UTC-CTF 2019 Write-ups
This year they hosted an abbreviated CTF (a teaser), but next year they might bring a full-fledged CTF. They have a wide range of difficulty of challenges, from easy to hard.
Strings
We were provided with below challenge’s description and a file.
It is an executable file. According to name of the challenge, it suggested that this challenge should be solved by strings command.
Based on the output above, the flag for this challenge is utc{that_waz_ezpz}
Corey’s core dump 1
We were provided with below challenge’s description and a file.
There is another executable file. We tried run strings command as usual.
Based on the output above, the flag for this challenge is utc{im_a_passw0rd}
ezip
We were provided with below challenge’s description and 2 files.
We were given a PNG image file and a zip file with password protected. Our assumption is that password should be somewhere in PNG image file.
We found zip password in image meta data using exiftool.
We unzipped the zip and got a text file. Based on the output above the flag for this challenge is utc{ex1f_ru135_4ll_7h3_w4y}
Optics 1
We were provided with below challenge’s description and an image file.
We tried to open the image, but it seemed like it is broken. We checked it with hexeditor.
Image signature looked wrong as it showed “LOL“. We changed it to “PNG“, and we got an image of QR code.
We scanned the QR code and got the flag for this challenge which is utc{dang_you_know_qr_decoding_and_shit}
Optics 2
We were given a zip with 441 images inside. Those images seemed like fractures of QR code. With 441 images, we can arrange it 21×21.
After arranged those image to get a complete QR code, we scanned it and got the flag as utc{merge_and_merge_until_you_decode_it}
Curve it up
We were provided with below challenge’s description and a file.
They as use to find the value of n. In order to solve this challenge, we used SageMath to run the below code.
N = 58738485967040967283590643918006240808790184776077323544750172596357004242953
A = 76727570604275129576071347306603709762219034167050511215297136720584179974657
P = (1499223386326383661524589770996693829399568387777849887556841520506306635197, 18509752623395560148909577815970815579696746171847377654079329916213349431951)
Q = (29269524564002256949792104801311755011410313401000538744897527268133583311507, 29103379885505292913479681472487667587485926778997205945316050421132313574991)
#The flag is utfc{n}
B = (P[1]**2-P[0]**3-A*P[0])%N
F = FiniteField(N)
E = EllipticCurve(F,[A,B])
P = E.point(P)
Q = E.point(Q)
factors, exponents = zip(*factor(E.order()))
primes = [factors[i] ^ exponents[i] for i in range(len(factors))][:-2]
dlogs = []
for fac in primes:
t = int(P.order()) / int(fac)
dlog = discrete_log(t*Q,t*P,operation="+")
dlogs += [dlog]
print("factor: "+str(fac)+", Discrete Log: "+str(dlog)) #calculates discrete logarithm for each prime order
l = crt(dlogs,primes)
print(l)
Based on the output above, the flag for this challenge is utc{314159}
how to do optics2 can you explain in detail ?
command to used to combine the 440 images.
Actually, there were 441 images, so we wrote a python code to create a html page arranging the image into 21×21. You may refer to this URL for code sample.