michael iptq

## solve.py
#!/usr/bin/env python

from PIL import Image

A = Image.open("A.png")
B = Image.open("B.png")

dA = A.load()
dB = B.load()

## gist:2ed44083581140c48c4a97766482448f
~ » telnet wayward.tcp.easyctf.com 8580                                                                                                                                                                                                                           michael@zhang
Trying 45.55.88.134...
Connected to wayward.tcp.easyctf.com.
Escape character is '^]'.
Please enter your pilot key: hello
The current time is: 1489720845.28
Please enter the coordinates (x, y) you would like to hit:
world
Sorry, you didn't enter valid coordinates.
Connection closed by foreign host.

## aplit.c
#include <stdio.h>
#include <stdlib.h>
#include <fcntl.h>

int main(int argc, char **argv) {
        int score = 0;
        printf("CollageBored (R) Advanced Placement Literature Grader\n");
        if (argc != 2) {
                printf("Usage: %s [essay]\n", argv[0]);
                return 1;

## crypto e.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              1 star
            
          
                iptq
                / crypto e.md
            
            
              Created
              August 18, 2015 18:34
            
          
    Data:

http://www.apk4fun.com/apk/1299/
Solution:

This is just a really difficult challenge. First, decompile snapchat.apk using a tool or a service like decompileandroid. Extact the src folder. Yay. Java.
The first step is to do a little bit of research on Snapchat decryption. Your research will probably lead you to this repo. However, it's outdated. Cry slowly. You should realize at this point that you need the Android ID to do anything. Use grep to search for android_id in src. This will reveal locations in the code that obtain the Android ID from the phone. You will eventually find in com.flurry.sdk.ea the following:

  
## Updates.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                iptq
                / Updates.md
            
            
              Last active
              August 29, 2015 14:17
            
              
                CTCTF Updates and Clarifications
              
          
    CTCTF Updates and Clarifications

19 March 2015, 7:36PM EST

https://medium.com/@failedxyz/a-much-needed-apology-8f50537a8932
18 March 2015, 10:12PM EST

Hint 2 for 3 hard: it's based on ASCII.

  
## heibot.py
import sys;
import socket;
import string;
import random;
import urllib2;
import hashlib;

def genprefix():
    return (random.choice("abcdef") + hashlib.md5(random.choice([
        "heibot", "asdfbot",

## index.html
<!doctype>
<html>
	<head>
		<title><$WikiTitle$></title>
		<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootswatch/3.3.2/simplex/bootstrap.min.css" />
	</head>
	<body>
		<nav class="navbar navbar-default">
			<div class="container">
				<div class="navbar-header">

## heibot.py
import sys;
import socket;
import string;
import random;

HOST = "irc.mibbit.net";
PORT = 6667;
NICK = "heibot";
CHANNEL = "#yolo1";

## Bandit
bandit0 bandit0
bandit1 boJ9jbbUNNfktd78OOpsqOltutMc3MY1
bandit2 CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
bandit3 UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
bandit4 pIwrPrtPN36QITSp3EQaw936yaFoFgAB
bandit5 koReBOKuIDDepwhWk7jZC0RTdopnAYKh
bandit6 DXjZPULLxYr17uwoI01bNLQbtFemEgo7
bandit7 HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
bandit8 cvX2JJa4CFALtqS87jk27qwqGhBM9plV
bandit9 UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                iptq
                / keybase.md
            
            
              Created
              December 30, 2014 21:22
            
          
    Keybase proof

I hereby claim:

I am failedxyz on github.
I am failedxyz (https://keybase.io/failedxyz) on keybase.
I have a public key whose fingerprint is 091D 3A47 D137 DC0F CEDC  1AD9 F8A8 A156 0109 AA3F

To claim this, I am signing this object:
	#!/usr/bin/env python

	from PIL import Image

	A = Image.open("A.png")
	B = Image.open("B.png")

	dA = A.load()
	dB = B.load()
	~ » telnet wayward.tcp.easyctf.com 8580 michael@zhang
	Trying 45.55.88.134...
	Connected to wayward.tcp.easyctf.com.
	Escape character is '^]'.
	Please enter your pilot key: hello
	The current time is: 1489720845.28
	Please enter the coordinates (x, y) you would like to hit:
	world
	Sorry, you didn't enter valid coordinates.
	Connection closed by foreign host.
	#include <stdio.h>
	#include <stdlib.h>
	#include <fcntl.h>

	int main(int argc, char **argv) {
	int score = 0;
	printf("CollageBored (R) Advanced Placement Literature Grader\n");
	if (argc != 2) {
	printf("Usage: %s [essay]\n", argv[0]);
	return 1;
	import sys;
	import socket;
	import string;
	import random;
	import urllib2;
	import hashlib;

	def genprefix():
	return (random.choice("abcdef") + hashlib.md5(random.choice([
	"heibot", "asdfbot",
	<!doctype>
	<html>
	<head>
	<title><$WikiTitle$></title>
	<link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootswatch/3.3.2/simplex/bootstrap.min.css" />
	</head>
	<body>
	<nav class="navbar navbar-default">
	<div class="container">
	<div class="navbar-header">
	bandit0 bandit0
	bandit1 boJ9jbbUNNfktd78OOpsqOltutMc3MY1
	bandit2 CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9
	bandit3 UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
	bandit4 pIwrPrtPN36QITSp3EQaw936yaFoFgAB
	bandit5 koReBOKuIDDepwhWk7jZC0RTdopnAYKh
	bandit6 DXjZPULLxYr17uwoI01bNLQbtFemEgo7
	bandit7 HKBPTKQnIay4Fw76bEy8PVxKEDQRKTzs
	bandit8 cvX2JJa4CFALtqS87jk27qwqGhBM9plV
	bandit9 UsvVyFSfZZWbi6wgC7dAFyFuR6jQQUhR