Due to other commitments I only had little time to play during this CTF and when I arrived on Saturday (the 2nd day of the competition) our b01lers were already hacking away and we were hovering somewhere around 100.
For quite a while I looked trough some of the others and misc challenges but did not find a good angle. I then turned my attention to base64, a crypto 500 challenge that asked us to identify which letters cannot occur in base64 encoded strings whenever two strings overlap. The assumption was that two arbitrary input strings are encoded in base64 and we are supposed to figure out which letters cannot occur in both strings. The description was quite ambiguous and it took me some time to figure out that the two strings were just a red herring and that we only needed to find what characters cannot occur in base64 encoded strings if the input are "alphabetical" strings.
Base64 encoding maps 3 8 bit characters to 4 6 bit characters (24 bit each). This tells us that we will have to look at all 3 character combinations to figure out which characters are possible and which are not. I've hacked a quick python script to iterate through all 3 character combinations, reducing any resulting character from the initial set of base64 characters:
import base64 chars = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'] sbase64 = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','+','/'] for i in chars: for j in chars: for k in chars: lst = i+j+k enc = base64.b64encode(lst) for l in enc: if l in sbase64: sbase64.remove(l) print sbase64
When we run the script it takes less than 0.3 seconds to return:
['7', 'f', '+', '/']
Which we have to lex-sort to submit the flag TMCTF{+/7f} and we receive 500 points for this 5 minute effort. Go b01lers!