w3develops
diff --git a/‎2019/beginners/crypto-caulingo/README.md‎
Lines changed: 5 additions & 0 deletions b/‎2019/beginners/crypto-caulingo/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎2019/beginners/crypto-caulingo/attachments/project_dc.pdf‎
51.8 KB b/‎2019/beginners/crypto-caulingo/attachments/project_dc.pdf‎
51.8 KB
diff --git a/‎2019/beginners/crypto-caulingo/hint.md‎
Lines changed: 31 additions & 0 deletions b/‎2019/beginners/crypto-caulingo/hint.md‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎2019/beginners/crypto-caulingo/solution.md‎
Lines changed: 49 additions & 0 deletions b/‎2019/beginners/crypto-caulingo/solution.md‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎2019/beginners/crypto-caulingo/solution.py‎
Lines changed: 38 additions & 0 deletions b/‎2019/beginners/crypto-caulingo/solution.py‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎2019/beginners/misc-drive-to-the-target/README.md‎
Lines changed: 34 additions & 0 deletions b/‎2019/beginners/misc-drive-to-the-target/README.md‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎2019/beginners/misc-drive-to-the-target/app/app.yaml‎
Lines changed: 19 additions & 0 deletions b/‎2019/beginners/misc-drive-to-the-target/app/app.yaml‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎2019/beginners/misc-drive-to-the-target/app/main.py‎
Lines changed: 74 additions & 0 deletions b/‎2019/beginners/misc-drive-to-the-target/app/main.py‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎2019/beginners/misc-drive-to-the-target/app/static/style.css‎
Lines changed: 59 additions & 0 deletions b/‎2019/beginners/misc-drive-to-the-target/app/static/style.css‎
Lines changed: 59 additions & 0 deletions
diff --git a/‎2019/beginners/misc-drive-to-the-target/app/templates/ui.html‎
Lines changed: 34 additions & 0 deletions b/‎2019/beginners/misc-drive-to-the-target/app/templates/ui.html‎
Lines changed: 34 additions & 0 deletions
@@ -0,0 +1,5 @@
+# name: "Crypto Caulingo"
+
+description: "Well you've done it, you're now an admin of the Cookie World Order. The clandestine organisation that seeks to control the world through a series of artfully placed tasty treats, bringing folks back in to their idea of what a utopian society would look like. Strangely enough, the webcam data is being fed to understand the properties of the entities you had originally seen. They seem to be speaking back into the camera (an unadvertised microphone) but it's hard to understand what they want. You must- if nothing else ever was important in your life, you must make contact with these beautiful creatures! Also, what exactly is a \"cauliflower\"?"
+
+# flag: "CTF{017d72f0b513e89830bccf5a36306ad944085a47}"
@@ -0,0 +1,31 @@
+# Hints
+
+
+### Where to start
+
+* Bruteforce
+* Fermat's Factorization Method
+
+
+### Search return nothing
+
+* Check the precision of the result of your `sqrt`
+* Do not use python's own `sqrt`
+* Do not use python's `Decimal.sqrt()`
+* Try using `gmpy2` or `sagemath`
+
+### License
+
+Copyright 2019 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
@@ -0,0 +1,49 @@
+# Solution
+
+```text
+   a * p ≈ b * q
+-> a / b * p ≈ q
+-> a / b * p * q ≈ q * q
+-> a / b * N ≈ q^2
+-> q^2 ≈ N / b * a
+-> q ≈ sqrt(N / b * a)
+```
+
+If we know `a` and `b`, we know the estimate of `q`, then we can search around
+`q` (i.e. the range `[est_q - delta, est_q + delta]`) and find one that divides `N`.
+
+Since `a` and `b` are small, we could bruteforce all possible `(a, b)` pairs,
+then search around the corresponding estimate of `q`.
+
+Since `abs(a * p - b * q) < 10000`, we expect that the estimate of `q` won't be
+too far away from the actual `q`. We could start searching from `est_q ± 10`,
+then `est_q ± 100`, then `est_q ± 1000` and so on until we are able to find the
+answer. In this challenge, `est_q ± 10` would be enough.
+
+After we've found the `q` that divides `N`, we basically factorized `N`. We can
+then obtain `p = N / q`, `phi = (p - 1) * (q - 1)`, and the decryption key
+`d = invert(e, phi)`. Obtain the plaintext by `pow(c, d, n)`.
+
+Note that native python doesn't handle `sqrt` of huge numbers properly. So one
+should use libraries like `gmpy2` or `sagemath` to compute the square root. I
+guess python try to convert your integer to float before performaing square
+root, and the precision of the float is not enough for such huge numbers.
+
+See `solution.py` for a sample solution script.
+
+
+# License
+
+Copyright 2019 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
@@ -0,0 +1,38 @@
+#!/usr/bin/env python3
+
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from Crypto.Util.number import long_to_bytes, bytes_to_long
+from gmpy2 import mpz, isqrt, invert, powmod
+
+n = mpz(17450892350509567071590987572582143158927907441748820483575144211411640241849663641180283816984167447652133133054833591585389505754635416604577584488321462013117163124742030681698693455489404696371546386866372290759608301392572928615767980244699473803730080008332364994345680261823712464595329369719516212105135055607592676087287980208987076052877442747436020751549591608244950255761481664468992126299001817410516694015560044888704699389291971764957871922598761298482950811618390145762835363357354812871474680543182075024126064364949000115542650091904557502192704672930197172086048687333172564520657739528469975770627)
+e = 65537
+
+c = bytes_to_long(bytes.fromhex('50fb0b3f17315f7dfa25378fa0b06c8d955fad0493365669bbaa524688128ee9099ab713a3369a5844bdd99a5db98f333ef55159d3025630c869216889be03120e3a4bd6553d7111c089220086092bcffc5e42f1004f9888f25892a7ca007e8ac6de9463da46f71af4c8a8f806bee92bf79a8121a7a34c3d564ac7f11b224dc090d97fdb427c10867ad177ec35525b513e40bef3b2ba3e6c97cb31d4fe3a6231fdb15643b84a1ce704838d8b99e5b0737e1fd30a9cc51786dcac07dcb9c0161fc754cda5380fdf3147eb4fbe49bc9821a0bcad98d6df9fbdf63cf7d7a5e4f6cbea4b683dfa965d0bd51f792047e393ddd7b7d99931c3ed1d033cebc91968d43f'))
+
+def solve_pq(n):
+    for a in range(1, 1001):
+        for b in range(a, 1001):
+            est_q = isqrt(n // b * a)
+            for q in range(est_q - 100, est_q + 100):
+                if n % q == 0:
+                    return n // q, q
+
+p, q = solve_pq(n)
+phi = (p - 1) * (q - 1)
+d = invert(e, phi)
+
+msg = long_to_bytes(powmod(c, d, n))
+print(msg.decode('utf-8'))
@@ -0,0 +1,34 @@
+# Google CTF 2019 Beginner's quest - Drive to the target
+
+## Installation
+
+```
+$ pip install -r requirements.txt
+```
+
+## Intended solution
+
+The goal is to drive from the starting point to the final point, by inputting
+coordinates. See the exploit.py script for a possible implementation.
+
+## Hints
+
+- What is the point of the challenge?
+- How can you maximize your speed?
+- How can you know where you're supposed to go?
+
+## License 
+
+Copyright 2019 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
@@ -0,0 +1,19 @@
+#
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+service: drivetothetarget-19a22ab12qofd
+runtime: python37
+
@@ -0,0 +1,74 @@
+#!/usr/bin/env python3
+#
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.import requests
+#
+
+from datetime import datetime, timedelta
+from cryptography.fernet import Fernet
+from geopy.distance import geodesic
+from flask import Flask, render_template, request
+
+app = Flask(__name__)
+
+STARTING_POINT = (51.6498, 0.0982)
+DESTINATION_POINT = (51.4921, -0.1929)
+MAX_STEP_DISTANCE = 300  # no more than 300 meters per step
+MAX_SPEED_KMPH = 50 # 50 km/h. It will take under an hour to drive from start to destination.
