-
Notifications
You must be signed in to change notification settings - Fork 0
/
crusoe-solve.py
executable file
·92 lines (75 loc) · 2.43 KB
/
crusoe-solve.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
#!/usr/bin/python3
#
# (c) 2020 team exitzero (goapsych0@exitzero.de)
#
# asis-ctf-2020 crusoe
#
from pwn import *
import string
import subprocess
flagfile = 'flag.crusoe'
printable_chars = string.digits + string.ascii_lowercase #string.printable
lookup = {}
# create a lookup table (dict) matching chars [0-9a-z] to "signs" generated by the crusoe binary
# each sign seems to have kind of 'new line' appened, digits additionally have kind of prefix "signs"
print("generate lookup table")
for c in printable_chars:
x = subprocess.check_output(['echo '+ c +'|./crusoe'], shell=True)
#print(c + ":")
#print(x.decode('ascii'))
lines = x.decode('ascii').split('\n')
for l in lines[:-2]:
if c in lookup:
lookup[c]
else:
lookup[c] = ""
s = len(l)
if s == 9:
lookup[c] += l
if s == 18:
lookup[c] += l[:-8]
if s == 27:
lookup[c] += l[:-16]
subrow = 0
row = 0
flag_0_0 = ""
flag = {}
# generate a flag list of lists (think 8x8 matrix), for each of the 8 rwos/cols store that "sign"
# flag[row][col] = signN with row[0..7], and col[0..7]
with open(flagfile) as f:
flaglines = f.readlines()
print("read in the flag file:")
for line in flaglines:
if line == '\n':
#print('skipping empty line')
continue
# columns per line:
#print(line[0:8], line[9:17], line[18:26], line[27:35], line[36:44], line[45:53], line[54:62], line[63:71])
# 0 1*8+1 2*8+2 ...
if row == len(flag):
flag[row] = {}
for col in range(8): # per each column (we have eight cols in the flag)
if col == len(flag[row]):
flag[row][col] = ""
i = col * 8 + col
# we need to store flag[row][col] += a[col]
flag[row][col] += line[i:i+8]
# 4 (sub)rows per one sign
subrow += 1
subrow %= 4
if 0 == subrow:
row += 1
# finally iterate over the flag and try to match our generated lookup table
print("try matching the flag")
sendme = ""
for row in range(len(flag)):
for col in range(len(flag[row])):
for c, s in lookup.items():
# ignore all spaces when doing the compare
if s.replace(" ", "") in flag[row][col].replace(" ", ""):
sendme += c
break # v,x c,q 0,5,7,9,b,s f,h g,i these are duplicates
print(sendme)
conn = remote('66.172.10.203', 9999)
conn.sendline(sendme)
conn.interactive()