Rating: 5.0
> Cellular Automata
>
> 148
>
> It's hard to reverse a step in a cellular automata, but solvable if done right.
>
> https://cellularautomata.web.ctfcompetition.com/
As the [rules](https://cellularautomata.web.ctfcompetition.com/) state we are dealing with a [Rule 126 automata](http://mathworld.wolfram.com/Rule126.html). Patterns ```000``` and ```111``` produce a ```0``` bit while all others produce ```1```.
The problem with reversing cellular automata is that a lot of different steps correspond to the step you are trying to reverse. Straight bruteforcing will take forever - 64-bit steps are just too bit. However, the bits in the reverse step are not random, and are limited by 2 rules:
1. ```0``` has to reverse to patterns ```000``` or ```111```, and ```1``` to all others
2. If a pattern is selected the patterns that follow it are limited to 2 possibilities (because they have to overlap by 2 bits). For example, pattern ```000``` can only be followed by patterns ```000``` and ```001```.
If we apply these 2 rules we can generate all possibilities very quickly with the help of the following script:
```python
import sys
if len(sys.argv) != 2:
print "Please supply a hex number on the command line"
quit()
hexval = sys.argv[1]
bit_size = len(hexval)*4
# convert hex value to bit string
bitstr = (bin(int(hexval,16))[2:]).zfill(bit_size)
# map from bits to patterns that generate it
patterns_generating_bit = {"0":[0,7], "1":[1,2,3,4,5,6]}
# valid patterns that can follow each pattern; for example, pattern 010 can be followed
# only by 100 and 101 because they must overlap with its last 2 digits (10)
valid_next_patterns = {0:[0,1], 1:[2,3], 2:[4,5], 3:[6,7], 4:[0,1], 5:[2,3], 6:[4,5], 7:[6,7]}
# mid bits in each pattern
pattern_mid_bits = {0:"0", 1:"0", 2:"1", 3:"1", 4:"0", 5:"0", 6:"1", 7:"1"}
def reverse_rule126(bitstr, depth, valid_patterns, patterns_in_step):
# walk through all patterns that generate the current bit
for pattern in patterns_generating_bit[bitstr[depth]]:
# make sure the pattern is valid based on previously seen patterns
if pattern in valid_patterns:
# if we are not at the last bit - keep going recursively
if depth < (bit_size-1):
reverse_rule126(bitstr, depth+1, valid_next_patterns[pattern], patterns_in_step+[pattern])
# if we are at the last bit...
if depth == (bit_size-1):
# ...and the last pattern wraps around properly to the beginning of the step string
if patterns_in_step[0] in valid_next_patterns[pattern]:
# generate the full bitstring for the step and print it out
found_step = ""
for x in patterns_in_step:
found_step += pattern_mid_bits[x]
found_step += pattern_mid_bits[pattern]
print hex(int(found_step,2))[2:]
reverse_rule126(bitstr, 0, [0,1,2,3,4,5,6,7], [])
```
The script generates about 10K possibilities, which we can try to determine if there is a flag in the output:
```bash
#!/bin/sh
for i in $(python solve.py 66de3c1bf87fdfcf); do
echo "$i" > /tmp/plain.key; xxd -r -p /tmp/plain.key > /tmp/enc.key
echo "U2FsdGVkX1/andRK+WVfKqJILMVdx/69xjAzW4KUqsjr98GqzFR793lfNHrw1Blc8UZHWOBrRhtLx3SM38R1MpRegLTHgHzf0EAa3oU
eWcQ=" | openssl enc -d -aes-256-cbc -pbkdf2 -md sha1 -base64 --pass file:/tmp/enc.key 2>/dev/null | grep CTF
done
```
When we run the script we quickly get the flag decoded:
```sh
$ ./solve.sh
CTF{reversing_cellular_automatas_can_be_done_bit_by_bit}
```
The flag is ```CTF{reversing_cellular_automatas_can_be_done_bit_by_bit}```.
