3 minutes
Writeup T0t13nt | Cyber Grabs CTF | Catégorie crypto | [Electro/EN]
T0t13nt | Cyber Grabs CTF 2022
Description
numbers numbers everywhere , why cant they leave me alone
Flag
cybergrabs{50m3_func710nS_n3v3r_c3A5e_t0_4m4z3_m3}
Detailled Solution## Challenge - t0t13nt - 29 Solves
Flag Format: cybergrabs{}
Author: Mritunjya
output_1.txt source_1.py
Here the content of the output_1.txt
[54751499983812600001595164999947606, 99964672809872376546137976728298625, 53109066146380481534971079770844564, 58137259942365444979479997549034855, 83599752542227961885740894770768516, 61659800043905527133538302215438384, 83599752542227961885740894770768516, 51499811650564080459894297372806965, 53109066146380481534971079770844564, 85819100646121058196943447618203070, 105003982813844976161353898313196914, 8400749730877624158255771399988559, 6240424741484609266392009977454864, 73075186383278314052649120872243371, 7485157899144949411682111055590430, 48379486424936974614387887472243260, 59881263192906899425738121667861480, 90374940243693329303922258576171375, 75104938249367345681206971604866080, 54751499983812600001595164999947606, 9388117281207654321254731172830840, 6638633268326718341544242944266781, 6240424741484609266392009977454864, 75104938249367345681206971604866080, 32264483340980969722020637386275054, 48379486424936974614387887472243260, 75104938249367345681206971604866080, 7485157899144949411682111055590430, 92712108866793232034695893485547544, 7485157899144949411682111055590430, 83599752542227961885740894770768516, 48379486424936974614387887472243260, 54751499983812600001595164999947606, 7485157899144949411682111055590430, 15496388930720047282261773301643045, 8400749730877624158255771399988559, 58137259942365444979479997549034855, 48379486424936974614387887472243260, 88077383691706059347171006086863620, 6240424741484609266392009977454864, 48379486424936974614387887472243260, 7934151132541799341665122998944580, 73075186383278314052649120872243371, 7934151132541799341665122998944580, 102463675364526450047988025312160540, 7485157899144949411682111055590430, 48379486424936974614387887472243260, 73075186383278314052649120872243371, 7485157899144949411682111055590430, 110209866655316842092627871164477875]
Here the content of source_1.py
from sympy import totient
from tqdm import *
flag = "REDACTED"
def functor(n):
val = 0
for j in tqdm(range(1,n+1)):
for i in range(1,j+1):
val += j//i * totient(i)
print(val,j//i,j,i,totient(i))
return val
lest = []
for i in flag:
print(i)
lest.append(functor(ord(i)*6969696969))
print(lest)
We solved the challenge in an unintended way, using a plaintext attack …
The following code is self-explaining !
import string
# Challenge's data
ct = [54751499983812600001595164999947606, 99964672809872376546137976728298625, 53109066146380481534971079770844564, 58137259942365444979479997549034855, 83599752542227961885740894770768516, 61659800043905527133538302215438384, 83599752542227961885740894770768516, 51499811650564080459894297372806965, 53109066146380481534971079770844564, 85819100646121058196943447618203070, 105003982813844976161353898313196914, 8400749730877624158255771399988559, 6240424741484609266392009977454864, 73075186383278314052649120872243371, 7485157899144949411682111055590430, 48379486424936974614387887472243260, 59881263192906899425738121667861480, 90374940243693329303922258576171375, 75104938249367345681206971604866080, 54751499983812600001595164999947606, 9388117281207654321254731172830840, 6638633268326718341544242944266781, 6240424741484609266392009977454864, 75104938249367345681206971604866080, 32264483340980969722020637386275054, 48379486424936974614387887472243260, 75104938249367345681206971604866080, 7485157899144949411682111055590430, 92712108866793232034695893485547544, 7485157899144949411682111055590430, 83599752542227961885740894770768516, 48379486424936974614387887472243260, 54751499983812600001595164999947606, 7485157899144949411682111055590430, 15496388930720047282261773301643045, 8400749730877624158255771399988559, 58137259942365444979479997549034855, 48379486424936974614387887472243260, 88077383691706059347171006086863620, 6240424741484609266392009977454864, 48379486424936974614387887472243260, 7934151132541799341665122998944580, 73075186383278314052649120872243371, 7934151132541799341665122998944580, 102463675364526450047988025312160540, 7485157899144949411682111055590430, 48379486424936974614387887472243260, 73075186383278314052649120872243371, 7485157899144949411682111055590430, 110209866655316842092627871164477875]
# Flag decoder function
def decoder(ct,guess):
for elt in ct:
_ = str(elt)
if _ in guess.keys():
print(guess[_],end="")
else:
print("-",end="")
print("\n")
# Flag guessing support function
def guesser(ct,guess):
pt =[]
pt.extend(ct)
pt.sort()
for elt in pt:
if str(elt) in guess.keys():
print(elt,guess[str(elt)])
else:
print(elt)
# Clean solve
print("\n[+] Intended solution, sum_1_n (n//k)*phi(k)= n(n+1)/2 and sum of tringular number, from discord")
for elt in ct:
for char in string.printable:
n = ord(char)*6969696969
res = n*(n+1)*(n+2)//6
if res == elt:
print(char,end="")
break
print("\n")
print("[+] Unintended solution, cryptogaphic solving with known plaintext attack...")
print("[+] Assuming the flag format is cybergrabs{some_l337_words}")
guess = {
"54751499983812600001595164999947606": "c",
"99964672809872376546137976728298625": "y",
"53109066146380481534971079770844564": "b",
"58137259942365444979479997549034855": "e",
"83599752542227961885740894770768516": "r",
"61659800043905527133538302215438384": "g",
"51499811650564080459894297372806965": "a",
"85819100646121058196943447618203070": "s",
"105003982813844976161353898313196914": "{",
"110209866655316842092627871164477875": "}"
}
decoder(ct,guess)
print("[+] After monitoring of functor(), functor() is an increasing function ...")
print("[+] Therefore ord('a') < ord('b') ==> functor(ord('a')) < functor(ord('b'))")
print()
steps = [
("59881263192906899425738121667861480","f","Bound by 'e' and 'g'"),
("102463675364526450047988025312160540","z","Bound by 'y' and '}'"),
("48379486424936974614387887472243260","_","Just below 'a', as per ascii table"),
("88077383691706059347171006086863620","t","Just after 's'"),
("90374940243693329303922258576171375","u","Just after 't'"),
("92712108866793232034695893485547544","v","Just after 'u'"),
("75104938249367345681206971604866080","n","because the flag show fu-c"),
("73075186383278314052649120872243371","m","Just below 'n'"),
("7485157899144949411682111055590430","3","1337 speaks for matching 'e'"),
("6240424741484609266392009977454864","0","133t speak for matching 'o' in 'to'"),
("6638633268326718341544242944266781","1","Just after '0'"),
("7934151132541799341665122998944580","4","Just after '3'"),
("8400749730877624158255771399988559","5","Just after '4'"),
("9388117281207654321254731172830840","7","Just after '5'"),
("15496388930720047282261773301643045","A","To make cease"),
("32264483340980969722020637386275054","S","to make functions")
]
for a,b,c in steps:
print("-"*32)
print("[+] Sorting ciphered element ...")
guesser(ct,guess)
print("[+] Guessed ", a , " is ", b , " because ", c )
guess[str(a)]=b
decoder(ct,guess)
input("Show next guess ...")
That’s all folks - Electro !