Beginner's Misc writeup

BeginnersMisc.md

Beginner's Misc

The problem is:

exploit = input('? ')
if eval(b64encode(exploit.encode('UTF-8'))) == math.pi:
  print(open('flag.txt').read())

Note that the submitted string will be encoded into UTF-8 and then encoded into Base64.

With Base64 characters, we can write some numbers and operators 0123456789+/ (and hex abcdefABCDEFx, but wasn't used in my solution).

My teammate azon found that these 4-character unit can be passed the above criteria (written in Base64 characters, can be encoded into UTF-8):

• [0-3][4-7][014589][0-9+/]
• [4-7][4-7][26+][0-9+/]

With this units, we can write '340/340+340/340+340/340+776/140/140+340/3400' and this value is 3.1395918367346938, for example.

Then we wrote a searching program and got flag.

solve.py

from base64 import b64encode, b64decode
import math

def f(s):
    return b64decode(s).decode('utf-8')
def g(s):
    return b64encode(s.encode('utf-8'))

# [0-3][4-7][014589][0-9+/]
# [4-7][4-7][26+][0-9+/]

head = '340/340+340/340+340/340+776/140/140+'
tail = '340/3400'

def x(n):
    first = '776'
    add = '/140'
    last = '+'

    ret = first
    for i in range(n):
        ret += add
    ret += last
    return ret

n = 2
cont = ''
while True:
    nxt = cont + x(n)
    ev = eval(g(f(head+nxt+tail)))
    if ev == math.pi:
        cont = nxt
        break
    if ev > math.pi:
        n += 1
    else:
        cont = nxt

# print(cont)
ans = head + cont + tail
# print(ans)
print(eval(g(f(ans))))
print(eval(g(f(ans)))==math.pi)
# print(f(ans))

import socket

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(('35.221.81.216', 30718))

result = s.recv(1024)
s.send((f(ans)+'\n').encode('utf-8'))
result = s.recv(1024)
print(result)
s.close()