Tools Used
JAVA/APK Decompiler, Malbolge Interpreter, CyberChef, dcode.fr, Aperisolve, gmic
Categories
Warmup
Pokemon
Problem:
A picture of a pokemon is given. Flag format: CTF_BD{...}
Solution:
The pokemon's name is Arcanine. Flag is CTF_BD{Arcanine}.
ABC Is Fine
Problem:
The following text is given: NUC_IS{D_C1Q3_N1AM3K_l4Q} along with value a = 31, b = 3. Find the flag.
Solution:
Since value of a and b are given, we know it's an Affine cipher. Let's solve and we get the flag: CTF_BD{A_F1N3_C1PH3R_m4N}
DotDash
Problem:
An audio file is given. Find the flag.
Solution:
Just by hearing the audio file, we know that it's a morse code. Decoding it gives us: ITSMORSEMUSICBRO. Let's submit it as the flag: CTF_BD{ITS_MORSE_MUSIC_BRO}
Malbo
Problem:
A friend from Melbourne has sent me the following file. Can you decode it?
File content:
---
D'`_$L\n~|Xj2x0wets1NqM'K%H#i4hVBTdbb`|*)(xwYutslqpi/gOedibaf_%cbDC_^W\Uy<;WPt7MRQJnHMLKJIBfF(>C<;:9]7};:3W76v.3,P0/o-,%I)i'~%|#"y?w|u;y[qvotsrk1ihgfejib(fH^]b[Z~^@\[ZSwQPUTMLpP2Hl/EiIHGF?cCB$#?>=6Z4z216543,P0/.n,+$Hih~}$#z@a}v{t:xZpo5srkSi/Pfkjiba'edFEaZ~^]VUyYXWVONMqQPONMLEiI+*F?>bB$@?>=6Z4381U54t,1*)Mnm%*#"F&%e#z!~}|ut:[q7$
Solution:
It's in Malbolge language. Let's paste the code and interpret it online. We'll use this link: malbolge.doleczek.pl. After running the code, we get flag CTF_BD{M4lB0lg3_Is_Aw3S0M3_Int3rPr3T3R}
Cryptography
Fairy
Problem:
Last night a fairy without wings came to my room. I wrote about her but she didn't want anyone to know about it, so she encrypted my text. Can you decrypt it and find out who came to meet me?
File content:
---
👍︎❄︎☞︎♉︎👌︎👎︎❀︎♍︎🗐︎◆︎⌘︎🗏︎♉︎🏱︎📁︎❒︎📂︎💣︎📁︎☠︎📂︎♉︎♍︎🗐︎💣︎🗏︎♉︎📂︎■︎ 💣︎✡︎♉︎♎︎❒︎🗏︎🗐︎💣︎❝︎✌︎■︎♎︎ ⬧︎♒︎♏︎🕯︎⬧︎ ♋︎ ⬥︎♓︎■︎♑︎●︎♏︎⬧︎⬧︎ ♐︎♋︎♓︎❒︎⍓︎📬︎
Solution:
Now, this looks like Wingdings font. Let's head over to dcode.fr/wingdings-font and try to decode it. We get the following: C︎T︎F︎_︎B︎D︎{︎c︎4︎u︎z︎3︎_︎P︎0︎r︎1︎M︎0︎N︎1︎_︎c︎4︎M︎3︎_︎1︎n︎ M︎Y︎_︎d︎r︎3︎4︎M︎}︎ A︎n︎d︎ s︎h︎e︎'︎s︎ a︎ w︎i︎n︎g︎l︎e︎s︎s︎ f︎a︎i︎r︎y︎.︎
Dora
Problem:
Can you save dora? (Two images are given alongside)
Solution:
We can clearly find the beginning of the flag in dora.jpg image. Let's XOR both images using a tool called gmic
gmic dora.jpg dora-dora.jpg -blend xor
Then we get the flag: CTF_BD{X0r_F1rst_4lw4y5!}
Corrupted
Problem:
My keyboard has been corrupted! Can you find the flag from below?
VYG+NF}{;5u+E2yj+LDVQ
Solution:
Let's look at our keyboard the string VYG. We can convert it to CTF only by replacing each key by it's left. Complete the whole and voila, we get CTF_BD{Pl4y_W1th_KSC}. However, I still don't know what KSC means.
Steganography
Hackart
Problem:
An image is given.
Solution:
Let's head over to aperisolve.fr and upload the image. And we get the flag written on one of the fitered images: CTF_BD{Hackers_are_cyber_artist_you_know}
Rats
Problem:
An image is given.
Solution:
Same solution as previous. The flag CTF_BD{H1dd3n_Mess4ge_D3c0d3d} was written using zsteg.
Miscellaneous (Reverse Engg.)
Have You Tried Something Different?
Problem:
We are given a python script containing byte codes.
Solution:
Let's modify the script a bit and decompile the Python bytecode.
import marshal, dis
code = marshal.loads(the_byte_code)
print dis.dis(code)
Then we get a long list of python bytecode in readable format. We see that there are a lot of constants called. For example, CONST 102 108 97 103 refers to FLAG. By translating the rest of it, we get the flag: CTF_BD{Wh4t_th3_H4ck_4r3_y0u_d01ng!}
Secret Key
Problem:
We are given an APK file called secret_key.apk
Solution:
Let's decompile the APK file and head over to assets/database/, we can find a file called secret.db. Printing it out gives the following:
tableQ1RGX0JEe05pY2VfQ2F0Y2ghfQ==Q1RGX0JEe05pY2VfQ2F0Y2ghfQ==CREATE TABLE "Q1RGX0JEe05pY2VfQ2F0Y2ghfQ==" (
"Q1RGX0JEe05pY2VfQ2F0Y2ghfQ==" INTEGER
)GctabledGVzdA==dGVzdA==CREATE TABLE "dGVzdA==" (
"test" INTEGER
)GctableZmxhZw==ZmxhZw==CREATE TABLE "ZmxhZw==" (
"flag" INTEGER
Now a lot of them looks like base64 strings. Let's decode them one by one. Decoding Q1RGX0JEe05pY2VfQ2F0Y2ghfQ== using base64 decode gives out the flag CTF_BD{Nice_Catch!}
Super Intent
Problem:
We are given an APK file called super.apk
Solution:
Let's decompile and head over to sources/com/flaghunt2021/superintent and keep browsing the JAVA files. While browsing, a certain variable called decodeValue looks interesting in SignInActivity.java. The value is a base64 decoded byte-string. We can get that from R.string.key, the value of which can be found in res/values/strings.xml. If we look for it, we get the string value- U3VwZXJQQCQkdzByZA==
Now, let's decode it. We get SuperP@$$w0rd, this is our login password and the email is flaghunt@ctf.com. Now, according to the code, after logging in, we are presented to a page with three buttons, one of which leads to Super Intent page. Going to SuperIntentActivity.java doesn't gives us much, it just renders the layout.
So, what we are going to do is- go to res/layouts/activity_super_intent.xml and do we see a familiar string? Yes, there's another base64 string called Q1RGX0JEe0g0Q0tfVEhFX1BMQU5FVH0=. Decoding this gives out the flag: CTF_BD{H4CK_THE_PLANET}
Web Browser
Problem:
We are given an APK file called web_browser.apk
Solution:
After decompiling the APK, lets head over to sources/com/flaghunt2021/webbrowser/ and look at the source code. Here, in file called MainActivity.java, we get two following base64 strings:
AAmF2YXNjcmlwdDphbGVydCgnUTFSR1gLSkVlMGhoWTJ0bGNuTmZRWEpsWDBWV1JWSlpFMGhGVWtVaGAAAZRPT0nKQ==
amF2YXNjcmlwdDphbGVydCgnUTFSR1gwSkVlMGhoWTJ0bGNuTmZRWEpsWDBWV1JWSlpWMGhGVWtVaGZRPT0nKQ==
Now, decoding the first gives out garbage value, so let's discard that. Decoding the second one gives out the following code:
javascript:alert('Q1RGX0JEe0hhY2tlcnNfQXJlX0VWRVJZV0hFUkUhfQ==')
Interesting... another base64 string! Let's decode it again. We get our flag of the problem: CTF_BD{Hackers_Are_EVERYWHERE!}