BBomb - Phase 4
Category: Binary Bomb
150 points
This is the phase you have been waiting for… one may say it’s the golden stage!
Let’s switch things up! Numerical inputs map to line numbers in rockyou.txt, and each word is separated by a ’’ (if the phase’s solution is 4 5, the flag would be DawgCTF{passwordiloveyou})
rockyou.txt: https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
Author: treap_treap
Solution
Fourth phase of Binary Bomb
challenge chain which started with
BBomb - Phase 1.
As it was in BBomb - Phase 3 we’ve been given some logic with helper functions.
Once again I’ve decided to rewrite the logic and bruteforce. During implementation I’ve realized that func4
is actually a Fibonacci Series. With that knowledge I was able to optimize the program and get flag really fast
in reasonable time.
import concurrent.futures
encoded_flag = [1, 0x7b, 0x3b18, 0x1c640d]
decoded_flag = [0 for i in range(4)]
flag = ''
answers = {}
def func4(n):
if n < 1:
return 0
elif n == 1:
return 1
else:
if n not in answers:
n1 = func4(n - 1)
n2 = func4(n - 2)
answers[n] = n1 + n2
return answers[n]
f = open('rockyou.txt', 'rb')
rockyou_len = len(f.readlines())
f.close()
factor = func4(10)
def check(i):
for j in range(4):
if func4(i) == encoded_flag[j] * factor:
return i, j
return 0, 0
with concurrent.futures.ThreadPoolExecutor(max_workers=8) as executor:
offset_start = 0
for offset_end in range(0, rockyou_len + 1, 1000):
jobs = []
for i in range(offset_start, offset_end):
jobs.append(executor.submit(check, i))
offset_start = offset_end
print('Submitted 1000 new jobs, processing...')
for r in concurrent.futures.as_completed(jobs):
i, j = r.result()
if i != 0:
decoded_flag[j] = i
print('Found i = {}, j = {}'.format(i, j))
if 0 not in decoded_flag:
break
if 0 not in decoded_flag:
break
print('Answer: {}'.format(decoded_flag))
executor.shutdown(wait=False)
f = open('rockyou.txt', 'rb')
passwords = f.readlines()
f.close()
for i in decoded_flag:
flag = flag + passwords[int(i) - 1][:-1].decode('utf-8') + '_'
print('Flag: DawgCTF{{{}}}'.format(flag[:-1]))
Output:
Submitted 1000 new jobs, processing...
Submitted 1000 new jobs, processing...
Found i = 40, j = 3
Found i = 20, j = 1
Found i = 30, j = 2
Found i = 10, j = 0
Answer: [10, 20, 30, 40]
Flag: DawgCTF{abc123_qwerty_anthony_123123}
Flag
DawgCTF{abc123_qwerty_anthony_123123}