Skip to content

Instantly share code, notes, and snippets.

@eboda eboda/

Last active Jun 11, 2017
What would you like to do?
SHA2017 crypto writeup
import requests
from PIL import Image
from StringIO import StringIO
def get_flag_rgb():
rgb = []
flag = requests.get("").content
for i in range(20, 480, 40):
rgb.append(pixel(flag, i))
return rgb
def get(m, x=20):
img = requests.get("" % m).content
return pixel(img, x)
def pixel(img, x=20):
im =
pix = im.load()
return pix[x,7]
def brute(target, flag):
charset = "0123456789abcdef{}lg" # flag format is flag{hex}
for i in range(3): # iterate over R,G,B
for a in charset:
payload = flag + a + (2-i) * "0" # need to pad so that len(flag) %3 == 0
# len(payload)/3*40 - 20 is just the offset for the current square
if get(payload, (len(payload)/3 * 40)-20)[i] == target[i]:
flag += a
return flag
flag = ""
rgbs = get_flag_rgb() # the colors
rgbs.append((46,41,0)) # this is the displayed text 2e29, i.e. the last 2 characters of the ciphertext
for rgb in rgbs:
flag = brute(rgb, flag)
print flag
print "Here's your flag:", flag

Crypto Challenge from SHA2017

The challenge consisted of a web service that would encrypt any given string into an image of a bunch of differently colored squares.

After messing around with it a bit, it was apparent that groups of 3 characters would be used as RGB value for the corresponding square.

The flag was given as an image with 12 squares and 4 letters (2e29) printed on it. The letters get printed whenever the string to encrypt is not divisible by 3.

It turned out that you could bruteforce the color of one square after the other and for each square the RGB values could be bruteforced seperately as well. Solving the challenge consisted therefore of extracting the required RGB values from the flag and then bruteforcing one after the other:

> python
Here's your flag: flag{deaf983eb34e485ce9d2aff0ae44f852}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.