search

roaris / ctf-log

0 stars 0 forks source link

picoCTF: unpackme.py (Reverse Engineering) #14

Open roaris opened 3 months ago

roaris commented 3 months ago

https://play.picoctf.org/practice/challenge/314

roaris commented 3 months ago

unpackme.flag.py

import base64
from cryptography.fernet import Fernet

payload = b'gAAAAABkzWGWvEp8gLI9AcIn5o-ahDUwkTvM6EwF7YYMZlE-_Gf9rcNYjxIgX4b0ltY6bcxKarib2ds6POclRwCwhsRb1LOXVt4Q3ePtMY4BmHFFZlIHLk05CjwigT7hiI9p3sH9e7Cpk1uO90xbHbuy-mfi3nkmn411aBgwxyWpJvykpkuBIG_nty6zbox3UhbB85TOis0TgM0zG4ht0-GUW4wTq2_5-wkw3kV1ZAisLJHzF-Z9oLMmwFZU0UCAcHaBTGDF5BnVLmUeCGTgzVLSNn6BmB61Yg=='

key_str = 'correctstaplecorrectstaplecorrec'
key_base64 = base64.b64encode(key_str.encode())
f = Fernet(key_base64)
plain = f.decrypt(payload)
exec(plain.decode())
roaris commented 3 months ago 
$ python unpackme.flag.py
What's the password? a
That password is incorrect.
roaris commented 3 months ago

Fernetについて ソースコード読むとAES-CBCで暗号化/復号をしているっぽい

Fernetの復号結果をプログラムとしてexecで実行している 復号結果を表示してみると、フラグが得られた

# exec(plain.decode())
print(plain.decode())
$ python unpackme.flag.py

pw = input('What\'s the password? ')

if pw == 'batteryhorse':
  print('picoCTF{175_chr157m45_85f5d0ac}')
else:
  print('That password is incorrect.')