Hack you 2014 - PPC100 Writeup
This was at first a nasty challenge. In principle should be easy by the fact that by decoding the qr codes, it gives you, immediatly note that those are parts of a zip file that has been splitted but the tricky part was that you need to specify the right encoding for make the algorithm decodes the qr codes correctly. So the deal is now which encoding to use? This script uses python qrcode libs to extract data from qr codes images of the challenge that are locate in lll/ directory:
#!/usr/bin/env python
# lll/* <-- directory containing qr codes
import sys, qrcode,glob,os
reload(sys)
sys.setdefaultencoding("iso-8859-1") #good encoding after a bit of testing
files=glob.glob("lll/*")
files.sort()
ofile=open("asd","w")
for f in files:
d = qrcode.Decoder()
if d.decode(f):
ofile.write(d.result[9:])
Now we have our zip but if we try to unzip it we’ll have another zip and if we try to extract it we’ll have another zip and so on.. I made a script for this to make it easier to extract them:
import os,glob
os.system("unzip asd")#asd is the zip that comes from qr codes
for i in xrange(100):
files=glob.glob("*")
for f in files:
if f!="a.py":
os.system("echo A | unzip "+f)
Now tons of zip comes up but also an interesting file named “data.pkl”. Googling its file name extension comes up that it is a python-pickle object. Just load it with pickle module it result as a list and tuple nested between them. This is a kind of run-length encoding where after the character it is specified how many times it is repeated. This code is able to decode it:
import pickle
# CTF{a280fbc26d0781ce50d685a2a31295ab}
def decode(lst):
q = ""
for character, count in lst:
q += character * count
return q
f = open("data.pkl")
data = pickle.load(f)
print type(())
for i in data:
print decode(i)
Running it and redirecting the output to a file we can see using an editor without line wrapping an ascii art with our flag.
Razor4x