<\/p>\n
Write-up of the challenge \u201cCrypto\u00a0\u2013 OMG So Encrypted !\u201d of Nuit du\u00a0Hack 2016\u00a0Wargame<\/strong><\/p>\n The weekend of 02-03 july 2016\u00a0is the WARGAME of the\u00a0Nuit du Hack 2016<\/a><\/strong>\u00a0as a Jeopardy CTF<\/strong>. Having had the opportunity and the time to participate with some colleagues and friends, here\u2019s a write-up resolution of the challenges which we could participate.<\/p>\n tl;dr :\u00a0ROT13 decode\u00a0then semantic analysis<\/strong><\/p>\n We\u00a0retrieve the content of the text file:<\/p>\n The “slip” from the definition of the challenge, replacing “encoded” with “encrypted” directs us to a potentially weak algorithm, obsolete or historical. The Caesar Cipher (rot13) is doing well in this case.<\/p>\n Try to decode it with\u00a0ROT13 online<\/a> :<\/p>\n An intelligible text! Which details how the flag is formed. Only by analyzing the “meaning” of the message, sentences\u00a0indicating the position of each character in the\u00a0flag are randomly distributed.<\/p>\n Either we are moving towards a manual decoding (where errors can creep), or we made a small script that does the work for us:<\/p>\n Run it\u00a0:<\/p>\n Flag :\u00a0ndh2k16_18049562af5a1cb04ec1cfcb50fe096d<\/strong><\/p>\n Thank you to all the team of the NDH2K16 for this event and for the whole organization!<\/p>\n Greeting to\u00a0nj8<\/a>, St0rn<\/a>, Emiya<\/a>, Mido, downgrade,\u00a0Ryuk@n and\u00a0rikelm, ?\u00a0\/\/ Gr3etZ<\/p>\n Sources & resources :<\/strong><\/p>\n\n
Guvf grkg vf urer gb fvzhyngr n frzragvp nanylfvf. Vg zrnaf gung jura lbh trg n\r\npbecbengr qbphzrag, lbh hfhnyyl unir gb ernq vg naq nanylfr vg orsber lbh trg\r\ngur hfrshy vasbezngvba. Gur synt fgnegf jvgu 'aqu2x16_'. Nsgre gung, gurer vf\r\ngur unfu. irel svefg yrggre bs gur unfu frrzf gb or 1. friragrragu yrggre bs\r\ngur unfu nccrnef gb or 4. ryriragu yrggre bs gur unfu nccrnef gb or 5. gjragl-\r\nfrpbaq yrggre bs gur unfu jvyy unir gur inyhr bs s. fvkgrragu yrggre bs gur\r\nunfu vf 0. gjragl-guveq yrggre bs gur unfu fubhyq or p. guveq yrggre bs gur\r\nunfu frrzf gb or 0. fvkgu yrggre bs gur unfu frrzf gb or 5. gjragl-fvkgu yrggre\r\nbs gur unfu jvyy unir gur inyhr bs 0. rvtugu yrggre bs gur unfu jnf frg gb 2.\r\nguvegrragu yrggre bs gur unfu jnf frg gb 1. svsgrragu yrggre bs gur unfu fubhyq\r\nor o. gragu yrggre bs gur unfu frrzf gb or s. gjragl-friragu yrggre bs gur unfu\r\njnf frg gb s. svsgu yrggre bs gur unfu jnf frg gb 9. gjrysgu yrggre bs gur unfu\r\nnccrnef gb or n. guvegl-frpbaq yrggre bs gur unfu fubhyq or q. gjragl-avagu\r\nyrggre bs gur unfu frrzf gb or 0. gjragl-svefg yrggre bs gur unfu jnf frg gb p.\r\navargrragu yrggre bs gur unfu frrzf gb or p. gjragl-rvtugu yrggre bs gur unfu\r\nfrrzf gb or r. sbhegu yrggre bs gur unfu jnf frg gb 4. avagu yrggre bs gur unfu\r\nvf n. gjragvrgu yrggre bs gur unfu jvyy unir gur inyhr bs 1. guvegl-svefg\r\nyrggre bs gur unfu fubhyq or 6. rvtugrragu yrggre bs gur unfu jvyy unir gur\r\ninyhr bs r. frpbaq yrggre bs gur unfu frrzf gb or 8. sbhegrragu yrggre bs gur\r\nunfu fubhyq or p. gjragl-svsgu yrggre bs gur unfu fubhyq or 5. gjragl-sbhegu\r\nyrggre bs gur unfu jvyy unir gur inyhr bs o. friragu yrggre bs gur unfu fubhyq\r\nor 6. guvegvrgu yrggre bs gur unfu jnf frg gb 9.<\/pre>\n
This text is here to simulate a sementic analysis. It means that when you get a corporate document, you usually have to read it and analyse it before you get the useful information. The flag starts with 'ndh2k16_'. After that, there is the hash. very first letter of the hash seems to be 1. seventeenth letter of the hash appears to be 4. eleventh letter of the hash appears to be 5. twenty- second letter of the hash will have the value of f. sixteenth letter of the hash is 0. twenty-third letter of the hash should be c. third letter of the hash seems to be 0. sixth letter of the hash seems to be 5. twenty-sixth letter of the hash will have the value of 0. eighth letter of the hash was set to 2. thirteenth letter of the hash was set to 1. fifteenth letter of the hash should be b. tenth letter of the hash seems to be f. twenty-seventh letter of the hash was set to f. fifth letter of the hash was set to 9. twelfth letter of the hash appears to be a. thirty-second letter of the hash should be d. twenty-ninth letter of the hash seems to be 0. twenty-first letter of the hash was set to c. nineteenth letter of the hash seems to be c. twenty-eighth letter of the hash seems to be e. fourth letter of the hash was set to 4. ninth letter of the hash is a. twentieth letter of the hash will have the value of 1. thirty-first letter of the hash should be 6. eighteenth letter of the hash will have the value of e. second letter of the hash seems to be 8. fourteenth letter of the hash should be c. twenty-fifth letter of the hash should be 5. twenty-fourth letter of the hash will have the value of b. seventh letter of the hash should be 6. thirtieth letter of the hash was set to 9<\/pre>\n
\n
import codecs\r\nimport sys\r\n\r\ncipher=\"\"\"\r\nGuvf grkg vf urer gb fvzhyngr n frzragvp nanylfvf. Vg zrnaf gung jura lbh trg n\r\npbecbengr qbphzrag, lbh hfhnyyl unir gb ernq vg naq nanylfr vg orsber lbh trg\r\ngur hfrshy vasbezngvba. Gur synt fgnegf jvgu 'aqu2x16_'. Nsgre gung, gurer vf\r\ngur unfu. irel svefg yrggre bs gur unfu frrzf gb or 1. friragrragu yrggre bs\r\ngur unfu nccrnef gb or 4. ryriragu yrggre bs gur unfu nccrnef gb or 5. gjragl-\r\nfrpbaq yrggre bs gur unfu jvyy unir gur inyhr bs s. fvkgrragu yrggre bs gur\r\nunfu vf 0. gjragl-guveq yrggre bs gur unfu fubhyq or p. guveq yrggre bs gur\r\nunfu frrzf gb or 0. fvkgu yrggre bs gur unfu frrzf gb or 5. gjragl-fvkgu yrggre\r\nbs gur unfu jvyy unir gur inyhr bs 0. rvtugu yrggre bs gur unfu jnf frg gb 2.\r\nguvegrragu yrggre bs gur unfu jnf frg gb 1. svsgrragu yrggre bs gur unfu fubhyq\r\nor o. gragu yrggre bs gur unfu frrzf gb or s. gjragl-friragu yrggre bs gur unfu\r\njnf frg gb s. svsgu yrggre bs gur unfu jnf frg gb 9. gjrysgu yrggre bs gur unfu\r\nnccrnef gb or n. guvegl-frpbaq yrggre bs gur unfu fubhyq or q. gjragl-avagu\r\nyrggre bs gur unfu frrzf gb or 0. gjragl-svefg yrggre bs gur unfu jnf frg gb p.\r\navargrragu yrggre bs gur unfu frrzf gb or p. gjragl-rvtugu yrggre bs gur unfu\r\nfrrzf gb or r. sbhegu yrggre bs gur unfu jnf frg gb 4. avagu yrggre bs gur unfu\r\nvf n. gjragvrgu yrggre bs gur unfu jvyy unir gur inyhr bs 1. guvegl-svefg\r\nyrggre bs gur unfu fubhyq or 6. rvtugrragu yrggre bs gur unfu jvyy unir gur\r\ninyhr bs r. frpbaq yrggre bs gur unfu frrzf gb or 8. sbhegrragu yrggre bs gur\r\nunfu fubhyq or p. gjragl-svsgu yrggre bs gur unfu fubhyq or 5. gjragl-sbhegu\r\nyrggre bs gur unfu jvyy unir gur inyhr bs o. friragu yrggre bs gur unfu fubhyq\r\nor 6. guvegvrgu yrggre bs gur unfu jnf frg gb 9.\r\n\"\"\".rstrip()\r\n\r\n# Define all ordinal\r\norder = [ \"very\", # \"very first\"\r\n \"second\", \r\n \"third\", \r\n \"fourth\", \r\n \"fifth\", \r\n \"sixth\", \r\n \"seventh\", \r\n \"eighth\", \r\n \"ninth\", \r\n \"tenth\", \r\n \"eleventh\", \r\n \"twelfth\", \r\n \"thirteenth\", \r\n \"fourteenth\", \r\n \"fifteenth\", \r\n \"sixteenth\", \r\n \"seventeenth\", \r\n \"eighteenth\", \r\n \"nineteenth\", \r\n \"twentieth\", \r\n \"twenty-first\", \r\n \"twenty-second\", \r\n \"twenty-third\",\r\n \"twenty-fourth\", \r\n \"twenty-fifth\", \r\n \"twenty-sixth\", \r\n \"twenty-seventh\", \r\n \"twenty-eighth\", \r\n \"twenty-ninth\", \r\n \"thirtieth\", \r\n \"thirty-first\", \r\n \"thirty-second\"\r\n ]\r\n\r\ndic = {}\r\n\r\n# ROT13 decode, clean newline and clean composed-ordinal :\r\ndecoded=codecs.decode(cipher, 'rot_13').replace(\"\\n\", \" \").replace(\"- \", \"-\");\r\n\r\n# Cut all sentences\r\narrayDecoded=decoded.split('.')\r\n\r\nfor line in arrayDecoded:\r\n line = line.strip()\r\n print line\r\n lineSplited = line.split()\r\n if len(lineSplited) > 0:\r\n # Get the first word of line (ordinal)\r\n firstWord = lineSplited[0]\r\n # Save the last char (part of flag)\r\n lastChar = line[-1]\r\n if firstWord in order:\r\n # Store the last char in right order\r\n dic[firstWord] = lastChar\r\n \r\n# Print the flag\r\nsys.stdout.write(\"Flag : ndh2k16_\")\r\nfor o in order:\r\n sys.stdout.write(dic[o])<\/pre>\n$ python omg_so_encrypted.py\r\nThis text is here to simulate a sementic analysis\r\nIt means that when you get a corporate document, you usually have to read it and analyse it before you get the useful information\r\nThe flag starts with 'ndh2k16_'\r\nAfter that, there is the hash\r\nvery first letter of the hash seems to be 1\r\nseventeenth letter of the hash appears to be 4\r\neleventh letter of the hash appears to be 5\r\ntwenty-second letter of the hash will have the value of f\r\nsixteenth letter of the hash is 0\r\ntwenty-third letter of the hash should be c\r\nthird letter of the hash seems to be 0\r\nsixth letter of the hash seems to be 5\r\ntwenty-sixth letter of the hash will have the value of 0\r\neighth letter of the hash was set to 2\r\nthirteenth letter of the hash was set to 1\r\nfifteenth letter of the hash should be b\r\ntenth letter of the hash seems to be f\r\ntwenty-seventh letter of the hash was set to f\r\nfifth letter of the hash was set to 9\r\ntwelfth letter of the hash appears to be a\r\nthirty-second letter of the hash should be d\r\ntwenty-ninth letter of the hash seems to be 0\r\ntwenty-first letter of the hash was set to c\r\nnineteenth letter of the hash seems to be c\r\ntwenty-eighth letter of the hash seems to be e\r\nfourth letter of the hash was set to 4\r\nninth letter of the hash is a\r\ntwentieth letter of the hash will have the value of 1\r\nthirty-first letter of the hash should be 6\r\neighteenth letter of the hash will have the value of e\r\nsecond letter of the hash seems to be 8\r\nfourteenth letter of the hash should be c\r\ntwenty-fifth letter of the hash should be 5\r\ntwenty-fourth letter of the hash will have the value of b\r\nseventh letter of the hash should be 6\r\nthirtieth letter of the hash was set to 9\r\n\r\nFlag : ndh2k16_18049562af5a1cb04ec1cfcb50fe096d<\/pre>\n