Tags: coding
Rating: 4.0
The zip contains an image and a protected zip file. The image is some kind of bar code that after decoding will give you a code in some programing language: Java, Bash, Python, Javascript, PHP or Brainfuck (Yeah, im serious). This code will print the password for the protected zip after execution and after extract it we will get... another bar code and another protected zip file (Repeat this a lot of times)
This is the code we used to get the flag:
```
import glob
import re
import os
import sys
import contextlib
import execjs
import zxing
from io import StringIO
from subprocess import Popen, PIPE, run
from brainfuck import brainfuck
@contextlib.contextmanager
def stdoutIO(stdout=None):
old = sys.stdout
if stdout is None:
stdout = StringIO()
sys.stdout = stdout
yield stdout
sys.stdout = old
def php(code):
# open process
process = Popen(['php'], stdout=PIPE, stdin=PIPE, close_fds=True)
# read output
out = process.communicate(code.encode())[0]
# kill process
try:
os.kill(process.pid, signal.SIGTERM)
except:
pass
# return
return out.decode()
def java(code):
# open process
process = Popen(['jshell'], stdout=PIPE, stdin=PIPE, close_fds=True)
# read output
out = process.communicate(f'{code}\n {"Main.main(new String[0])"}\n'.encode())[0]
# kill process
try:
os.kill(process.pid, signal.SIGTERM)
except:
pass
strings_list = out.decode().split()
return strings_list[len(strings_list)-2]
def bash(code):
# open process
process = Popen(['bash'], stdout=PIPE, stdin=PIPE, close_fds=True)
# read output
out = process.communicate(code.encode())[0]
# kill process
try:
os.kill(process.pid, signal.SIGTERM)
except:
pass
return out.decode().strip()
checked_files = []
# Init reader
reader = zxing.BarCodeReader()
# Get first file basename
basename = glob.glob('*.zip')[0].split(".")[0]
while basename:
# Try to decode image
dataObject = reader.decode(f'{basename}.png')
code = dataObject.raw
# Execute the code and get the pass
print("=========EXTRACTED CODE=========")
password = ""
if("