Skip to content

Instantly share code, notes, and snippets.

@dz-root

dz-root/readme.md

Last active October 23, 2022 22:03
Show Gist options
  • Save dz-root/3a70f2408f4fca12a91e9bf29ba239f8 to your computer and use it in GitHub Desktop.
Save dz-root/3a70f2408f4fca12a91e9bf29ba239f8 to your computer and use it in GitHub Desktop.
Download ZIP
Physics quizz speedrun - Root-me CTF10k
Raw
readme.md

Physics quizz speedrun

Overview

Category: Programming You found a super cool ranked quizz online about physics. It rewards anybody that can complete it faster than all of the predecessors. Note : the atomic weight must be rounded to one decimal number. Author : Elf#4541

ws://ctf10k.root-me.org:8000

Solve

Methodology

I first started by instantiating the connection between the client (me) and the server, then listening to the incoming messages socket.onmessage. After we have established the connection, the server send immediately a long message in binary format.

    let socket = new WebSocket("ws://ctf10k.root-me.org:8000")
    socket.onopen = (e) => console.log("Connection established")

    socket.onmessage = function(event) {
        let data = event.data
        console.log(`Server send a new message: ${data}`);
    };

To have something readable by humans, I decided to split the message by range of 8 8 bytes that I convert to Dec then to Hex

    let binary   = data.replace(/[^\dA-Z]/g, '').replace(/(.{8})/g, '$1 ').trim()
    let forHuman = binary.split(' ').map( bin => String.fromCharCode(parseInt(bin, 2)) ).join('');
    console.log(`Convert message to string: \n${forHuman}`);

Ok 😎! Now it's time to take a look on the Mendeleev table to get the atomic weight of Copernicium and send it back... Come on!! That's what I stated to do... I was thinking that if I send back to the server the answer socket.send(atomic weight of Copernicium) I'll get the flag... But I noticed by refreshing my page that the questions are sent randomly. Well, let's see what's happen when we send a message. The idea is to send the message (answer) when the socket event onmessage is handled, it will be a trigger for our sender.

socket.onmessage = function(event) {
    //...
    socket.send('blablabla')

From the debugger we can see that when we send blablabla the server repond by Sorry, I don't speak your language, I'm a computer... I was thinking to encode the answars before sending, but at my surprise, we already recived the Flag in the last message sent by server.

Congratz, you got the speedrun world record! Here's your price: RM{4t0ms_sp33drunn3r_sp3c14l1st} That's Very Cool..., But strange 🤔... anyway it seems that our socket adventure stop here. We got the 🚩

Code

    let socket = new WebSocket("ws://ctf10k.root-me.org:8000")
    socket.onopen = (e) => console.log("Connection established")

    socket.onmessage = function(event) {
        let data = event.data
        console.log(`Server send a new message: ${data}`);

        let binary   = data.replace(/[^\dA-Z]/g, '').replace(/(.{8})/g, '$1 ').trim()
        let forHuman = binary.split(' ').map( bin => String.fromCharCode(parseInt(bin, 2)) ).join('');
        console.log(`Convert message to string: \n${forHuman}`);

        let randomAnsware = (Math.random() + 1).toString(36).substring(7)
        socket.send(randomAnsware)
        console.log(`Random answare: ${randomAnsware}`)
    };
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment