EasyCTF_2018: Soupstitution Cipher
Category: Reverse Engineering Points: 70 Description:
We had a flag, but lost it in a mess of alphabet soup! Can you help us find it? Connect to the server via nc c1.easyctf.com 12484.
Write-up
This challenge is just obfuscation of simple functions. A closer look at the code reveals that someone likes soup a lot, to the point of changing almost every word to soup but essentially, the code can be boiled (pardon the pun) down to
for codepoint in range(2**16):
c = chr(codepoint)
if c.isdigit():
print(u'{}: {}'.format(functionA(c), c))
The key to solving this, is to understand that digits consist of unicode characters. Since the function used to convert the characters to digits are purely base10, we can do a bit of overflowing to achieve 10 digits with only 7 characters.
Before that, we will need to convert our s0up to a number we want to work with and by throwing it through hexlify and both functions, we get the number 2365552391. Now it's a matter of getting the codepoints.
Now, the challenge becomes a guessing game on the perfect combination of uncodes that would add up to the number. There could be an automated way to solve this but I was too much too tired to solve this automatically.
++++++++++++
2365552391
- 2358
_
++++++++++++
7552391
- 0
_
++++++++++++
7552391
- 0
_
++++++++++++
7552391
- 7209
_
++++++++++++
343391
- 3001
_
++++++++++++
43291
- 3387
_
++++++++++++
9421
- 9421
_
++++++++++++
After a long time of bruteforcing, and a certain bird's whispers, the challenge arrived at ⓽൫௩᱙00०. Additionally, as it's reversed, the actual input has to be ०00᱙௩൫⓽.
Attempting to submit it, gives us the flag,
# nc c1.easyctf.com 12484
०00᱙௩൫⓽
०00᱙௩൫⓽
oh yay it's a flag! easyctf{S0up_soup_soUP_sOuP_s0UP_S0up_s000000OOOOOOuuuuuuuuppPPppPPPp}
Therefore, the flag is easyctf{S0up_soup_soUP_sOuP_s0UP_S0up_s000000OOOOOOuuuuuuuuppPPppPPPp}.