View solve.py
chars = " FuMlX%3kBJ:.N*epqA0Lh=En/diT1cwyaz$7SH,OoP;rUsWv4g\\Z<tx(8mf>-#I?bDYC+RQ!K5jV69&)G"
def get_key(seed):
result = ""
seed = 16631 * (seed % 0x7fffffff) + 511115
for i in range(16):
result += byte[seed % 0x7fffffff % 82]
seed = 16631 * (seed % 0x7fffffff) + 511115
result += chars[seed % 0x7fffffff % 82]
return result
View solve.py
#!/usr/bin/env python
frequencies = {'a': 0.0651738, 'b': 0.0124248, 'c': 0.0217339, 'd': 0.0349835, 'e': 0.1041442, 'f': 0.0197881, 'g': 0.0158610, 'h': 0.0492888, 'i': 0.0558094, 'j': 0.0009033, 'k': 0.0050529, 'l': 0.0331490, 'm': 0.0202124,
'n': 0.0564513, 'o': 0.0596302, 'p': 0.0137645, 'q': 0.0008606, 'r': 0.0497563, 's': 0.0515760, 't': 0.0729357, 'u': 0.0225134, 'v': 0.0082903, 'w': 0.0171272, 'x': 0.0013692, 'y': 0.0145984, 'z': 0.0007836, ' ': 0.1918182}
def single_byte_xor(b, s):
""" Performs XOR of the single byte against every character in string. """
assert len(b) == 1
x = ord(b)
View solve.py
#!/usr/bin/env python
from PIL import Image
A = Image.open("A.png")
B = Image.open("B.png")
dA = A.load()
dB = B.load()
View gist:2ed44083581140c48c4a97766482448f
~ » telnet wayward.tcp.easyctf.com 8580 michael@zhang
Trying 45.55.88.134...
Connected to wayward.tcp.easyctf.com.
Escape character is '^]'.
Please enter your pilot key: hello
The current time is: 1489720845.28
Please enter the coordinates (x, y) you would like to hit:
world
Sorry, you didn't enter valid coordinates.
Connection closed by foreign host.
View aplit.c
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>
int main(int argc, char **argv) {
int score = 0;
printf("CollageBored (R) Advanced Placement Literature Grader\n");
if (argc != 2) {
printf("Usage: %s [essay]\n", argv[0]);
return 1;
View crypto e.md

Data:

http://www.apk4fun.com/apk/1299/

Solution:

This is just a really difficult challenge. First, decompile snapchat.apk using a tool or a service like decompileandroid. Extact the src folder. Yay. Java.

The first step is to do a little bit of research on Snapchat decryption. Your research will probably lead you to this repo. However, it's outdated. Cry slowly. You should realize at this point that you need the Android ID to do anything. Use grep to search for android_id in src. This will reveal locations in the code that obtain the Android ID from the phone. You will eventually find in com.flurry.sdk.ea the following:

View chokes.md

2015 September 29 2015 July 24 2015 July 21 2015 July 16 2015 July 14

View Updates.md
View heibot.py
import sys;
import socket;
import string;
import random;
import urllib2;
import hashlib;
def genprefix():
return (random.choice("abcdef") + hashlib.md5(random.choice([
"heibot", "asdfbot",
View index.html
<!doctype>
<html>
<head>
<title><$WikiTitle$></title>
<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootswatch/3.3.2/simplex/bootstrap.min.css" />
</head>
<body>
<nav class="navbar navbar-default">
<div class="container">
<div class="navbar-header">