Category: Hackvent 2015

Archive for the ‘Hackvent 2015’ Category

HACKvent 2015: Day 15

15 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 15 December 2015

Challenge

We've captured a strange message. It looks like it is encrypted somehow ...
iw, hu, fv, lu, dv, cy, og, lc, gy, fq, od, lo, fq, is, ig, gu, hs, hi, ds, cy, oo, os, iu, fs, gu, lh, dq, lv, gu, iw, hv, gu, di, hs, cy, oc, iw, gc
We've also intercepted what seems to be a hint to the key:
bytwycju + yzvyjjdy ^ vugljtyn + ugdztnwv | xbfziozy = bzuwtwol
^         ^          ^          ^          ^
wwnnnqbw - uclfqvdu & oncycbxh | oqcnwbsd ^ cgyoyfjg = vyhyjivb
&         &          &          &          &
yzdgotby | oigsjgoj | ttligxut - dhcqxtfw & szblgodf = sfgsoxdd
+         +          +          +          +
yjjowdqh & niiqztgs + ctvtwysu & diffhlnl - thhwohwn = xsvuojtx
-         -           -         -          -
nttuhlnq ^ oqbctlzh - nshtztns ^ htwizvwi + udluvhcz = syhjizjq
=         =           =         =          =         
fjivucti   zoljwdfl   sugvqgww   uxztiywn   jqxizzxq
Note:
assume q != 0
a letter is a decimal digit is a letter
each digit has exactly two different letter representations
C-like operator precedence

We've captured a strange message. It looks like it is encrypted somehow ...

iw, hu, fv, lu, dv, cy, og, lc, gy, fq, od, lo, fq, is, ig, gu, hs, hi, ds, cy, oo, os, iu, fs, gu, lh, dq, lv, gu, iw, hv, gu, di, hs, cy, oc, iw, gc

We've also intercepted what seems to be a hint to the key:

bytwycju + yzvyjjdy ^ vugljtyn + ugdztnwv | xbfziozy = bzuwtwol

^ ^ ^ ^ ^

wwnnnqbw - uclfqvdu & oncycbxh | oqcnwbsd ^ cgyoyfjg = vyhyjivb

& & & & &

yzdgotby | oigsjgoj | ttligxut - dhcqxtfw & szblgodf = sfgsoxdd

+ + + + +

yjjowdqh & niiqztgs + ctvtwysu & diffhlnl - thhwohwn = xsvuojtx

- - - - -

nttuhlnq ^ oqbctlzh - nshtztns ^ htwizvwi + udluvhcz = syhjizjq

= = = = =

fjivucti zoljwdfl sugvqgww uxztiywn jqxizzxq

Note:

assume q != 0

a letter is a decimal digit is a letter

each digit has exactly two different letter representations

C-like operator precedence

Solution

Straight away this looks like a logic solver problem. I intend to use Z3 theorem solver (link) as I am most familiar with it out of all the available solvers out there.

First step is to understand the problem. Each letter corresponds to a single digit 0-9. The q digit cannot be 0. Each digit is represented by exactly 2 letters. In the grid of equations, a series of letters like bytwycju means 8 digits. Ie if b was 2 and y was 8, it would be a number starting with 28XXXXXX. The operations used in the equations are & ^ | + - ==. C-like operator precedence is also used but this will match up nicely with python operator precedence.

Looking at the secret message, is it 38 pairs of letters. If each letter is a single digit then each pair must correspond to a ASCII capital letters/numbers/spaces…etc. So I am going to assume the secret message is a 38 character length string.

Every letter from the alphabet is present in the challenge description and equations except for: aekmpr
This works out nicely as excluding those 6 letters leaves 20 letters total which leaves exactly 2 letters per digit, perfect!

So I start writing a new python script and add in all the rules I need. I use a BitVec of 32 bits because some operations become large. I could use a BitVec of 4 bits but then certain bitwise operations would overflow which is not what I want.

For each equation I need to generate a list of long constraints to add to the Z3 solver object. To do this I use a short python script written by OS-Freeze from Germany (thanks!) which was slightly modified by myself:

#!/usr/bin/python
# By OS-Freeze, slightly modified by PersianMG
row = "yjjowdqh & niiqztgs + ctvtwysu & diffhlnl - thhwohwn = xsvuojtx"
symbol = []
for i in row.split():
if len(i) == 8:
count = 7
dat = list(''.join(i))
result = "("
for i in dat:
result = result + "ZV['"+i+"'] * pow(10,"+str(count)+")"
if count != 0:
result += " + "
count -= 1
result += ")"
print result
elif len(i) == 1:
if i == '=':
print '=='
else:
print i

#!/usr/bin/python

# By OS-Freeze, slightly modified by PersianMG

row = "yjjowdqh & niiqztgs + ctvtwysu & diffhlnl - thhwohwn = xsvuojtx"

symbol = []

for i in row.split():

if len(i) == 8:

count = 7

dat = list(''.join(i))

result = "("

for i in dat:

result = result + "ZV['"+i+"'] * pow(10,"+str(count)+")"

if count != 0:

result += " + "

count -= 1

result += ")"

print result

elif len(i) == 1:

if i == '=':

print '=='

else:

print i

The above script would produce:

(ZV['y'] * pow(10,7) + ZV['j'] * pow(10,6) + ZV['j'] * pow(10,5) + ZV['o'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['d'] * pow(10,2) + ZV['q'] * pow(10,1) + ZV['h'] * pow(10,0))
&
(ZV['n'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['i'] * pow(10,5) + ZV['q'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['g'] * pow(10,1) + ZV['s'] * pow(10,0))
+
(ZV['c'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['y'] * pow(10,2) + ZV['s'] * pow(10,1) + ZV['u'] * pow(10,0))
&
(ZV['d'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['f'] * pow(10,5) + ZV['f'] * pow(10,4) + ZV['h'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['l'] * pow(10,0))
-
(ZV['t'] * pow(10,7) + ZV['h'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['h'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['n'] * pow(10,0))
==
(ZV['x'] * pow(10,7) + ZV['s'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['j'] * pow(10,2) + ZV['t'] * pow(10,1) + ZV['x'] * pow(10,0))

(ZV['y'] * pow(10,7) + ZV['j'] * pow(10,6) + ZV['j'] * pow(10,5) + ZV['o'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['d'] * pow(10,2) + ZV['q'] * pow(10,1) + ZV['h'] * pow(10,0))

(ZV['n'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['i'] * pow(10,5) + ZV['q'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['g'] * pow(10,1) + ZV['s'] * pow(10,0))

(ZV['c'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['y'] * pow(10,2) + ZV['s'] * pow(10,1) + ZV['u'] * pow(10,0))

(ZV['d'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['f'] * pow(10,5) + ZV['f'] * pow(10,4) + ZV['h'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['l'] * pow(10,0))

(ZV['t'] * pow(10,7) + ZV['h'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['h'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['n'] * pow(10,0))

(ZV['x'] * pow(10,7) + ZV['s'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['j'] * pow(10,2) + ZV['t'] * pow(10,1) + ZV['x'] * pow(10,0))

I simply change the equation for each equation in the challenge description until I have all of the constraints I need.

Now I can construct my actual solver script:

#!/usr/bin/python
from z3 import *
ZV = {}
# Make solver
s = Solver()
# Everything but aekmpr is in the alphabet
for l in 'bcdfghijlnoqstuvwxyz':
ZV[l] = BitVec(l, 32)
# Limit to a single digit
for l in 'bcdfghijlnoqstuvwxyz':
s.add(ZV[l] >= 0)
s.add(ZV[l] <= 9)
# assume q != 0 (removed trivial 0 case)
s.add(ZV['q'] != 0)
# Row 1 (bytwycju + yzvyjjdy ^ vugljtyn + ugdztnwv | xbfziozy = bzuwtwol)
s.add(
(ZV['b'] * pow(10,7) + ZV['y'] * pow(10,6) + ZV['t'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['y'] * pow(10,3) + ZV['c'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['u'] * pow(10,0))
+
(ZV['y'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['j'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['y'] * pow(10,0))
^
(ZV['v'] * pow(10,7) + ZV['u'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['l'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['y'] * pow(10,1) + ZV['n'] * pow(10,0))
+
(ZV['u'] * pow(10,7) + ZV['g'] * pow(10,6) + ZV['d'] * pow(10,5) + ZV['z'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['n'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['v'] * pow(10,0))
|
(ZV['x'] * pow(10,7) + ZV['b'] * pow(10,6) + ZV['f'] * pow(10,5) + ZV['z'] * pow(10,4) + ZV['i'] * pow(10,3) + ZV['o'] * pow(10,2) + ZV['z'] * pow(10,1) + ZV['y'] * pow(10,0))
==
(ZV['b'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['u'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['w'] * pow(10,2) + ZV['o'] * pow(10,1) + ZV['l'] * pow(10,0))
)
# Row 2 (wwnnnqbw - uclfqvdu & oncycbxh | oqcnwbsd ^ cgyoyfjg = vyhyjivb)
s.add(
(ZV['w'] * pow(10,7) + ZV['w'] * pow(10,6) + ZV['n'] * pow(10,5) + ZV['n'] * pow(10,4) + ZV['n'] * pow(10,3) + ZV['q'] * pow(10,2) + ZV['b'] * pow(10,1) + ZV['w'] * pow(10,0))
-
(ZV['u'] * pow(10,7) + ZV['c'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['f'] * pow(10,4) + ZV['q'] * pow(10,3) + ZV['v'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['u'] * pow(10,0))
&
(ZV['o'] * pow(10,7) + ZV['n'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['c'] * pow(10,3) + ZV['b'] * pow(10,2) + ZV['x'] * pow(10,1) + ZV['h'] * pow(10,0))
|
(ZV['o'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['n'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['b'] * pow(10,2) + ZV['s'] * pow(10,1) + ZV['d'] * pow(10,0))
^
(ZV['c'] * pow(10,7) + ZV['g'] * pow(10,6) + ZV['y'] * pow(10,5) + ZV['o'] * pow(10,4) + ZV['y'] * pow(10,3) + ZV['f'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['g'] * pow(10,0))
==
(ZV['v'] * pow(10,7) + ZV['y'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['i'] * pow(10,2) + ZV['v'] * pow(10,1) + ZV['b'] * pow(10,0))
)
# Row 3 (yzdgotby | oigsjgoj | ttligxut - dhcqxtfw & szblgodf = sfgsoxdd)
s.add(
(ZV['y'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['d'] * pow(10,5) + ZV['g'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['b'] * pow(10,1) + ZV['y'] * pow(10,0))
|
(ZV['o'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['s'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['g'] * pow(10,2) + ZV['o'] * pow(10,1) + ZV['j'] * pow(10,0))
|
(ZV['t'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['g'] * pow(10,3) + ZV['x'] * pow(10,2) + ZV['u'] * pow(10,1) + ZV['t'] * pow(10,0))
-
(ZV['d'] * pow(10,7) + ZV['h'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['q'] * pow(10,4) + ZV['x'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['f'] * pow(10,1) + ZV['w'] * pow(10,0))
&
(ZV['s'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['b'] * pow(10,5) + ZV['l'] * pow(10,4) + ZV['g'] * pow(10,3) + ZV['o'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['f'] * pow(10,0))
==
(ZV['s'] * pow(10,7) + ZV['f'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['s'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['x'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['d'] * pow(10,0))
)
# Row 4 (nttuhlnq ^ oqbctlzh - nshtztns ^ htwizvwi + udluvhcz = syhjizjq)
s.add(
(ZV['n'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['t'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['h'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['q'] * pow(10,0))
^
(ZV['o'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['b'] * pow(10,5) + ZV['c'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['z'] * pow(10,1) + ZV['h'] * pow(10,0))
-
(ZV['n'] * pow(10,7) + ZV['s'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['s'] * pow(10,0))
^
(ZV['h'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['w'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['v'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['i'] * pow(10,0))
+
(ZV['u'] * pow(10,7) + ZV['d'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['v'] * pow(10,3) + ZV['h'] * pow(10,2) + ZV['c'] * pow(10,1) + ZV['z'] * pow(10,0))
==
(ZV['s'] * pow(10,7) + ZV['y'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['j'] * pow(10,4) + ZV['i'] * pow(10,3) + ZV['z'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['q'] * pow(10,0))
)
# Column 1 (bytwycju ^ wwnnnqbw & yzdgotby + yjjowdqh  - nttuhlnq = fjivucti)
s.add(
(ZV['b'] * pow(10,7) + ZV['y'] * pow(10,6) + ZV['t'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['y'] * pow(10,3) + ZV['c'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['u'] * pow(10,0))
^
(ZV['w'] * pow(10,7) + ZV['w'] * pow(10,6) + ZV['n'] * pow(10,5) + ZV['n'] * pow(10,4) + ZV['n'] * pow(10,3) + ZV['q'] * pow(10,2) + ZV['b'] * pow(10,1) + ZV['w'] * pow(10,0))
