c not in a6]
a7 = ("s", "o", "q") # 1
yield "".join(
list(itertools.chain(*[a1, a2, a3, a4, a5, a6, a7, a0]))
)
def do_work(alphabet):
decmsg = decrypt(encmsg, alphabet)
if re.search(FLAG_PTRN, decmsg) and "congratulations" in decmsg.lower():
print("FOUND: {}\nABET: {}".format(decmsg, alphabet))
with Pool(6) as pool: # 6-core multiprocessing pool
pool.map(do_work, alphagen()) # Distribute work across cores
#!/usr/bin/python
# Provided by 5CTF Round 4
from random import choice, shuffle
from re import split as resplit
def encrypt(message, rnd=False, alphabet="abcdefghijklmnopqrstuvwxyz"):
if len(alphabet) != 26:
return ("error", "alphabet must be 26 letters")
if rnd:
alphabet = [alphabet[x] for x in range(len(alphabet))]
shuffle(alphabet)
alphabet = "".join(alphabet)
bits = {
64: alphabet[0:3],
32: alphabet[3:6],
16: alphabet[6:9],
8: alphabet[9:12],
4: alphabet[12:15],
2: alphabet[15:18],
1: alphabet[18:21],
}
endbit = alphabet[21:26]
output = ""
for letter in range(len(message)):
letter = message[letter]
crypt_letter = ""
for bit in bits.keys():
if ord(letter) & bit:
crypt_letter += choice(bits[bit])
crypt_letter = list(crypt_letter)
shuffle(crypt_letter)
crypt_letter = "".join(crypt_letter) + choice(endbit)
output += crypt_letter
return (alphabet, output)
def decrypt(message, alphabet="abcdefghijklmnopqrstuvwxyz"):
if len(alphabet) != 26:
return ("error", "alphabet must be 26 letters")
bits = {
64: alphabet[0:3],
32: alphabet[3:6],
16: alphabet[6:9],
8: alphabet[9:12],
4: alphabet[12:15],
2: alphabet[15:18],
1: alphabet[18:21],
}
endbit = alphabet[21:26]
letters = resplit("[" + endbit + "]", message)
output = ""
for letter in letters:
byte_value = 0
for part in range(len(letter)):
for k, v in bits.items():
if letter[part] in v:
byte_value += k
break
if byte_value:
output += chr(byte_value)
return output
ctlvoxqzgiaumcpuokwxuzbgmdxqaixdxgwufeojwqarvwckomvzgiaywhqtjcdplmdmowgajhpcwerfqgdxabpdvjzjvfqewreapqdjcdvlrowtcyzjczgljdicmzoarwcepmzmpambodcrduscerncphdojcdvkmwapxpcswyeuazjpdiareczonjdjslzmzjvszarioaugwxawtqkxigczmpzfydrwhfjtoawrwxkhozaxbwgusfjtdifjlctuwrfsgdytzaxvpbzjdmzrasuyozcvngxiagdvrvwapsyawkvjcqwxedgamtokazydgifxzcoxkwtcmdconxnpwvfoyatwuijqflzvywoyzrzxansmhtzsmbtofzjzmuzamcwsmczkhsjdanoyhcozjzfomazbpyadbtrnlaodrzyiawvygoadkrdqualyftezywjdotevcrehawmciqwxlwapjswbampfihzjozcghjwxqgczhnjgoadlrzlgcrzmswfrwychwjzestcmfwigvxuaozywciyzxiqagvdxfpvzxwxazquglyqndvgcxuzkfydgfmdflvqxdrkzsfuyqzuciprwridaokjipdquajqlcgzydxndcrqzarvplwcxgcwomwycpdiojofiugdyuzfejsgfzjwycpzmwqcrldapjazsjdjkpadxsfidugmzmvloadpxnuogwcrhldfrqczuijwmugdaskxqadbjtwalrifdxphwbrzywygauobmgeczycwnjawgorlwhcxvpqldamowanmqeavdjzcogjdmnawsxwgckxdmqtcvlzjcwpuqnyqzgfkxgnzargczjwxcwvygqczxdmbfdtoxotiwvarewvcrdpsajdxgcdywasnragzvxzpcujcsdbyhdfsmopedfmbzparpaedjpiwvydxdrocjgzcvbrzclqbxowkgaujszaxblfwqxbgzjdmqznaejtihswcxdcstexdalvjdywghcmtbwfjzqcjczqgujzxbszaycezuqrwmtzauyfizgyqdfrswatvyocvbezypkzcjnzcysazgjilfguoyzfuktqrhanzpqrehadmatndjgwcjqickthjsfziyldohayophcblrdvatmqfdnrhztnfmfowxcbwtjgdbcxlbqwcynaqlvgrawobmbwavgjqnkcphyangzqumvkzaxtfzrtfsdykdchxfbgkvsjewpamfzbjecwhrgnhoazrkotwfyhcwtsjcnzjqlghbaxzsfpjdncvprlczgyeavzywihqgfxlczrdnceqjtikwcsm
ctlvo
qzgiau
cpuokw
uzbg
qai
gwufeo
wqa
vwcko
vzgia
whqt
cdpl
owga
hpcwe
fqgd
abpdv
vfqew
eapqd
cdvl
owtc
czgl
dic
zoa
wcep
pa
bodc
dusce
ncphdo
cdvk
wap
pcsw
euaz
pdia
eczon
slz
vsza
ioaugw
awtqk
igcz
pzf
whf
toaw
khoza
bwgusf
tdif
lctuw
fsgd
tza
vpbz
C asu 1 2 4 8 16 32 64
o ozcvng 1 2 4 8 16 32 64
n iagdv 1 2 4 8 16 32 64
g vwaps 1 2 4 8 16 32 64
r awkv 1 2 4 8 16 32 64
a cqw q 2 4 8 16 w c
t edga 1 2 4 8 16 32 64
u tokaz 1 2 4 8 16 32 64
l dgif 1 2 4 8 16 32 64
a zco o 2 4 8 16 z c
t kwtc 1 2 4 8 16 32 64
i dcon 1 2 4 8 16 32 64
o npwvfo 1 2 4 8 16 32 64
n atwui 1 2 4 8 16 32 64
s qflzv 1 2 4 8 16 32 64
! wo o 2 4 8 16 w 64
ans
htzs
btofz
uza
cws
czkhs
dano
hcoz
zfo
azbp
adbt
nlaod
iawv
goadk
dqual
ftez
dotevc
ehaw
ciqw
lwap
swba
pfihz
ozcgh
qgczhn
goadl
zlgc
a swf s 2 4 8 16 w f
chw
zestc
fwigv
uaoz
wci
iqagvd
fpvz
azqugl
qndvgc
uzkf
dgf
dflvq
kzsfu
qzucip
idaok
ipdqua
qlcgz
ndc
qza
vplwc
gcwo
cpdio
ofiugd
uzfe
sgfz
cpz
wqc
ldap
azs
kpad
sfidug
vloadp
nuogwc
hldf
qczui
ugdask
qadb
twal
ifd
phwb
gauob
gecz
cwn
awgo
lwhc
vpqlda
owan
qeavd
zcog
naws
wgck
qtcvlz
cwpuqn
qzgfk
gnza
gcz
cwv
gqcz
bfdto
otiwva
ewvc
dpsa
gcd
wasn
agzv
zpcu
csdb
hdfs
opedf
bzpa
paed
piwv
oc
gzcvb
zclqb
owkgau
sza
blfwq
bgz
qznae
tihswc
dcste
dalv
wghc
tbwf
zqc
czqgu
bsza
cezuq
1 2 4 8 16 32 64
f tzau 1 tu tu 8 16 z a
l fizg 1 ig ig 8 16 z f
a qdf q 2 4 8 16 d f
g swatv s tv tv 8 16 w a
{ ocvbez obe ovbeovbeobe 16 z c
pkzc 1 2 4 8 16 32 64
nzc 1 2 4 8 16 32 64
sazg 1 2 4 8 16 32 64
ilfguo 1 2 4 8 16 32 64
zfuktq 1 2 4 8 16 32 64
hanzpq 1 2 4 8 16 32 64
ehad 1 2 4 8 16 32 64
atnd 1 2 4 8 16 32 64
gwc 1 2 4 8 16 32 64
qickth 1 2 4 8 16 32 64
sfzi 1 2 4 8 16 32 64
ldoha 1 2 4 8 16 32 64
ophcbl 1 2 4 8 16 32 64
dvat 1 2 4 8 16 32 64
qfdn 1 2 4 8 16 32 64
hztnf 1 2 4 8 16 32 64
fow 1 2 4 8 16 32 64
cbwt 1 2 4 8 16 32 64
gdbc 1 2 4 8 16 32 64
lbqwc 1 2 4 8 16 32 64
naqlvg 1 2 4 8 16 32 64
awob 1 2 4 8 16 32 64
bwavg 1 2 4 8 16 32 64
qnkcph 1 2 4 8 16 32 64
angzqu 1 2 4 8 16 32 64
vkza 1 2 4 8 16 32 64
tfz 1 2 4 8 16 32 64
tfsd 1 2 4 8 16 32 64
kdch 1 2 4 8 16 32 64
fbgkvs 1 2 4 8 16 32 64
ewpa 1 2 4 8 16 32 64
fzb 1 2 4 8 16 32 64
ecwh 1 2 4 8 16 32 64
gnhoaz 1 2 4 8 16 32 64
kotwf 1 2 4 8 16 32 64
hcwts 1 2 4 8 16 32 64
cnz 1 2 4 8 16 32 64
qlghba 1 2 4 8 16 32 64
zsfp 1 2 4 8 16 32 64
dncvp 1 2 4 8 16 32 64
lczg 1 2 4 8 16 32 64
eavz 1 2 4 8 16 32 64
wihqgf 1 2 4 8 16 32 64
lcz 1 2 4 8 16 32 64
dnceq 1 2 4 8 16 32 64
} tikwcs s ti ti k 16 w c
21! / (3!*3!*3!*3!*3!*3!*3!)
The letters are shuffled except for endbits, so we should see some repetition in those bits
Most letters are 4-5 bits on, up to 6
Down to 1 for spaces
2 for exclaimation marks
6 for other punct
delim = x,y,m,j,r
delims will never be adjacent
64 = c,a,f
probable based on freq analysis
32 = w,d,z
found with space chars which are 1 bit
16 =
8 = k
4 =
2 =
1 = qs
>>> [print("{} - {}".format(str(bin(ord(c))[2:]).zfill(8), c)) for c in string.ascii_lowercase]
01100001 - a
01100010 - b
01100011 - c
01100100 - d
01100101 - e
01100110 - f
01100111 - g
01101000 - h
01101001 - i
01101010 - j
01101011 - k
01101100 - l
01101101 - m
01101110 - n
01101111 - o
01110000 - p
01110001 - q
01110010 - r
01110011 - s
01110100 - t
01110101 - u
01110110 - v
01110111 - w
01111000 - x
01111001 - y
01111010 - z
'00100000' - [space]
'01011111' - _
'01111011' - {
'01111101' - }
'00100001' - !
Ending is very long - likely flag
Wow. I wasn't even sure that Disorderly 1 could be solved. Congratulations! I'm basically just writing out a bunch of words so you have more data to work with. Otherwise it would be more difficult. Anyway, your flag is flag{the_world_is_finally_in_order_through_entropy}
ABET: fcawdzeklbingpthuvsoqxymjr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment