Entrada

crackme-py

Publicado Actualizado
PicoCTF
PicoCTF
Por Pablo Martínez Rivas
1 min de lectura

crackme-py Author: syreal Description crackme.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

# Hiding this really important number in an obscure piece of code is brilliant!
# AND it's encrypted!
# We want our biggest client to know his information is safe with us.
bezos_cc_secret = "A:4@r%uL`M-^M0c0AbcM-MFE0d_a3hgc3N"

# Reference alphabet
alphabet = "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ"+ \
            "[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"

def decode_secret(secret):
    """ROT47 decode

    NOTE: encode and decode are the same operation in the ROT cipher family.
    """

    # Encryption key
    rotate_const = 47

    # Storage for decoded secret
    decoded = ""

    # decode loop
    for c in secret:
        index = alphabet.find(c)
        original_index = (index + rotate_const) % len(alphabet)
        decoded = decoded + alphabet[original_index]

    print(decoded)

def choose_greatest():
    """Echo the largest of the two numbers given by the user to the program

    Warning: this function was written quickly and needs proper error handling
    """

    user_value_1 = input("What's your first number? ")
    user_value_2 = input("What's your second number? ")
    greatest_value = user_value_1 # need a value to return if 1 & 2 are equal

    if user_value_1 > user_value_2:
        greatest_value = user_value_1
    elif user_value_1 < user_value_2:
        greatest_value = user_value_2

    print( "The number with largest positive magnitude is "
        + str(greatest_value) )

choose_greatest()

Si nos fijamos en el código hay dos cosas que me llamaron la atención, la primera es el codigo secreto de bezos y que en ningun momento se llama a la función decode_secret

1
2

bezos_cc_secret = "A:4@r%uL`M-^M0c0AbcM-MFE0d_a3hgc3N"
def decode_secret(secret):

simplemente edito el fichero e llamo a función decode_secret, pasándole la variable bezos_cc_secret justo antes de la llamada a choose_greatest

1
2

decode_secret(bezos_cc_secret)
choose_greatest()

Ahora lo lanzo y miro que ocurre

1
2
3

pablo☠office crackme-py$ python crackme.py
picoCTF{1|\/|_4_p34|\|ut_502b984b}
What's your first number?
flag: picoCTF{1\/_4_p34|ut_502b984b}

(bueno la que sale en la shell, porque el encoding no permite usar algunos carácteres que vienen en esta flag)

writeup, picoctf
picoctf crackme-py ingenieria reversa hashcat
Esta entrada está licenciada bajo CC BY 4.0 por el autor.