&
(ZV['y'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['d'] * pow(10,5) + ZV['g'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['b'] * pow(10,1) + ZV['y'] * pow(10,0))
+
(ZV['y'] * pow(10,7) + ZV['j'] * pow(10,6) + ZV['j'] * pow(10,5) + ZV['o'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['d'] * pow(10,2) + ZV['q'] * pow(10,1) + ZV['h'] * pow(10,0))
-
(ZV['n'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['t'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['h'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['q'] * pow(10,0))
==
(ZV['f'] * pow(10,7) + ZV['j'] * pow(10,6) + ZV['i'] * pow(10,5) + ZV['v'] * pow(10,4) + ZV['u'] * pow(10,3) + ZV['c'] * pow(10,2) + ZV['t'] * pow(10,1) + ZV['i'] * pow(10,0))
)
# Column 2 (yzvyjjdy ^ uclfqvdu & oigsjgoj + niiqztgs - oqbctlzh = zoljwdfl)
s.add(
(ZV['y'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['j'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['y'] * pow(10,0))
^
(ZV['u'] * pow(10,7) + ZV['c'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['f'] * pow(10,4) + ZV['q'] * pow(10,3) + ZV['v'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['u'] * pow(10,0))
&
(ZV['o'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['s'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['g'] * pow(10,2) + ZV['o'] * pow(10,1) + ZV['j'] * pow(10,0))
+
(ZV['n'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['i'] * pow(10,5) + ZV['q'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['g'] * pow(10,1) + ZV['s'] * pow(10,0))
-
(ZV['o'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['b'] * pow(10,5) + ZV['c'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['z'] * pow(10,1) + ZV['h'] * pow(10,0))
==
(ZV['z'] * pow(10,7) + ZV['o'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['j'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['d'] * pow(10,2) + ZV['f'] * pow(10,1) + ZV['l'] * pow(10,0))
)
# Column 3 (vugljtyn ^ oncycbxh & ttligxut + ctvtwysu - nshtztns = sugvqgww)
s.add(
(ZV['v'] * pow(10,7) + ZV['u'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['l'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['y'] * pow(10,1) + ZV['n'] * pow(10,0))
^
(ZV['o'] * pow(10,7) + ZV['n'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['c'] * pow(10,3) + ZV['b'] * pow(10,2) + ZV['x'] * pow(10,1) + ZV['h'] * pow(10,0))
&
(ZV['t'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['g'] * pow(10,3) + ZV['x'] * pow(10,2) + ZV['u'] * pow(10,1) + ZV['t'] * pow(10,0))
+
(ZV['c'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['y'] * pow(10,2) + ZV['s'] * pow(10,1) + ZV['u'] * pow(10,0))
-
(ZV['n'] * pow(10,7) + ZV['s'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['s'] * pow(10,0))
==
(ZV['s'] * pow(10,7) + ZV['u'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['v'] * pow(10,4) + ZV['q'] * pow(10,3) + ZV['g'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['w'] * pow(10,0))
)
# Column 4 (ugdztnwv ^ oqcnwbsd & dhcqxtfw + diffhlnl - htwizvwi = uxztiywn)
s.add(
(ZV['u'] * pow(10,7) + ZV['g'] * pow(10,6) + ZV['d'] * pow(10,5) + ZV['z'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['n'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['v'] * pow(10,0))
^
(ZV['o'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['n'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['b'] * pow(10,2) + ZV['s'] * pow(10,1) + ZV['d'] * pow(10,0))
&
(ZV['d'] * pow(10,7) + ZV['h'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['q'] * pow(10,4) + ZV['x'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['f'] * pow(10,1) + ZV['w'] * pow(10,0))
+
(ZV['d'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['f'] * pow(10,5) + ZV['f'] * pow(10,4) + ZV['h'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['l'] * pow(10,0))
-
(ZV['h'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['w'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['v'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['i'] * pow(10,0))
==
(ZV['u'] * pow(10,7) + ZV['x'] * pow(10,6) + ZV['z'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['i'] * pow(10,3) + ZV['y'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['n'] * pow(10,0))
)
# Column 5 (xbfziozy ^ cgyoyfjg & szblgodf + thhwohwn - udluvhcz  = jqxizzxq)
s.add(
(ZV['x'] * pow(10,7) + ZV['b'] * pow(10,6) + ZV['f'] * pow(10,5) + ZV['z'] * pow(10,4) + ZV['i'] * pow(10,3) + ZV['o'] * pow(10,2) + ZV['z'] * pow(10,1) + ZV['y'] * pow(10,0))
^
(ZV['c'] * pow(10,7) + ZV['g'] * pow(10,6) + ZV['y'] * pow(10,5) + ZV['o'] * pow(10,4) + ZV['y'] * pow(10,3) + ZV['f'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['g'] * pow(10,0))
&
(ZV['s'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['b'] * pow(10,5) + ZV['l'] * pow(10,4) + ZV['g'] * pow(10,3) + ZV['o'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['f'] * pow(10,0))
+
(ZV['t'] * pow(10,7) + ZV['h'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['h'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['n'] * pow(10,0))
-
(ZV['u'] * pow(10,7) + ZV['d'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['v'] * pow(10,3) + ZV['h'] * pow(10,2) + ZV['c'] * pow(10,1) + ZV['z'] * pow(10,0))
==
(ZV['j'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['x'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['z'] * pow(10,2) + ZV['x'] * pow(10,1) + ZV['q'] * pow(10,0))
)
# Print answers
print(s.check())
print(s.model())

