Лаборатория ASIS CTF Quals 2016 - firtog [109]

, 09 May 2016

Obscurity is definitely not security.

A pcap file is given.

After quick review of file I've noticed that git packfile protocol is used. This protocol uses zlib to compress file.
So to find all possible compressed data chunks, I've used the next code:

with open('firtog.pcap', 'rb') as f:
	data = f.read()
	while True:
		pos = data.find('\x78')
		if pos < 0:
			print data[pos:].decode("zlib")
		data = data[pos + 2:]

PS. Actually the correct way is to use git unpack-objects command here.
Among the uncompressed pieces the flag generation code in Python was found:

# Simple but secure flag generator for ASIS CTF

from os import urandom
from hashlib import md5

l = 128
rd = urandom(l)
h = md5(rd).hexdigest()
flag = 'ASIS{' + h + '}'
f = open('flag.txt', 'r').read()
flag = ''
for c in f:
	flag += hex(pow(ord(c), 65537, 143))[2:]
print flag

Also the content of encrypted "flag.txt" file was found:

So to restore the original flag I've used the next Python script:

enc_flag = '41608a606a63201245f1020d205f1612147463d85d125c1416635c854c74d172010105c14f8555d125c3c'
flag = ''
for c in enc_flag:
	for a in 'ASIS{}0123456789abcdef':
		v = hex(pow(ord(a), 65537, 143))[2:]
		if enc_flag.startswith(v):
			flag += a
			enc_flag = enc_flag[len(v):]
print flag

The flag is: 

PS. This task is a little bit similar to the teaser task Bona Fortuna from Google CTF 2016.