Paweł Łukasik pawlos

## solve3.py

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                pawlos
                / solve3.py
            
            
              Created Nov 19, 2020
            
          
      View solve3.py
  
    
      This file has been truncated, but you can view the full file.
    

## solve2.py
F_L = "9655B040B64667238524D15D6201.B95D4E01C55CC562C7557405A532D768C55FA12DD074DC697A06E172992CAF3F8A5C7306B7476B38.C555AC40A7469C234424.853FA85C470699477D3851249A4B9C4E.A855AF40B84695239D24895D2101D05CCA62BE5578055232D568C05F902DDC74D2697406D7724C2CA83FCF5C2606B547A73898246B4BC14E941F9121D464D263B947EB77D36E7F1B8254.853FA85C470699477D3851249A4B9C4E.9A55B240B84692239624.CC55A940B44690238B24CA5D7501CF5C9C62B15561056032C468D15F9C2DE374DD696206B572752C8C3FB25C3806.A8558540924668236724B15D2101AA5CC362C2556A055232AE68B15F7C2DC17489695D06DB729A2C723F8E5C65069747AA389324AE4BB34E921F9421.CB55A240B5469B23.AC559340A94695238D24CD5D75018A5CB062BA557905A932D768D15F982D.D074B6696F06D5729E2CAE3FCF5C7506AD47AC388024C14B7C4E8F1F8F21CB64"

onzo = F_L.split(".")

#rigmarole(onzo(7))

def rigmarole(es):
	furphy = ""
	c = 0
	s = ""

## solv.py


d = open('report2.xls', 'rb').read()

data_chunk = -1

start_address = [0xace1,
				 0xcc88,
				 0xecac,
				 0x10cd0,

## solve.py


def decrypt(text, alphabet):
	l = 0x66
	cnt = len(text)
	i = 0
	res = []
	while i < cnt:
		res.append(chr(text[i] ^ ord(alphabet[i%l])))
		i += 1

## solve.py
def decode_flag(frob):
    last_value = frob
    encoded_flag = [1135, 1038, 1126, 1028, 1117, 1071, 1094, 1077, 1121, 1087, 1110, 1092, 1072, 1095, 1090, 1027,
                    1127, 1040, 1137, 1030, 1127, 1099, 1062, 1101, 1123, 1027, 1136, 1054]
    decoded_flag = []

    for i in range(len(encoded_flag)):
        c = encoded_flag[i]
        val = (c - ((i%2)*1 + (i%3)*2)) ^ last_value
        decoded_flag.append(val)

## flow_armagedon.py
#armageddon
from ghidra.program.model.listing import CodeUnitFormat, CodeUnitFormatOptions
from ghidra.program.model.symbol import RefType
codeUnitFormat = CodeUnitFormat(CodeUnitFormatOptions(CodeUnitFormatOptions.ShowBlockName.ALWAYS,CodeUnitFormatOptions.ShowNamespace.ALWAYS,"",True,True,True,True,True,True,True))
addr = toAddr('<start address>')

limiter = 0
limit = 50
instruction = currentProgram.getListing().getInstructionAt(addr)
while True:

## flow_exceptional.py
#exceptional
from ghidra.program.model.listing import CodeUnitFormat, CodeUnitFormatOptions
from ghidra.program.model.symbol import RefType
codeUnitFormat = CodeUnitFormat(CodeUnitFormatOptions(CodeUnitFormatOptions.ShowBlockName.ALWAYS,CodeUnitFormatOptions.ShowNamespace.ALWAYS,"",True,True,True,True,True,True,True))
addr = toAddr('<start_address>')

limiter = 0
instruction = currentProgram.getListing().getInstructionAt(addr)
while True:
	t = instruction.getFlowType()

## output.txt
File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 61, in _exec__mT
    output = callback(*args, **kwargs)
  File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 679, in serializableType
    serializable["alignof"] = ctype.alignof
AttributeError: 'gdb.Type' object has no attribute 'alignof'
Traceback (most recent call last):
  File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 349, in getState
    variable["type"]["terminal"] = serializableType(terminalType)

## output.txt
(gdb) [GDBFrontend] ('127.0.0.1', 36958) is connected.
(gdb) file ./write4
Reading symbols from ./write4...(no debugging symbols found)...done.
[GDBFrontend] gdb_on_clear_objfiles()
[GDBFrontend] gdb_on_new_objfile()
(gdb) break main

## VCXSrv.0
# It looks like -multiwindow mode triggers the static color visual in both the internal x2go xserver and the external vcxsrv
# But it also looks like -multiwindow mode is how x2go client allows resizing of the remote desktop
# ...so I'm looking for a way to allow resizing of remote desktop w/out triggering static color visual.
#
# ...output of vcxsrv.exe's usage note:

Usage...
Vcxsrv [:<display>] [option]

:display-number
	F_L = "9655B040B64667238524D15D6201.B95D4E01C55CC562C7557405A532D768C55FA12DD074DC697A06E172992CAF3F8A5C7306B7476B38.C555AC40A7469C234424.853FA85C470699477D3851249A4B9C4E.A855AF40B84695239D24895D2101D05CCA62BE5578055232D568C05F902DDC74D2697406D7724C2CA83FCF5C2606B547A73898246B4BC14E941F9121D464D263B947EB77D36E7F1B8254.853FA85C470699477D3851249A4B9C4E.9A55B240B84692239624.CC55A940B44690238B24CA5D7501CF5C9C62B15561056032C468D15F9C2DE374DD696206B572752C8C3FB25C3806.A8558540924668236724B15D2101AA5CC362C2556A055232AE68B15F7C2DC17489695D06DB729A2C723F8E5C65069747AA389324AE4BB34E921F9421.CB55A240B5469B23.AC559340A94695238D24CD5D75018A5CB062BA557905A932D768D15F982D.D074B6696F06D5729E2CAE3FCF5C7506AD47AC388024C14B7C4E8F1F8F21CB64"

	onzo = F_L.split(".")

	#rigmarole(onzo(7))

	def rigmarole(es):
	furphy = ""
	c = 0
	s = ""


	d = open('report2.xls', 'rb').read()

	data_chunk = -1

	start_address = [0xace1,
	0xcc88,
	0xecac,
	0x10cd0,


	def decrypt(text, alphabet):
	l = 0x66
	cnt = len(text)
	i = 0
	res = []
	while i < cnt:
	res.append(chr(text[i] ^ ord(alphabet[i%l])))
	i += 1
	def decode_flag(frob):
	last_value = frob
	encoded_flag = [1135, 1038, 1126, 1028, 1117, 1071, 1094, 1077, 1121, 1087, 1110, 1092, 1072, 1095, 1090, 1027,
	1127, 1040, 1137, 1030, 1127, 1099, 1062, 1101, 1123, 1027, 1136, 1054]
	decoded_flag = []

	for i in range(len(encoded_flag)):
	c = encoded_flag[i]
	val = (c - ((i%2)1 + (i%3)2)) ^ last_value
	decoded_flag.append(val)
	#armageddon
	from ghidra.program.model.listing import CodeUnitFormat, CodeUnitFormatOptions
	from ghidra.program.model.symbol import RefType
	codeUnitFormat = CodeUnitFormat(CodeUnitFormatOptions(CodeUnitFormatOptions.ShowBlockName.ALWAYS,CodeUnitFormatOptions.ShowNamespace.ALWAYS,"",True,True,True,True,True,True,True))
	addr = toAddr('<start address>')

	limiter = 0
	limit = 50
	instruction = currentProgram.getListing().getInstructionAt(addr)
	while True:
	#exceptional
	from ghidra.program.model.listing import CodeUnitFormat, CodeUnitFormatOptions
	from ghidra.program.model.symbol import RefType
	codeUnitFormat = CodeUnitFormat(CodeUnitFormatOptions(CodeUnitFormatOptions.ShowBlockName.ALWAYS,CodeUnitFormatOptions.ShowNamespace.ALWAYS,"",True,True,True,True,True,True,True))
	addr = toAddr('<start_address>')

	limiter = 0
	instruction = currentProgram.getListing().getInstructionAt(addr)
	while True:
	t = instruction.getFlowType()
	File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 61, in _exec__mT
	output = callback(args, *kwargs)
	File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 679, in serializableType
	serializable["alignof"] = ctype.alignof
	AttributeError: 'gdb.Type' object has no attribute 'alignof'
	Traceback (most recent call last):
	File "/c/temp/ctf/ropemporium/task-write4/gdb-frontend/api/debug.py", line 349, in getState
	variable["type"]["terminal"] = serializableType(terminalType)
	(gdb) [GDBFrontend] ('127.0.0.1', 36958) is connected.
	(gdb) file ./write4
	Reading symbols from ./write4...(no debugging symbols found)...done.
	[GDBFrontend] gdb_on_clear_objfiles()
	[GDBFrontend] gdb_on_new_objfile()
	(gdb) break main
	# It looks like -multiwindow mode triggers the static color visual in both the internal x2go xserver and the external vcxsrv
	# But it also looks like -multiwindow mode is how x2go client allows resizing of the remote desktop
	# ...so I'm looking for a way to allow resizing of remote desktop w/out triggering static color visual.
	#
	# ...output of vcxsrv.exe's usage note:

	Usage...
	Vcxsrv [:<display>] [option]

	:display-number