The weekend of 02-03 july 2016\u00a0is the WARGAME of the\u00a0Nuit du Hack 2016<\/a><\/strong>\u00a0as a Jeopardy CTF<\/strong>. Having had the opportunity and the time to participate with some colleagues and friends, here\u2019s a write-up resolution of the challenges which we could participate.<\/p>\n tl;dr : Download and decompile home.pyc file, then extract timestamp of “secret” file (seed) to uncipher<\/strong><\/strong><\/p>\n This challenge was in the form of a web interface, allowing:<\/p>\n It is a pure and simple encryption service on line.<\/p>\n Watching the contents of the “flag.zip”<\/p>\n Could it be so simple? See the contents of these files:<\/p>\n secret\/secret :<\/p>\n secret\/key :<\/p>\n Decode the key:<\/p>\n Ok, well we had a “secret” but the key is still unknown …<\/p>\n Page performing the encryption \/ decryption processing is called “home.py”. Sounds like Python. Try to recover the compiled version (home.pyc<\/strong>) script: bingo! It was the compiled version.<\/p>\n With the compiled version (*.pyc) script, it is necessary to recover the original Python source code. For that different solutions exist as “uncompyle2<\/strong>“, “decompyle ++<\/strong>“, etc. In our case we opted for a solution on Windows “Easy Python Decompiler<\/a><\/strong>” (which ultimately uses either of the previous binary).<\/p>\n Launch tool, drag’n’drop the * .pyc file and a “home.pyc_dis<\/strong>” file with the Python code is automatically generated.<\/p>\n <\/p>\n decompyle<\/p><\/div>\n Python source code:<\/p>\n Note that a key is set in the object class “AESCipher”<\/p>\n In addition, the method of “encryption” (which produces the “secret.zip” output), initializes its encryption process via the current timestamp:<\/p>\n We also have access to the complete deciphering function:<\/p>\n The idea is based on the content of “flag.zip” including its “secret” to be decrypted. The “seed” that was served at the time to encrypt this message containing the flag, can be deducted from the “last modified date of the secret file<\/strong>” (command “stat” in Linux):<\/p>\n timestamp<\/p><\/div>\n “secret” was last modified the\u00a0June 30, 2016 at 17h 17 min 52s<\/strong>. We need to convert this date to a\u00a0timestamp and arbitrarily initialize the “seed” of the decryption function with this value:<\/p>\n For the final resolution, we need to create a new Python script “flag.py” inspired from the\u00a0decryption function, with\u00a0our “seed timestamp”:<\/p>\n Run :<\/p>\n Flag :\u00a0ndh_crypt0sh1tn3v3rch4ng3<\/strong><\/p>\n Thank you to all the team of the NDH2K16 for this event and for the whole organization!<\/p>\n Greeting to\u00a0nj8<\/a>, St0rn<\/a>, Emiya<\/a>, Mido, downgrade,\u00a0Ryuk@n and\u00a0rikelm, ?\u00a0\/\/ Gr3etZ<\/p>\n Sources & resources :<\/strong><\/p>\n\n
\n
root@kali 12:22 [~\/ndh2k16\/SuperCipher] # unzip flag.zip\r\nArchive: flag.zip\r\n creating: secret\/\r\n inflating: secret\/key\r\n extracting: secret\/secret<\/pre>\n
\/8bAieboX5pFq1sI6js92nrI6huZoxLZ5A==<\/pre>\n
QUhBSEFILVRISVMtSVMtTk9ULVRIRS1LRVk=<\/pre>\n
root@kali 12:24 [~\/ndh2k16\/SuperCipher] # cat secret\/key | base64 -d\r\nAHAHAH-THIS-IS-NOT-THE-KEY<\/pre>\n
![\"decompyle\"](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/decompyle-300x252.png\")
<\/a># Embedded file name: home.py\r\nfrom bottle import route, run, template, request, static_file\r\nimport time\r\nimport random\r\nimport base64\r\nimport zipfile\r\nfrom StringIO import StringIO\r\nimport os, sys\r\nfrom Crypto.Cipher import AES\r\nfrom Crypto import Random\r\n\r\nclass AESCipher:\r\n\r\ndef __init__(self):\r\n self.key = 'FOOBARBAZU123456'\r\n self.pad = lambda s: s + (16 - len(s) % 16) * chr(16 - len(s) % 16)\r\n self.unpad = lambda s: s[:-ord(s[len(s) - 1:])]\r\n\r\ndef encrypt(self, raw):\r\n raw = str(raw)\r\n raw = self.pad(raw)\r\n iv = Random.new().read(AES.block_size)\r\n cipher = AES.new(self.key, AES.MODE_CBC, iv)\r\n return base64.b64encode(iv + cipher.encrypt(raw))\r\n\r\ndef decrypt(self, enc):\r\n enc = base64.b64decode(enc)\r\n iv = enc[:16]\r\n cipher = AES.new(self.key, AES.MODE_CBC, iv)\r\n return self.unpad(cipher.decrypt(enc[16:]))\r\n\r\n\r\n@route('\/')\r\n@route('\/home.py')\r\ndef hello():\r\n return '\\n<h1>SuperCipher<\/h1>\\n<h2>Chiffrer :<\/h2>\\n<form action=\"\/home.py\/secret.zip\" method=\"post\" enctype=\"multipart\/form-data\">\\n Select a file: <input type=\"file\" name=\"upload\" \/>\\n <input type=\"submit\" value=\"cipher\" \/>\\n<\/form>\\n<br \/>\\n<h2>Dechiffrer<\/h2>\\n<form action=\"\/home.py\/uncipher\" method=\"post\" enctype=\"multipart\/form-data\">\\n Password: <input type=\"password\" name=\"key\" \/>\\n Select a file: <input type=\"file\" name=\"upload\" \/>\\n <input type=\"submit\" value=\"uncipher\" \/>\\n<\/form>\\n'\r\n\r\n\r\n@route('\/home.py\/secret.zip', method='POST')\r\ndef cipher():\r\n seed = int(time.time())\r\n random.seed(seed)\r\n upload = request.files.get('upload')\r\n upload_content = upload.file.read()\r\n content_size = len(upload_content)\r\n mask = ''.join([ chr(random.randint(1, 255)) for _ in xrange(content_size) ])\r\n cipher = ''.join((chr(ord(a) ^ ord(b)) for a, b in zip(mask, upload_content)))\r\n b64_cipher = base64.b64encode(cipher)\r\n aes = AESCipher()\r\n key = aes.encrypt(seed)\r\n secret = StringIO()\r\n zf = zipfile.ZipFile(secret, mode='w')\r\n zf.writestr('secret', b64_cipher)\r\n zf.writestr('key', key)\r\n zf.close()\r\n secret.seek(0)\r\n return secret\r\n\r\n\r\n@route('\/home.py\/uncipher', method='POST')\r\ndef cipher():\r\n key = request.forms.get('key')\r\n upload = request.files.get('upload')\r\n try:\r\n aes = AESCipher()\r\n key = aes.decrypt(key)\r\n random.seed(int(key))\r\n upload_content = base64.b64decode(upload.file.read())\r\n content_size = len(upload_content)\r\n mask = ''.join([ chr(random.randint(1, 255)) for _ in xrange(content_size) ])\r\n plain = ''.join((chr(ord(a) ^ ord(b)) for a, b in zip(mask, upload_content)))\r\n return plain\r\n except:\r\n return 'Uncipher error.'\r\n\r\n\r\n@route('\/<filename:path>')\r\ndef download(filename):\r\n return static_file(filename, root=os.path.join(os.path.dirname(sys.argv[0])), download=filename)\r\n\r\n\r\nrun(host='0.0.0.0', port=8080)<\/pre>\nself.key = 'FOOBARBAZU123456'<\/pre>\n
@route('\/home.py\/secret.zip', method='POST')\r\ndef cipher():\r\n seed = int(time.time())\r\n random.seed(seed)<\/pre>\n@route('\/home.py\/uncipher', method='POST')\r\ndef cipher():\r\n key = request.forms.get('key')\r\n upload = request.files.get('upload')\r\n try:\r\n aes = AESCipher()\r\n key = aes.decrypt(key)\r\n random.seed(int(key))\r\n upload_content = base64.b64decode(upload.file.read())\r\n content_size = len(upload_content)\r\n mask = ''.join([ chr(random.randint(1, 255)) for _ in xrange(content_size) ])\r\n plain = ''.join((chr(ord(a) ^ ord(b)) for a, b in zip(mask, upload_content)))\r\n return plain\r\n except:\r\n return 'Uncipher error.'<\/pre>\n![\"timestamp\"](\"https:\/\/www.asafety.fr\/wp-content\/uploads\/timestamp-283x300.png\")
<\/a>t = datetime.datetime(2016, 06, 30, 17, 17, second=52)\r\nseed = int(time.mktime(t.timetuple()))\r\n#seed = 1467299872<\/pre>\n
import random\r\nimport base64\r\nimport time\r\nimport datetime\r\nfrom Crypto.Cipher import AES\r\nfrom Crypto import Random\r\n\r\nclass AESCipher:\r\n\r\ndef __init__(self):\r\n self.key = 'FOOBARBAZU123456'\r\n self.pad = lambda s: s + (16 - len(s) % 16) * chr(16 - len(s) % 16)\r\n self.unpad = lambda s: s[:-ord(s[len(s) - 1:])]\r\n\r\ndef encrypt(self, raw):\r\n raw = str(raw)\r\n raw = self.pad(raw)\r\n iv = Random.new().read(AES.block_size)\r\n cipher = AES.new(self.key, AES.MODE_CBC, iv)\r\n return base64.b64encode(iv + cipher.encrypt(raw))\r\n\r\ndef decrypt(self, enc):\r\n enc = base64.b64decode(enc)\r\n iv = enc[:16]\r\n cipher = AES.new(self.key, AES.MODE_CBC, iv)\r\n return self.unpad(cipher.decrypt(enc[16:]))\r\n\r\nt = datetime.datetime(2016, 06, 30, 17, 17, second=52)\r\nseed = int(time.mktime(t.timetuple()))\r\n#seed = 1467299872\r\naes = AESCipher()\r\nkey = aes.encrypt(seed)\r\n\r\naes = AESCipher()\r\nkey = aes.decrypt(key)\r\nrandom.seed(int(key))\r\nupload_content = base64.b64decode(\"\/8bAieboX5pFq1sI6js92nrI6huZoxLZ5A==\")\r\ncontent_size = len(upload_content)\r\nmask = ''.join([chr(random.randint(1,255)) for _ in xrange(content_size)])\r\nplain = ''.join(chr(ord(a)^ord(b)) for a,b in zip(mask, upload_content))\r\nprint \"Flag : \" + plain<\/pre>\n
root@kali 12:16 [~\/ndh2k16] # python flag.py\r\nFlag : ndh_crypt0sh1tn3v3rch4ng3<\/pre>\n