https://www.nom.fish/write-up/5charlie-ctf-disorderly2/
Brute force + hand-solve for 5CTF's Discorderly2 challenge. It's not pretty but it does the job.
python3 brute_solve.py
Created
December 12, 2020 00:31
-
-
Save cetaSYN/2f6fe2048202104bf7eb8be859dc0ca5 to your computer and use it in GitHub Desktop.
Solve for 5CTF Disorderly2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import itertools | |
| import re | |
| from multiprocessing import Pool | |
| from disorderly2 import decrypt | |
| FLAG_PTRN = re.compile(r"flag{[a-zA-Z0-9$!@_-]+}") | |
| with open("encoded.txt") as f: | |
| encmsg = f.read().strip() | |
| def alphagen(): | |
| # Generate all possible usable alpabets | |
| ALPHABET = list("beghiklnptuv") # Removed known | |
| a0 = ["x", "y", "m", "j", "r"] # Delim | |
| a1 = ["f", "c", "a"] # 64 | |
| a2 = ["w", "d", "z"] # 32 | |
| a3_sub = [c for c in ALPHABET if c not in a2] | |
| for a3 in list(itertools.combinations(a3_sub, 3)): # 16 | |
| a4_sub = [c for c in a3_sub if c not in a3] | |
| for a4 in list(itertools.combinations(a4_sub, 3)): # 8 | |
| a5_sub = [c for c in a4_sub if c not in a4] | |
| for a5 in list(itertools.combinations(a5_sub, 3)): # 4 | |
| a6_sub = [c for c in a5_sub if c not in a5] | |
| for a6 in list(itertools.combinations(a6_sub, 3)): # 2 | |
| a7_sub = [c for c in a6_sub if c not in a6] | |
| a7 = ("s", "o", "q") # 1 | |
| yield "".join( | |
| list(itertools.chain(*[a1, a2, a3, a4, a5, a6, a7, a0])) | |
| ) | |
| def do_work(alphabet): | |
| decmsg = decrypt(encmsg, alphabet) | |
| if re.search(FLAG_PTRN, decmsg) and "congratulations" in decmsg.lower(): | |
| print("FOUND: {}\nABET: {}".format(decmsg, alphabet)) | |
| with Pool(6) as pool: # 6-core multiprocessing pool | |
| pool.map(do_work, alphagen()) # Distribute work across cores |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # Provided by 5CTF Round 4 | |
| from random import choice, shuffle | |
| from re import split as resplit | |
| def encrypt(message, rnd=False, alphabet="abcdefghijklmnopqrstuvwxyz"): | |
| if len(alphabet) != 26: | |
| return ("error", "alphabet must be 26 letters") | |
| if rnd: | |
| alphabet = [alphabet[x] for x in range(len(alphabet))] | |
| shuffle(alphabet) | |
| alphabet = "".join(alphabet) | |
| bits = { | |
| 64: alphabet[0:3], | |
| 32: alphabet[3:6], | |
| 16: alphabet[6:9], | |
| 8: alphabet[9:12], | |
| 4: alphabet[12:15], | |
| 2: alphabet[15:18], | |
| 1: alphabet[18:21], | |
| } | |
| endbit = alphabet[21:26] | |
| output = "" | |
| for letter in range(len(message)): | |
| letter = message[letter] | |
| crypt_letter = "" | |
| for bit in bits.keys(): | |
