This is a writeup for the Gofuscated challenge in Square CTF 2018.
We were provided a Go program which takes a 26 characters input and performs several checks on it. If all the checks are true, then the value of flag will be printed.
Note: In Go language, you can print the value of the variables using fmt.Println(). This will be useful while solving the challenge.
The main function of the Go program looked like shown below:
There were 4 compute functions and their purpose is as follows:
1. compute1: It displays an interesting animation :)
2. compute2: It runs a long FOR loop for Space * Rounds iterations (total iterations: 100000 * 100000). This will take a few minutes to complete. After completing the iterations, it returns a 16 bytes hex string.
h := compute2([]byte(input), done)
As we can see later in the code, h corresponds to our flag:
flag := <-h
3. Before the flag, we have a call to the function, another_helper() and we can see that the return value of this function should be true so that our flag is printed.
4. another_helper() function takes an input string which was generated by compute4()
So, let's see how compute4() is used to process our input.
It first generates a mapping as shown below:
We can print the value of the map using fmt.Println(m)
This gives us the mapping as:
[100:113 114:114 109:121 107:122 122:102 97:104 111:110 110:97 102:106 116:120 112:119 118:101 106:111 117:112 113:103 105:105 115:107 121:108 104:109 120:98 101:99 108:100 103:118 98:115 99:116 119:117]
Then, this mapping is used to shuffle the characters in our input string.
If our input is: abcdefghijklmnopqrstuvwxyz
Then after shuffling the characters in the input using the above mapping we get: hstqcjvmiozdyanwgrkxpeublf
This value is passed to another_helper() function to validate.
another_helper() function is as shown below:
It checks the input to ensure that the ASCII value of each character is less than or equal to the ASCII value of the characters after it.
So, if another_helper() function receives: abcdefghijklmnopqrstuvwxyz as an input, it will return us true.
To solve this challenge, we need to pass an input such that compute4() function returns us: abcdefghijklmnopqrstuvwxyz
We can leverage the mapping above to get the value of an input which satisfies the above requirement.
Input: nxelvzqaifsyhojudrbcwgptmk
Now, we can pass the string: "nxelvzqaifsyhojudrbcwgptmk" as an input to the program and it will print our flag as shown below:
flag-705787f208e6eff63768ae166482125b
c0d3inj3cT
We were provided a Go program which takes a 26 characters input and performs several checks on it. If all the checks are true, then the value of flag will be printed.
Note: In Go language, you can print the value of the variables using fmt.Println(). This will be useful while solving the challenge.
The main function of the Go program looked like shown below:
1. compute1: It displays an interesting animation :)
2. compute2: It runs a long FOR loop for Space * Rounds iterations (total iterations: 100000 * 100000). This will take a few minutes to complete. After completing the iterations, it returns a 16 bytes hex string.
h := compute2([]byte(input), done)
As we can see later in the code, h corresponds to our flag:
flag := <-h
3. Before the flag, we have a call to the function, another_helper() and we can see that the return value of this function should be true so that our flag is printed.
4. another_helper() function takes an input string which was generated by compute4()
So, let's see how compute4() is used to process our input.
It first generates a mapping as shown below:
This gives us the mapping as:
[100:113 114:114 109:121 107:122 122:102 97:104 111:110 110:97 102:106 116:120 112:119 118:101 106:111 117:112 113:103 105:105 115:107 121:108 104:109 120:98 101:99 108:100 103:118 98:115 99:116 119:117]
Then, this mapping is used to shuffle the characters in our input string.
If our input is: abcdefghijklmnopqrstuvwxyz
Then after shuffling the characters in the input using the above mapping we get: hstqcjvmiozdyanwgrkxpeublf
This value is passed to another_helper() function to validate.
another_helper() function is as shown below:
It checks the input to ensure that the ASCII value of each character is less than or equal to the ASCII value of the characters after it.
So, if another_helper() function receives: abcdefghijklmnopqrstuvwxyz as an input, it will return us true.
To solve this challenge, we need to pass an input such that compute4() function returns us: abcdefghijklmnopqrstuvwxyz
We can leverage the mapping above to get the value of an input which satisfies the above requirement.
Input: nxelvzqaifsyhojudrbcwgptmk
Now, we can pass the string: "nxelvzqaifsyhojudrbcwgptmk" as an input to the program and it will print our flag as shown below:
flag-705787f208e6eff63768ae166482125b
c0d3inj3cT
No comments:
Post a Comment