Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
43 lines (27 sloc) 2.03 KB

Harekaze 2019 "Twenty-five" (100)

Writeup by Eric Zhang

Description

With “ppencode”, you can write Perl code using only Perl reserved words.

Solution

Looking at http://namazu.org/~takesako/ppencode/demo.html, we realize that the flag is probably just obfuscated using the perl code, crypto.txt.

A quick look at twenty-five.pl, with modifications, reveals that it reads in a file, replaces all letters with *'s, and then evals it. Here's an example of a modification:

use open qw/:utf8/;

open(my $F, "<:utf8", 'crypto.txt') or die;
my $text;
while (my $l = <$F>)
{
  $l =~ s/[\r\n]+/ /g;
  $text .= $l;
}
close($F);

#$text =~ y/abcdefghijklmnopqrstuvwxy/*************************/;

print($text);
#eval($text);

From here, it seems like we need to find the key to a simple substitution (monoalphabetic replacement) cipher for crypto.txt and modify the *'s in the code to convert it to working Perl.

Using the reserved.txt word bank, we can quickly solve this cipher using letter combinations that seem unique. This is particularly effective in this case because of 1) our ability to effectively filter through words via a program and 2) because of the small size of the word bank. For example, we see that there is an ejadp ejady in crypto.txt. After filtering our word bank to only five-letter words, we find that the only such words with the first four letters matching are “untie” and “until”. This tells us that e is replaced by u, j is replaced by n, a is replaced by t, d is replaced by i, and p and y are either e or l.

By this method, filling in the letters we know, we find that the key is tbwiupohdnvrsyqlkmaxfjcge (there are no zs, so there are only 25 letters in the key.) We replace the *'s in twenty-five.pl with this key, run it with perl twenty-five.pl, and get our flag.

Flag: HarekazeCTF{en.wikipedia.org/wiki/Frequency_analysis}

You can’t perform that action at this time.