| if ord(letter) & bit: | |
| crypt_letter += choice(bits[bit]) | |
| crypt_letter = list(crypt_letter) | |
| shuffle(crypt_letter) | |
| crypt_letter = "".join(crypt_letter) + choice(endbit) | |
| output += crypt_letter | |
| return (alphabet, output) | |
| def decrypt(message, alphabet="abcdefghijklmnopqrstuvwxyz"): | |
| if len(alphabet) != 26: | |
| return ("error", "alphabet must be 26 letters") | |
| bits = { | |
| 64: alphabet[0:3], | |
| 32: alphabet[3:6], | |
| 16: alphabet[6:9], | |
| 8: alphabet[9:12], | |
| 4: alphabet[12:15], | |
| 2: alphabet[15:18], | |
| 1: alphabet[18:21], | |
| } | |
| endbit = alphabet[21:26] | |
| letters = resplit("[" + endbit + "]", message) | |
| output = "" | |
| for letter in letters: | |
| byte_value = 0 | |
| for part in range(len(letter)): | |
| for k, v in bits.items(): | |
| if letter[part] in v: | |
| byte_value += k | |
| break | |
| if byte_value: | |
| output += chr(byte_value) | |
| return output |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ctlvoxqzgiaumcpuokwxuzbgmdxqaixdxgwufeojwqarvwckomvzgiaywhqtjcdplmdmowgajhpcwerfqgdxabpdvjzjvfqewreapqdjcdvlrowtcyzjczgljdicmzoarwcepmzmpambodcrduscerncphdojcdvkmwapxpcswyeuazjpdiareczonjdjslzmzjvszarioaugwxawtqkxigczmpzfydrwhfjtoawrwxkhozaxbwgusfjtdifjlctuwrfsgdytzaxvpbzjdmzrasuyozcvngxiagdvrvwapsyawkvjcqwxedgamtokazydgifxzcoxkwtcmdconxnpwvfoyatwuijqflzvywoyzrzxansmhtzsmbtofzjzmuzamcwsmczkhsjdanoyhcozjzfomazbpyadbtrnlaodrzyiawvygoadkrdqualyftezywjdotevcrehawmciqwxlwapjswbampfihzjozcghjwxqgczhnjgoadlrzlgcrzmswfrwychwjzestcmfwigvxuaozywciyzxiqagvdxfpvzxwxazquglyqndvgcxuzkfydgfmdflvqxdrkzsfuyqzuciprwridaokjipdquajqlcgzydxndcrqzarvplwcxgcwomwycpdiojofiugdyuzfejsgfzjwycpzmwqcrldapjazsjdjkpadxsfidugmzmvloadpxnuogwcrhldfrqczuijwmugdaskxqadbjtwalrifdxphwbrzywygauobmgeczycwnjawgorlwhcxvpqldamowanmqeavdjzcogjdmnawsxwgckxdmqtcvlzjcwpuqnyqzgfkxgnzargczjwxcwvygqczxdmbfdtoxotiwvarewvcrdpsajdxgcdywasnragzvxzpcujcsdbyhdfsmopedfmbzparpaedjpiwvydxdrocjgzcvbrzclqbxowkgaujszaxblfwqxbgzjdmqznaejtihswcxdcstexdalvjdywghcmtbwfjzqcjczqgujzxbszaycezuqrwmtzauyfizgyqdfrswatvyocvbezypkzcjnzcysazgjilfguoyzfuktqrhanzpqrehadmatndjgwcjqickthjsfziyldohayophcblrdvatmqfdnrhztnfmfowxcbwtjgdbcxlbqwcynaqlvgrawobmbwavgjqnkcphyangzqumvkzaxtfzrtfsdykdchxfbgkvsjewpamfzbjecwhrgnhoazrkotwfyhcwtsjcnzjqlghbaxzsfpjdncvprlczgyeavzywihqgfxlczrdnceqjtikwcsm |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ctlvo | |
| qzgiau | |
| cpuokw | |
| uzbg | |
| qai | |
| gwufeo | |
| wqa | |
| vwcko | |
| vzgia | |
| whqt | |
| cdpl | |
| owga | |
| hpcwe | |
| fqgd | |
| abpdv | |
| vfqew | |
| eapqd | |
| cdvl | |
| owtc | |
| czgl | |
| dic | |
| zoa | |
| wcep | |
| pa | |
| bodc | |
| dusce | |
| ncphdo | |
| cdvk | |
| wap | |
| pcsw | |
| euaz | |
| pdia | |
| eczon | |
| slz | |
| vsza | |
| ioaugw | |
| awtqk | |
| igcz | |
| pzf | |
| whf | |
| toaw | |
| khoza | |
| bwgusf | |
| tdif | |
| lctuw | |
| fsgd | |
| tza | |
| vpbz | |
| C asu 1 2 4 8 16 32 64 | |
| o ozcvng 1 2 4 8 16 32 64 | |
| n iagdv 1 2 4 8 16 32 64 | |
| g vwaps 1 2 4 8 16 32 64 | |
| r awkv 1 2 4 8 16 32 64 | |
| a cqw q 2 4 8 16 w c | |
| t edga 1 2 4 8 16 32 64 | |
| u tokaz 1 2 4 8 16 32 64 | |
| l dgif 1 2 4 8 16 32 64 | |
| a zco o 2 4 8 16 z c | |
| t kwtc 1 2 4 8 16 32 64 | |
| i dcon 1 2 4 8 16 32 64 | |
| o npwvfo 1 2 4 8 16 32 64 | |
| n atwui 1 2 4 8 16 32 64 | |
| s qflzv 1 2 4 8 16 32 64 | |
| ! wo o 2 4 8 16 w 64 | |
| ans | |
| htzs | |
| btofz | |
| uza | |
| cws | |
| czkhs | |
| dano | |
| hcoz | |
| zfo | |
| azbp | |
| adbt | |
| nlaod | |
| iawv | |
| goadk | |
| dqual | |
| ftez | |
| dotevc | |
| ehaw | |
| ciqw | |
| lwap | |
| swba | |
| pfihz | |
| ozcgh | |
| qgczhn | |
| goadl | |
| zlgc | |
| a swf s 2 4 8 16 w f | |
| chw | |
| zestc | |
| fwigv | |
| uaoz | |
| wci | |
| iqagvd | |
| fpvz | |
| azqugl | |
| qndvgc | |
| uzkf | |
| dgf | |
| dflvq | |
| kzsfu | |
| qzucip | |
| idaok | |
| ipdqua | |
| qlcgz | |
| ndc | |
| qza | |
| vplwc | |
| gcwo | |
| cpdio | |
| ofiugd | |
| uzfe | |
| sgfz | |
| cpz | |
| wqc | |
| ldap | |
| azs | |
| kpad | |
| sfidug | |
| vloadp | |
| nuogwc | |
| hldf | |
| qczui | |
| ugdask | |
| qadb | |
| twal | |
| ifd | |
| phwb | |
| gauob | |
| gecz | |
| cwn | |
| awgo | |
| lwhc | |
| vpqlda | |
| owan | |
| qeavd | |
| zcog | |
| naws | |
| wgck | |
| qtcvlz | |
| cwpuqn | |
| qzgfk | |
| gnza | |
| gcz | |
| cwv | |
| gqcz | |
| bfdto | |
| otiwva | |
| ewvc | |
| dpsa | |
| gcd | |
| wasn | |
| agzv | |
| zpcu | |
| csdb | |
| hdfs | |
| opedf | |
| bzpa | |
| paed | |
| piwv | |
| oc | |
| gzcvb | |
| zclqb | |
| owkgau | |
| sza | |
| blfwq | |
| bgz | |
| qznae | |
| tihswc | |
| dcste | |
| dalv | |
| wghc | |
| tbwf | |
| zqc | |
| czqgu | |
| bsza | |
| cezuq | |
| 1 2 4 8 16 32 64 | |
| f tzau 1 tu tu 8 16 z a | |
| l fizg 1 ig ig 8 16 z f | |
| a qdf q 2 4 8 16 d f | |
| g swatv s tv tv 8 16 w a | |
| { ocvbez obe ovbeovbeobe 16 z c | |
| pkzc 1 2 4 8 16 32 64 | |
| nzc 1 2 4 8 16 32 64 | |
| sazg 1 2 4 8 16 32 64 | |
| ilfguo 1 2 4 8 16 32 64 | |
| zfuktq 1 2 4 8 16 32 64 | |
| hanzpq 1 2 4 8 16 32 64 | |
| ehad 1 2 4 8 16 32 64 | |
| atnd 1 2 4 8 16 32 64 | |
| gwc 1 2 4 8 16 32 64 | |
| qickth 1 2 4 8 16 32 64 | |
| sfzi 1 2 4 8 16 32 64 | |
| ldoha 1 2 4 8 16 32 64 | |
| ophcbl 1 2 4 8 16 32 64 | |
| dvat 1 2 4 8 16 32 64 | |
| qfdn 1 2 4 8 16 32 64 | |
| hztnf 1 2 4 8 16 32 64 | |
| fow 1 2 4 8 16 32 64 | |
| cbwt 1 2 4 8 16 32 64 | |
| gdbc 1 2 4 8 16 32 64 | |
| lbqwc 1 2 4 8 16 32 64 | |
| naqlvg 1 2 4 8 16 32 64 | |
| awob 1 2 4 8 16 32 64 | |
| bwavg 1 2 4 8 16 32 64 | |
| qnkcph 1 2 4 8 16 32 64 | |
| angzqu 1 2 4 8 16 32 64 | |
| vkza 1 2 4 8 16 32 64 | |
| tfz 1 2 4 8 16 32 64 | |
| tfsd 1 2 4 8 16 32 64 | |
| kdch 1 2 4 8 16 32 64 | |
| fbgkvs 1 2 4 8 16 32 64 | |
| ewpa 1 2 4 8 16 32 64 | |
| fzb 1 2 4 8 16 32 64 | |
| ecwh 1 2 4 8 16 32 64 | |
| gnhoaz 1 2 4 8 16 32 64 | |
| kotwf 1 2 4 8 16 32 64 | |
| hcwts 1 2 4 8 16 32 64 | |
| cnz 1 2 4 8 16 32 64 | |
| qlghba 1 2 4 8 16 32 64 | |
| zsfp 1 2 4 8 16 32 64 | |
| dncvp 1 2 4 8 16 32 64 | |
| lczg 1 2 4 8 16 32 64 | |
| eavz 1 2 4 8 16 32 64 | |
| wihqgf 1 2 4 8 16 32 64 | |
| lcz 1 2 4 8 16 32 64 | |
| dnceq 1 2 4 8 16 32 64 | |
| } tikwcs s ti ti k 16 w c |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 21! / (3!*3!*3!*3!*3!*3!*3!) | |
| The letters are shuffled except for endbits, so we should see some repetition in those bits | |
| Most letters are 4-5 bits on, up to 6 | |
| Down to 1 for spaces | |
| 2 for exclaimation marks | |
| 6 for other punct | |
| delim = x,y,m,j,r | |
| delims will never be adjacent | |
| 64 = c,a,f | |
| probable based on freq analysis | |
| 32 = w,d,z | |
| found with space chars which are 1 bit | |
| 16 = | |
| 8 = k | |
| 4 = | |
| 2 = | |
| 1 = qs | |
| >>> [print("{} - {}".format(str(bin(ord(c))[2:]).zfill(8), c)) for c in string.ascii_lowercase] | |
| 01100001 - a | |
| 01100010 - b | |
| 01100011 - c | |
| 01100100 - d | |
| 01100101 - e | |
| 01100110 - f | |
| 01100111 - g | |
| 01101000 - h | |
| 01101001 - i | |
| 01101010 - j | |
| 01101011 - k | |
| 01101100 - l | |
| 01101101 - m | |
| 01101110 - n | |
| 01101111 - o | |
| 01110000 - p | |
| 01110001 - q | |
| 01110010 - r | |
| 01110011 - s | |
| 01110100 - t | |
| 01110101 - u | |
| 01110110 - v | |
| 01110111 - w | |
| 01111000 - x | |
| 01111001 - y | |
| 01111010 - z | |
| '00100000' - [space] | |
| '01011111' - _ | |
| '01111011' - { | |
| '01111101' - } | |
| '00100001' - ! | |
| Ending is very long - likely flag | |
| Wow. I wasn't even sure that Disorderly 1 could be solved. Congratulations! I'm basically just writing out a bunch of words so you have more data to work with. Otherwise it would be more difficult. Anyway, your flag is flag{the_world_is_finally_in_order_through_entropy} | |
| ABET: fcawdzeklbingpthuvsoqxymjr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment