Escape from QR devil!
nc qr-generator.ctf.defenit.kr 9000
Straightforward task. Let me read QRCode with varying size 100 times.
Iterate below steps 100 times.
- Parse input and save QRCode as png using PIL.
- Use zxing python module for read QRCode data.
- Send result to server.
for _ in range(100):
p.recvuntil('< QR >\n')
mat = []
firstrow = list(map(int, p.recvline(keepends=False).split()))
mat.append(firstrow)
height = width = len(firstrow)
for _ in range(width - 1):
row = list(map(int, p.recvline(keepends=False).split()))
mat.append(row)
assert len(mat) == height
p.recvuntil('>> ')
pwn.log.info(f'width: {width}')
scale = 20
margin = 20
out = Image.new('1', (width * scale + margin * 2, height * scale + margin * 2))
outpx = out.load()
for indX, indY in product(range(width * scale + margin * 2), repeat=2):
pos = indX, indY
outpx[pos] = 1
for indX, indY in product(range(width * scale), repeat=2):
pos = indX + margin, indY + margin
outpx[pos] = mat[indY // scale][indX // scale] == 0
# Save QR
out.save('out.png')
# Read QR
rs = decoder.decode('out.png')
# Send result
p.sendline(rs.raw)Get flag:
Defenit{QQu!_3sC4p3_FR0m_D3v1l!_n1c3_C0gN1z3!}
Exploit code: solve.py