V4l1DaT3
Category: Crypto
150 points
Use the file to validate your flag. Submit the flag in the form wtfCTF{…}
Author: Pal
file: question.txt
question.txt
import java.util.Scanner;
public class Main{
public static void main(String []args){
System.out.println("Hello World");
validate flag = new validate();
System.out.println("Enter flag : ");
Scanner input = new Scanner("System.in");
String inputFlag = input.nextLine();
if(flag.valid(inputFlag)==1)
{
System.out.println("Correct!");
}
else
{
System.out.println("Incorrect");
}
}
}
class validate{
int valid(String str) {
char[] input = str.toCharArray();
int i, j, flag = 1;
String str1 = "CmpFny4T@1d";
if(input.length!=18) return 0;
char letters[] = str1.toCharArray();
for (i = 4; i < 18; i++) {
for (j = 0; j < letters.length; j++) {
flag = 1;
if (input[i] == letters[j]) {
flag = 0;
break;
}
}
if (flag == 1) {
break;
}
}
if (flag == 1) {
return 0;
}
if (input[0] != 'k') return 0;
if (input[1] != '3') return 0;
if (input[2] != '3') return 0;
if (input[3] != 'p') return 0;
if (input[4] != input[15]) return 0;
if (input[5] != input[8]) return 0;
if (input[6] != input[12]) return 0;
if ((input[7] - input[4]) != 42) return 0;
if ((input[7] + 1) != input[9]) return 0;
if ((input[9] % input[8]) != 46) return 0;
if ((input[11] - input[8] + input[2]) != 'c') return 0;
if ((input[14] - input[6]) != (input[17] + 2)) return 0;
if ((input[9] % input[5]) * 2 != (input[13] + 40)) return 0;
if ((input[4] % input[13]) != 15) return 0;
if ((input[14] % input[13]) != (input[12] - 32)) return 0;
if (((input[7] % input[6]) + 89) != input[10]) return 0;
if ((input[16] % input[15]) != 17) {
System.out.println((input[16] % input[15]));
return 0;
}
int x = 0;
int y = 132;
for (i = 4; i < 18; i++) {
x = x ^ input[i];
y = y + input[i];
}
if (x != 72) return 0;
if (y != 1250) return 0;
return 1;
}
}
Solution
I’ve implemented the given code in Python + added some tweaks to partially bruteforce the flag. The code is below.
from itertools import product
def validate(flag):
input = [ord(i) for i in flag]
if input[7] - input[4] != 42:
return False
if input[7] + 1 != input[9]:
return False
if input[9] % input[8] != 46:
return False
if chr(input[11] - input[8] + input[2]) != 'c':
return False
if (input[14] - input[6]) != (input[17] + 2):
return False
if (input[9] % input[5]) * 2 != (input[13] + 40):
return False
if (input[4] % input[13]) != 15:
return False
if (input[14] % input[13]) != (input[12] - 32):
return False
if ((input[7] % input[6]) + 89) != input[10]:
return False
if (input[16] % input[15]) != 17:
return False
x = 0
y = 132
for i in range(4, 18):
x = x ^ input[i]
y = y + input[i]
if x != 72:
return False
if y != 1250:
return False
return True
str1 = [i for i in "CmpFny4T@1d"]
for prop in product(str1, repeat=6):
flag = ['' for i in range(18)]
s = 0
for i, j in enumerate(prop):
while i + s in [5-4, 12-4, 15-4, 7-4, 9-4, 11-4, 17-4, 8-4]:
s += 1
flag[4+i+s] = j
try:
flag[0] = 'k'
flag[1] = '3'
flag[2] = '3'
flag[3] = 'p'
flag[15] = flag[4]
flag[12] = flag[6]
flag[7] = chr(ord(flag[4]) + 42)
flag[9] = chr(ord(flag[7]) + 1)
flag[8] = chr(ord(flag[9]) - 46)
flag[5] = flag[8]
flag[11] = chr(ord('c') + ord(flag[8]) - ord(flag[2]))
flag[17] = chr(ord(flag[14]) - ord(flag[6]) - 2)
except ValueError:
continue
if validate(flag):
print('wtfCTF{{{}}}'.format(''.join(flag)))
break
Output:
wtfCTF{k33pC@1m@ndp14yCTF}
Flag
wtfCTF{k33pC@1m@ndp14yCTF}