Due to other commitments I only had little time to play during this CTF and when
I arrived on Saturday (the 2nd day of the competition) our b01lers were already
hacking away and we were hovering somewhere around 100.
For quite a while I looked trough some of the others and misc challenges but did
not find a good angle. I then turned my attention to base64, a crypto 500
challenge that asked us to identify which letters cannot occur in base64 encoded
strings whenever two strings overlap. The assumption was that two arbitrary
input strings are encoded in base64 and we are supposed to figure out which
letters cannot occur in both strings. The description was quite ambiguous and it
took me some time to figure out that the two strings were just a red herring and
that we only needed to find what characters cannot occur in base64 encoded
strings if the input are "alphabetical" strings.
Base64 encoding maps 3 8 bit characters to 4 6 bit characters (24 bit each).
This tells us that we will have to look at all 3 character combinations to
figure out which characters are possible and which are not. I've hacked a quick
python script to iterate through all 3 character combinations, reducing any
resulting character from the initial set of base64 characters:
import base64
chars = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z']
sbase64 = ['0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','+','/']
for i in chars:
for j in chars:
for k in chars:
lst = i+j+k
enc = base64.b64encode(lst)
for l in enc:
if l in sbase64:
sbase64.remove(l)
print sbase64
When we run the script it takes less than 0.3 seconds to return:
['7', 'f', '+', '/']
Which we have to lex-sort to submit the flag TMCTF{+/7f} and we receive 500
points for this 5 minute effort. Go b01lers!