Tags: misc programming
Rating:
# Fire Cannons (Misc - 456 pts - second blood)
"Spy" is not the right word for this challenge. Our team are fighting for justice, therefore "agent" must be used.
This is a simple math problem. For each firing position, we receive the distance to the target. The most efficient way to solve it is as follow:
- Fire at 2 different positions: (x1, y1) and (x2, y2). Receive the distances d1, d2.
- The target is at 1 of the 2 intersections of the circles (x1, y1, d1) and (x2, y2, d2). We have 50% of hitting the target in 3 shots, 50% in 4 shots.
However this requires some (a little) complicated calculations. Instead we solved it using 4 shots but simpler calculation:
- Fire at (0, 0), (1, 0) and (0, 1) and receive the distances d1, d2, d3.
- We now have the following system of equations:
```
(1) x^2 + y^2 = d1^2
(2) (x - 1)^2 + y^2 = d2^2
(3) x^2 + (y - 1)^2 = d3^2
```
- Subtract (1) to (2):
```
2x - 1 = d1^2 - d2^2
=> x = (d1^2 - d2^2 + 1) / 2
```
- Subtract (1) to (3):
```
2y - 1 = d1^2 - d3^2
=> y = (d1^2 - d3^2 + 1) / 2
```
Also, notice that high floating point precision is needed in order to get the correct values. We used the `gmpy2` class with the precision of 2048 bits.
After 96 rounds we got a binary string which decodes to `VoNguyenGiap`. Send it to the server and we got the flag.
Solver code: [cannon.py](https://github.com/CTF-STeam/ctf-writeups/blob/master/2020/ISITDTU%20Finals/Fire%20Cannons/cannon.py). Output:
```
94 b'\nFiring cannons on location: Nice! Give you something: '
b'01010110011011110100111001100111011101010111100101100101011011100100011101101001011000010111000'
b'01010110011011110100111001100111011101010111100101100101011011100100011101101001011000010111000'
b'1082396311390442626521827664044649316251413450093729949773077747360101285228995576782398878863718.020206632188996751475136669288825578305996378699481575534254384081692401818176184431833300486463216822054440937343'
b'1082396311390442626521827664044649316251413450093729949773077747360101285228995576782398878863717.2332274352053132317611214337347012557145570652175634844720629985168486594088527014256275507020991651421160611017432'
b'1082396311390442626521827664044649316251413450093729949773077747360101285228995576782398878863717.4032270996962918914834141772959202216623487051920533889257112014888227000807150632574521752782448208734316184577794'
851823379956151593618294054565372585439179144547256122355120364318866460219787959663230263602877.000000000000000000017820955833829305152851726652150993054417757001863316308238553586953186577993757502170332694637084667067353576377614424775668631675138705390919865608397577500532441864768631773857037367314031526572069514910451379999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999991150819446797357951947313432274050644250922952119310749819756167988468689469771807596773133839964 667816370173503484043472915451006252638041131428215215179122020241228766485912833649018632909530.000000000000000000196872468864663152797804579141242054974619781001049448452021433597893976556933117781401305755989672935382111309464261042123406327866847064083330181316079504011608846666104340898820283518779393895811258375760292320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007873755960969152244846236967343009707262030125559396179156497318437577931942871579619488255933841
851823379956151593618294054565372585439179144547256122355120364318866460219787959663230263602877 667816370173503484043472915451006252638041131428215215179122020241228766485912833649018632909530 1082396311390442626521827664044649316251413450093729949773077747360101285228995576782398878863718.02020663218899675147513666928882557830599637869948157553425438408169240181817618443183330048646321682205444093734298946015596179796156737198710744066911160040955756849871852146754332810240664741356061238616919964526786871469768557836596065631412603226865684897259417672519553852332581499617399062536923591611735948608265031413834769209779864782590752523351273842467514884640634022362059227595126397080667035662594419410891559069609414803645854198753583964967314435623002099459720567096343409954395382275646749032839942336
95 b'\nFiring cannons on location: Nice! Give you something: '
b'010101100110111101001110011001110111010101111001011001010110111001000111011010010110000101110000'
b'010101100110111101001110011001110111010101111001011001010110111001000111011010010110000101110000'
[*] Switching to interactive mode
Give me something:
Congratulations
Flag is: ISITDTU{VoNguyenGiap_has_been_called_one_of_the_greatest_military_strategists_att}
[*] Got EOF while reading in interactive
```