Rating:

```

REM ***** BASIC *****

REM Provided was a excel file with a bunch

REM of numbers in the cells A2 to A82 and

REM a ton of formulas in the cells B2 to E82

REM

REM cells B1 to E4 were setup to have a random number.

REM in between 1 and 256

REM

REM and there was a frormula in cell G2

REM that provided the check for the input.

REM =IF(AND(E82=1,B1>1,B1<=256,C1>1,C1<=256,D1>1,D1<=256,E1>1,E1<=256,B1-C1=46,E1-D1=119),"Congrats! Here is yout flag: INSA{"&TEXT(B1,"0")&"-"&TEXT(C1,"0")&"-"&TEXT(D1,"0")&"-"&TEXT(E1,"0")&"}","Wrong input")

REM ===============================================

REM

REM

REM I took a look at the formula in the cell G2

REM and a quick peak at some in the range[A2:E82]

REM and i realized that what was going on in the

REM cells in the range [A2:E82] was somthing

REM I did't not wish to spend my time on.

REM =IF(MID($A2,4,1)=TEXT(COLUMN()-1,"0"),IF(MID($A2,1,1)="1",MOD(SUM(INDIRECT(ADDRESS(ROW()-1,1+MID($A2,2,1))),INDIRECT(ADDRESS(ROW()-1,1+MID($A2,3,1)))),256),IF(MID($A2,1,1)="2",MOD(SUM(INDIRECT(ADDRESS(ROW()-1,1+MID($A2,2,1))),-INDIRECT(ADDRESS(ROW()-1,1+MID($A2,3,1)))),256),IF(MID($A2,1,1)="3",MOD(PRODUCT(INDIRECT(ADDRESS(ROW()-1,1+MID($A2,2,1))),INDIRECT(ADDRESS(ROW()-1,1+MID($A2,3,1)))),256),IF(MID($A2,1,1)="4",MOD(MOD(INDIRECT(ADDRESS(ROW()-1,1+MID($A2,2,1))),INDIRECT(ADDRESS(ROW()-1,1+MID($A2,3,1)))),256),IF(MID($A2,1,1)="5",MOD(BITAND(INDIRECT(ADDRESS(ROW()-1,1+MID($A2,2,1))),INDIRECT(ADDRESS(ROW()-1,1+MID($A2,3,1)))),256),IF(MID($A2,1,1)="6",MOD(BITOR(INDIRECT(ADDRESS(ROW()-1,1+MID($A2,2,1))),INDIRECT(ADDRESS(ROW()-1,1+MID($A2,3,1)))),256),IF(MID($A2,1,1)="7",IF(INDIRECT(ADDRESS(ROW()-1,1+MID($A2,2,1)))=INDIRECT(ADDRESS(ROW()-1,1+MID($A2,3,1))),1,0),"X"))))))),B1)REM

REM ===============================================

REM so i focust on cell G2

REM

REM INTERESTING STUFF FROM CELL G2:

REM +-------------------

REM | E82=1 <---- the value of E82 the result of

REM | a ton of formulas in the cells

REM | B1>1, \ [A2:E82]

REM | B1<=256, |

REM | C1>1, |

REM | C1<=256, \ so all the input has to

REM | D1>1, / be in between 1 and 256

REM | D1<=256, |

REM | E1>1, | and there are some more

REM | E1<=256, / restraints down there.

REM |

REM | B1-C1=46, <---1B = 1C+46

REM | E1-D1=119), <--- 1E = 1D+119

REM +---------------------------------------

REM with all these restraints we are well within a accepable

REM Range to brute force the correct input.

REM So within a couple of minutes i whiped up a python script.

REM that printed out all posible inputs within the restraints.

REM

REM the only problem we have now is how are we going to provide

REM this to the spreadsheet. I can not just pipe it to libre office.

REM

REM So i decided to readup a little bit on excel macros (or libre-office macros)

REM and the basic language.

REM

REM And came up with this scipt. :-)

Sub Main

End Sub

REM I was to lazy to lookup how to access a cells text.

REM so i added a cell the formula =IF(G2="Wrong input",1,0) to cell M3

REM ( you know, hackers will hack)

Sub BruteForceTheFlag

sjiet = ThisComponent.sheets.getByName("Feuil1")

B = sjiet.getCellRangeByName("B1")

C = sjiet.getCellRangeByName("C1")

D = sjiet.getCellRangeByName("D1")

E = sjiet.getCellRangeByName("E1")

flag = sjeit.getCellRangeByName("M3")

C.value = 1

B.value = C.value +46

D.value = 1

E.value = D.value+119

Do

C.value = C.value +1

B.value = C.value +46

DO

D.value = D.value+1

E.value = D.value+119

Loop Until D.value > 256 OR E.value > 256 OR flag.value = 0

if E.value > 256 then

D.value = 1

E.value = D.value+119

endif

Loop Until flag.value = 0 OR B.value > 256

End Sub

REM found two flags.

REM INSA{75-29-13-132}

REM INSA{203-157-13-132} <--- this one was the valid one.

REM it was pointed out in the challenge

REM decription that the were two valid inputs.

REM and that the correct flag was the one was the one with the highes sum.

REM ..

REM wich was nice of them to point this out..

REM unlike what happends some time when there are

REM over 60.000 valid inputs, and all you get is a

REM md5sum of the valid one in exchage for 20 point.

REM Not pointing any finger here. *cough* uutCTF.*cough**cough*

```