Plaid CTF 2016 - Morset
After connecting to a socket, we received some character that looks like morse code. We use a python script to decode it, then it looks like base36, we decode it and we found a string asking us to send the sha256 of it. We send it back using the same encoding scheme which gave us the flag.
Description
A mysterious signal… can you decode it? Running at morset.pwning.xxx:11821
Details
Points: 50
Category: Misc/Network
Validations: 86
Solution
When we connect to morset.pwning.xxx 11821, we received what looks like morse code:
$ nc morset.pwning.xxx 11821
.---- .... -. --.. .-- -. --.. . .--. - ---.. .-. -.. ..... ..... .. .--- .....
--- -- ... .-.. ..... -... ....- -.. ...- -.-- ---.. -.. ...-- --- -.... .-
----. --.- --.- ..- -..- -.-- ..... ...-- --.- ---.. -... ---.. ...- -.-. .---
----. -.-- -.. ----. -.... --- --- -..- .--- ..--- -.... ..... .---- ---.. ...
.- ....- ----- -..- --.- ...-- ...-- .--. ..... --.. -... ---.. -.-. ..... --...
....- ..- --...
...-- --- -- ..-. -- .--. -.-. ..... .--. .- -..- ---.. ..- ... ...-- -.-- -....
--... .- .- ... ..
decoding this with the python lib morse_talk gave us:
G31GPR6CEJ1B8ZW33XVPRPICDQEUHFDII8LBI6RZ7A3HTHFYN14IKURCH607WNLOC8CTSJU9STFAJAFUGEXGK3GEFZJ06P9GFVMBZ9B
decoding this with base36 gave us:
8897369972590062872663949970759944050758061394015713023721761165709499616078748844055640215564311564036488485901952528001379266489687065044276587455510973327679
decoding this with hex gave us:
,+.
//|\\
|||||
\\|//
`+'
What is the SHA256(Coconut1499833019)?
'`
final python script:
#!/usr/bin/env python2
from pwn import *
from morse_talk import decode, encode
import binascii
import hashlib
from base36 import base36decode, base36encode
r = remote("morset.pwning.xxx", 11821)
p = r.recv()
print decode(p)
print base36decode(decode(p))
print binascii.unhexlify("0{:02x}".format(base36decode(decode(p))))
temp =
binascii.unhexlify("0{:02x}".format(base36decode(decode(p)))).split("SHA256(")[1][:-2]
print "to hash is: %s" % temp
h = hashlib.new("sha256")
h.update(temp)
print "hexdigest: %s" % h.hexdigest()
print "hexlified: %s" % binascii.hexlify(h.hexdigest())
print "base36ed: %s" % base36encode(int(binascii.hexlify(h.hexdigest()),16))
r.sendline(encode(base36encode(int(binascii.hexlify(h.hexdigest()),16))))
import time; time.sleep(1)
rep = r.recv().rstrip().strip()
print "rep is: %s" % rep
print binascii.unhexlify("{:02x}".format(base36decode(decode(rep))))
output of our script:
$ ./pwnit.py
[+] Opening connection to morset.pwning.xxx on port 11821: Done
G31GPR6CEJ1B8ZW33XVPRPICDQEUHFDII8LBI6RZ7A3HTHFYN14IKURCH607WNLOC8CTSJU9STFAJAFUGEXGK3GEFZJ06P9GFVMBZ9B
8897369972590062872663949970759944050758061394015713023721761165709499616078748844055640215564311564036488485901952528001379266489687065044276587455510973327679
,+.
//|\\
|||||
\\|//
`+'
What is the SHA256(Coconut1499833019)?
to hash is: Coconut1499833019
hexdigest: eaf131de586794730ef2ca3e590e2a6360c2b0386ff39c3fd06c7c55bc358eba
hexlified:
65616631333164653538363739343733306566326361336535393065326136333630633262303338366666333963336664303663376335356263333538656261
base36ed:
G4EI2G69JV5685FNO1M9993KJD45XEC63JN4YHBCWN7NEHVGHRXOKXSQAU5WZZ3THA0ZSZDBKWLQXK1IONTATQCIPE0YFWN6ZXD
rep is: -- .-. --.. -... -.... -- .-- -. ...- -... .-. ..... .--. --.. .-.. .
... ----. -... .--. --.. -. -..- .---- - -.... ..-. -... -. ...- .--. .--. .--
.. ... .--. ...- -.- --.- ... -..- -- -.-- -.. -.- --.. --.- ----- -.-- .-.
.... .-. .. -.- .--- -. ...-- .-.. -.- -... ...- .-. .... .--- ....- .--- .---
.--- ---.. --. ....- --... .-.. .-. . ... -.. ..- --- .--. ----. ....- ..-.
--... ..-. ..-. ...-- ..
Nice! Here's a flag for you: PCTF{c0c0c0nutBaze_4__d4ys}.
[*] Closed connection to morset.pwning.xxx port 11821
Our script gave us the flag: PCTF{c0c0c0nutBaze_4__d4ys}.
Challenges resources are available in the resources folder.
Written on April 4, 2016