Quantcast
Channel: Are you secure enough? » PHP
Viewing all articles
Browse latest Browse all 8

CSAW2013 – Alexander Taylor – (Recon 100 Points)

0
0

Picture of Alexander Taylor located at https://ctf.isis.poly.edu/judges/. I’m putting it there for who missed it:
Alexander Taylor
In first glance, it had nothing but by more focus, we realized the picture contains some extra chunks: xORk, kTXt
Observing the chunks’ names led us to do XOR between xORk chunk data and kTXt. Pictures below make it clear:
Alexander Taylor
Alexander Taylor
On pictures, the Red marks are CRC32 checks, the green marks are the extra chunks and Data is selected by mouse. So the extracted data were:

2836382C100304140A150814020708180D00610416110B12000761030C73021F021D0612630408030B1C1403631D0E030A10042A
43534157

The first one represents a non-printable ASCII code which had to be XORed, the second one was apparently the key (Obviously, we had to change the key’s length in order to become equal to encrypted string). Doing XOR by a PHP script:

<?php
function hex2ascii($hex)
{
        $ascii='';
        for($i=0; $i<strlen($hex); $i=$i+2)
        {
                $ascii.=chr(hexdec(substr($hex, $i, 2)));
        }
        return($ascii);
}
 
function xorhex($hex1, $hex2) {
        $len = max(strlen($hex1), strlen($hex2));
        $hex1 = str_pad($hex1, $len, "0", STR_PAD_LEFT);
        $hex2 = str_pad($hex2, $len, "0", STR_PAD_LEFT);
        $xor = "";
        for ($i = 0; $i < $len; $i += 6) {
                $one = (int)base_convert(substr($hex1, $i, 6), 16, 10);
                $two = (int)base_convert(substr($hex2, $i, 6), 16, 10);
                $xor .= str_pad(base_convert($one ^ $two, 10, 16), 6, "0", STR_PAD_LEFT);
        }
        return ltrim($xor, "0");
}
 
$s1 = '2836382C100304140A150814020708180D00610416110B12000761030C73021F021D0612630408030B1C1403631D0E030A10042A';
$s2 = '43534157435341574353415743534157435341574353415743534157435341574353415743534157435341574353415743534157';
 
$x = hex2ascii(xorhex($s1,$s2));
 
echo "\n" , $x, "\n\n";
?>

The flag:
Alexander Taylor


Viewing all articles
Browse latest Browse all 8

Latest Images

Trending Articles





Latest Images