Easy peasy, we just have to convert the second and third arguments to decimal representation and pass it along to something that can perform a sum for us. For this application ‘bc’ will do the job swimmingly for us! Only one problem though, sadly we can’t really continue with the straight through pipeline of almost only native tools, well maybe we could come up with some fancy script that could do the conversion for us (awk feels like my first candidate for a try here) but alas I don’t really feel that’s the best use of my time. We can edit the program we used in the last challenge to convert any string of binary values to ascii easily to produce decmial representation of whatever base we throw at it. For this challenge we’ll need a converter for hex representation to decimal and one for binary to decimal.
The challenge looks like this:
9332 + 0x1a77 - 10010110011 = ? To fetch and clean up the message we can run the following command, the only difference is the regular expression that we use to run sed. It removes the leading tab character and removes everything between ‘=’ and end of the line, inclusively. We could ask sed to remove the operators as well if we’d like but nah, who cares (:
#!/bin/sh CHALLENGE=$(curl -sb ../../cookies.txt https://ringzer0ctf.com/challenges/32 | \ grep -A1 'BEGIN MESSAGE' | tail -1 | sed -re 's/\t|=.*$//g')
The “real” task or “challenge” here is to mangle the input into something we can put into bc. For the last challenge we used a tool called ‘cut’ which will do the job for us, we just need call it three times and store the values somehow. For this, a shell script comes in handy and we can split up our “nice” pipeline within it.
FIRST=$( printf "$CHALLENGE" | cut -d ' ' -f 1) SECOND=$(printf "$CHALLENGE" | cut -d ' ' -f 3) THIRD=$( printf "$CHALLENGE" | cut -d ' ' -f 5)
The operators do seem to be static in the way that the first operation is always an addition and the second is always a subtraction from what I can see updating the challenge a couple of times. But parsing the operators to be variable isn’t that much of a hassle, just a couple of more cuts!
OP1=$(printf "$CHALLENGE" | cut -d ' ' -f 2) OP2=$(printf "$CHALLENGE" | cut -d ' ' -f 4)
To mangle the representation of the second and third argument all we have to do is to pass them to our fancy conversion programs
SECOND=$(printf $SECOND | ./hex2dec) THIRD=$( printf $THIRD | ./bin2dec)
Now we just ask ‘bc’ to do the work for us and then we’re ready to submit our solution!
SOLUTION=$(printf "$FIRST $OP1 $SECOND $OP2 $THIRD" | bc)
I’ll paste the full script below and upload the conversion programs if you’re having difficulties converting the one from the last post. Cheers
#!/bin/sh
CHALLENGE=$(curl -sb ../../cookies.txt https://ringzer0ctf.com/challenges/32 | \
grep -A1 'BEGIN MESSAGE' | tail -1 | sed -re 's/ |=.*$//g')
FIRST=$( printf "$CHALLENGE" | cut -d ' ' -f 1)
SECOND=$(printf "$CHALLENGE" | cut -d ' ' -f 3)
THIRD=$( printf "$CHALLENGE" | cut -d ' ' -f 5)
OP1=$(printf "$CHALLENGE" | cut -d ' ' -f 2)
OP2=$(printf "$CHALLENGE" | cut -d ' ' -f 4)
SECOND=$(printf $SECOND | ./hex2dec)
THIRD=$( printf $THIRD | ./bin2dec)
SOLUTION=$(echo "$FIRST $OP1 $SECOND $OP2 $THIRD" | bc)
# Submit it
curl -sb ../../cookies.txt https://ringzer0ctf.com/challenges/32/$SOLUTION | \
grep -Po 'FLAG-\w+'