CTFtime.org / Zh3r0 CTF / Tic Tac Toe / Writeup

# Master

## Tic Tac Toe
```
Can you beat the image?

Author : DreyAnd
File: image
```

It's un unknown file, we can try a `strings`:
```
$ strings image
[...]
FIFJ
```

It seems to be a reversed jpg file, we reverse it with https://gchq.github.io/CyberChef/#recipe=Reverse('Character') and we get an image of a panties lmao

Then, we retry `strings` command:
```
strings image.jpg | head
JFIF
>aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj01bHNvRkc3bXVQNAo=
[...]
```

There is a message in base64: `aHR0cHM6Ly93d3cueW91dHViZS5jb20vd2F0Y2g/dj01bHNvRkc3bXVQNAo=` is `https://www.youtube.com/watch?v=5lsoFG7muP4`

It's video `Kapela - Rock My Way`, we can think about the `rockyou.txt` wordlist

And we try StegCracker (https://github.com/Paradoxis/StegCracker), a bruteforce software using steghide:
```
$ stegcracker image.jpg
StegCracker 2.0.8 - (https://github.com/Paradoxis/StegCracker)
Copyright (c) 2020 - Luke Paris (Paradoxis)

Counting lines in wordlist..
Attacking file 'image.jpg' with wordlist '/usr/share/wordlists/rockyou.txt'..
Successfully cracked file with password: spongebob
Tried 155 passwords
Your file has been written to: image.jpg.out
spongebob
```

Then, we got a file `image.jpg.out` and its content is:
```
$ cat image.jpg.out
In [35]: n,e,ct,p+q
Out[35]:
(156935655500198733255923805969370297538115753312746380213875723177744608509780722798549730106834861986575848272630355804840179947615966722051370804273521733290376009020885919941338141950993008276537987193794648055241515380150115338397065198086893695560540379329063476893211153270247222670504019722793971516489,
65537,
102778142076243116117419062640171713879684005471846556860689446479305435562766590357152362175278713093609670819423506015563433111872029023117856369287465874159889936283732420732086482645886112577942492103417960605158427793203017078930148395937563028135853490687072326149444788825363901282252753328289332801180,
25089219254058723086004960979954103479984362695038160907003438818016936688465630366701002710571334149929206994096775851785636272938202242921638312612784566)
```

Yes, a cipher encrypt with RSA !

We have:
```
N = 156935655500198733255923805969370297538115753312746380213875723177744608509780722798549730106834861986575848272630355804840179947615966722051370804273521733290376009020885919941338141950993008276537987193794648055241515380150115338397065198086893695560540379329063476893211153270247222670504019722793971516489
e = 65537
ct = 102778142076243116117419062640171713879684005471846556860689446479305435562766590357152362175278713093609670819423506015563433111872029023117856369287465874159889936283732420732086482645886112577942492103417960605158427793203017078930148395937563028135853490687072326149444788825363901282252753328289332801180
p + q = 25089219254058723086004960979954103479984362695038160907003438818016936688465630366701002710571334149929206994096775851785636272938202242921638312612784566
```

We can get p and q by solving a small equation, we will use https://www.dcode.fr/solveur-equation for that and we get:
```
p = 13201553455951594484851144155858960936758450752844862383720937971346633364974345826194703440352906128111171327592279346393314285337599338957447838857517943
q = 11887665798107128601153816824095142543225911942193298523282500846670303323491284540506299270218428021818035666504496505392321987600602903964190473755266623
```

Finally, we can decrypt the cipher:
``` python
$ python
Python 2.7.18
>>> p = 13201553455951594484851144155858960936758450752844862383720937971346633364974345826194703440352906128111171327592279346393314285337599338957447838857517943
>>> q = 11887665798107128601153816824095142543225911942193298523282500846670303323491284540506299270218428021818035666504496505392321987600602903964190473755266623
>>> N = p * q
>>> N == 156935655500198733255923805969370297538115753312746380213875723177744608509780722798549730106834861986575848272630355804840179947615966722051370804273521733290376009020885919941338141950993008276537987193794648055241515380150115338397065198086893695560540379329063476893211153270247222670504019722793971516489
True
>>> e = 65537
>>> phi = (q - 1) * (p - 1)
>>> from Crypto.Util.number import inverse
>>> d = inverse(e, phi)
>>> cipher = 102778142076243116117419062640171713879684005471846556860689446479305435562766590357152362175278713093609670819423506015563433111872029023117856369287465874159889936283732420732086482645886112577942492103417960605158427793203017078930148395937563028135853490687072326149444788825363901282252753328289332801180
>>> plaintext = pow(cipher, d, N)
>>> print plaintext
844822306663494676182187532049398384884497750776412735948743460294840445
>>> print hex(plaintext)[2:-1].decode('hex')
zh3r0{W0ah_Y0u_W0n_k33p_1t_uP}
```

The flag is: `zh3r0{W0ah_Y0u_W0n_k33p_1t_uP}`

Original writeup (https://github.com/skyf0l/CTF/blob/master/Zh3r0CTF_2020/Master.md#tic-tac-toe).

Tic Tac Toe

Comments

Sign in with