+FINISH_RADIUS = 10 # If the point is within 10m from DESTINATION_POINT then FLAG is shown
+FLAG = ' CTF{Who_is_Tardis_Ormandy}'
+
+f = Fernet(b'l4ydYP_3aH8n7uQR2EIHgt-jfhhL7U6-yurXBeE89Do=')
+
+def parse_state(state):
+    lat, lon, time = tuple(map(float, state.split(',')))
+    return (lat, lon), datetime.fromtimestamp(time)
+
+@app.route('/')
+def process():
+    try:
+        time = datetime.now()
+        if 'token' not in request.args:
+            token = f.encrypt(('%f,%f,%f' % (STARTING_POINT[0], STARTING_POINT[1],time.timestamp())).encode()).decode()
+            return render_template('ui.html', lat=STARTING_POINT[0], lon=STARTING_POINT[1], token=token)
+
+        old_token = request.args.get('token')
+        pos = float(request.args.get('lat')), float(request.args.get('lon'))
+
+        old_pos, old_time = parse_state(f.decrypt(old_token.encode()).decode())
+        distance = geodesic(old_pos, pos)
+        hours = (time - old_time) / timedelta(hours=1)
+        speed_kmph = distance.kilometers / hours if hours > 0 else 10 * MAX_SPEED_KMPH # if time == old_time, e.g. hours == 0, then we say that player has moved infinitely fast, e.g. 10 max speeds.
+        next_pos, next_token = old_pos, old_token
+
+        msg = ''
+        if old_pos == pos:
+            msg = 'If you want to meet your friends, you should move.'
+        elif speed_kmph > MAX_SPEED_KMPH:
+            msg = 'Woa, were about to move at %dkm/h, this is too fast!' % speed_kmph
+        elif distance.meters > MAX_STEP_DISTANCE:
+            msg = 'You tried to travel %dm, which too far at once from your current position.' % distance.meters
+        else:
+            if geodesic(pos, DESTINATION_POINT).meters < FINISH_RADIUS:
+                msg = 'Congratulations, you made it, here is the flag: %s' % FLAG
+            elif geodesic(pos, DESTINATION_POINT) < geodesic(old_pos, DESTINATION_POINT):
+                msg = 'You went %dm at a speed of %dkm/h. You are getting closer…' % (distance.meters, speed_kmph)
+            else:
+                msg = 'You went %dm at a speed of %dkm/h. You are getting away…' % (distance.meters, speed_kmph)
+            next_token = f.encrypt(('%f,%f,%f' % (pos[0], pos[1],time.timestamp())).encode()).decode()
+            next_pos = pos
+        return render_template('ui.html', lat=next_pos[0], lon=next_pos[1], token=next_token, message=msg)
+    except Exception as e:
+        print(e)
+        return 'Please use roads.'
@@ -0,0 +1,59 @@
+/*
+Copyright 2019 Google LLC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.import requests
+*/
+
+body {
+  line-height: 1.6;
+  color: #4a4a4a;
+  background: #f9f9f9;
+  max-width: 40rem;
+  padding: 2rem;
+  margin: auto;
+  font-family: Verdana, Geneva, sans-serif;
+}
+img {
+  max-width: 100%;
+}
+a {
+  color: #2ECC40;
+}
+
+.grey {
+  padding: 1em;
+  background-color: #f1f1f1;
+}
+
+textarea, select, input[type] {
+    color: #4a4a4a;
+    padding: 6px 10px;
+    margin-bottom: 10px;
+    background-color: #f1f1f1;
+    border: 1px solid #f1f1f1;
+    border-radius: 4px;
+    box-shadow: none;
+    box-sizing: border-box;
+}
+
+fieldset {
+    border: 1px solid #c0c0c0;
+    margin: 0 2px;
+    padding: 0.35em 0.625em 0.75em;
+}
+
+label, legend, fieldset {
+    display: block;
+    margin-bottom: .5rem;
+    font-weight: 600;
+}
@@ -0,0 +1,34 @@
+<!--
+Copyright 2019 Google LLC
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    https://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+<!doctype html>
+<html>
+  <head>
+    <link href="{{ url_for('static', filename='style.css') }}" type="text/css" rel="stylesheet"/>
+    <title>Driving to the target</title>
+  </head>
+  <h1>Driving to the target</h1>
+   <body>
+     <p>Hurry up, don't be late for you rendez-vous!
+      <form method="get" action="/">
+        <fieldset>
+        <legend>Pick your direction</legend>
+         <input type="number" name="lat" value="{{ lat }}" min="-90" max="90" step="0.0001">
+         <input type="number" name="lon" value="{{ lon }}" min="-180" max="180" step="0.0001">
+         <input style="display: none" name="token" value="{{ token }}">
+         <button type="submit">go</button>
+        </fieldset>
+      </form>
+      <p>{{ message }}</p>
+   </body>
+</html>