Лаборатория ASIS CTF Quals 2016 - firtog [109]

delimitry
, 09 May 2016

Obscurity is definitely not security.

A pcap file is given.

After quick review of file I've noticed that git packfile protocol is used. This protocol uses zlib to compress file.
So to find all possible compressed data chunks, I've used the next code:

with open('firtog.pcap', 'rb') as f:
	data = f.read()
	while True:
		pos = data.find('\x78')
		if pos < 0:
			break
		try:
			print data[pos:].decode("zlib")
		except:
			pass
		data = data[pos + 2:]

PS. Actually the correct way is to use git unpack-objects command here.
Among the uncompressed pieces the flag generation code in Python was found:

#!/usr/bin/python
# Simple but secure flag generator for ASIS CTF

from os import urandom
from hashlib import md5

l = 128
rd = urandom(l)
h = md5(rd).hexdigest()
flag = 'ASIS{' + h + '}'
f = open('flag.txt', 'r').read()
flag = ''
for c in f:
	flag += hex(pow(ord(c), 65537, 143))[2:]
print flag

Also the content of encrypted "flag.txt" file was found:
41608a606a63201245f1020d205f1612147463d85d125c1416635c854c74d172010105c14f8555d125c3c 

So to restore the original flag I've used the next Python script:

enc_flag = '41608a606a63201245f1020d205f1612147463d85d125c1416635c854c74d172010105c14f8555d125c3c'
flag = ''
for c in enc_flag:
	for a in 'ASIS{}0123456789abcdef':
		v = hex(pow(ord(a), 65537, 143))[2:]
		if enc_flag.startswith(v):
			flag += a
			enc_flag = enc_flag[len(v):]
			break
print flag

The flag is: 
ASIS{c691a0646e79f3c4d495f7c5db3486005fad2495} 

PS. This task is a little bit similar to the teaser task Bona Fortuna from Google CTF 2016.