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

#!/usr/bin/python

from z3 import *

ZV = {}

# Make solver

s = Solver()

# Everything but aekmpr is in the alphabet

for l in 'bcdfghijlnoqstuvwxyz':

ZV[l] = BitVec(l, 32)

# Limit to a single digit

for l in 'bcdfghijlnoqstuvwxyz':

s.add(ZV[l] >= 0)

s.add(ZV[l] <= 9)

# assume q != 0 (removed trivial 0 case)

s.add(ZV['q'] != 0)

# Row 1 (bytwycju + yzvyjjdy ^ vugljtyn + ugdztnwv | xbfziozy = bzuwtwol)

s.add(

(ZV['b'] * pow(10,7) + ZV['y'] * pow(10,6) + ZV['t'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['y'] * pow(10,3) + ZV['c'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['u'] * pow(10,0))

(ZV['y'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['j'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['y'] * pow(10,0))

(ZV['v'] * pow(10,7) + ZV['u'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['l'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['y'] * pow(10,1) + ZV['n'] * pow(10,0))

(ZV['u'] * pow(10,7) + ZV['g'] * pow(10,6) + ZV['d'] * pow(10,5) + ZV['z'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['n'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['v'] * pow(10,0))

(ZV['x'] * pow(10,7) + ZV['b'] * pow(10,6) + ZV['f'] * pow(10,5) + ZV['z'] * pow(10,4) + ZV['i'] * pow(10,3) + ZV['o'] * pow(10,2) + ZV['z'] * pow(10,1) + ZV['y'] * pow(10,0))

(ZV['b'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['u'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['w'] * pow(10,2) + ZV['o'] * pow(10,1) + ZV['l'] * pow(10,0))

)

# Row 2 (wwnnnqbw - uclfqvdu & oncycbxh | oqcnwbsd ^ cgyoyfjg = vyhyjivb)

s.add(

(ZV['w'] * pow(10,7) + ZV['w'] * pow(10,6) + ZV['n'] * pow(10,5) + ZV['n'] * pow(10,4) + ZV['n'] * pow(10,3) + ZV['q'] * pow(10,2) + ZV['b'] * pow(10,1) + ZV['w'] * pow(10,0))

(ZV['u'] * pow(10,7) + ZV['c'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['f'] * pow(10,4) + ZV['q'] * pow(10,3) + ZV['v'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['u'] * pow(10,0))

(ZV['o'] * pow(10,7) + ZV['n'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['c'] * pow(10,3) + ZV['b'] * pow(10,2) + ZV['x'] * pow(10,1) + ZV['h'] * pow(10,0))

(ZV['o'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['n'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['b'] * pow(10,2) + ZV['s'] * pow(10,1) + ZV['d'] * pow(10,0))

(ZV['c'] * pow(10,7) + ZV['g'] * pow(10,6) + ZV['y'] * pow(10,5) + ZV['o'] * pow(10,4) + ZV['y'] * pow(10,3) + ZV['f'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['g'] * pow(10,0))

(ZV['v'] * pow(10,7) + ZV['y'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['i'] * pow(10,2) + ZV['v'] * pow(10,1) + ZV['b'] * pow(10,0))

)

# Row 3 (yzdgotby | oigsjgoj | ttligxut - dhcqxtfw & szblgodf = sfgsoxdd)

s.add(

(ZV['y'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['d'] * pow(10,5) + ZV['g'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['b'] * pow(10,1) + ZV['y'] * pow(10,0))

(ZV['o'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['s'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['g'] * pow(10,2) + ZV['o'] * pow(10,1) + ZV['j'] * pow(10,0))

(ZV['t'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['g'] * pow(10,3) + ZV['x'] * pow(10,2) + ZV['u'] * pow(10,1) + ZV['t'] * pow(10,0))

(ZV['d'] * pow(10,7) + ZV['h'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['q'] * pow(10,4) + ZV['x'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['f'] * pow(10,1) + ZV['w'] * pow(10,0))

(ZV['s'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['b'] * pow(10,5) + ZV['l'] * pow(10,4) + ZV['g'] * pow(10,3) + ZV['o'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['f'] * pow(10,0))

(ZV['s'] * pow(10,7) + ZV['f'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['s'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['x'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['d'] * pow(10,0))

)

# Row 4 (nttuhlnq ^ oqbctlzh - nshtztns ^ htwizvwi + udluvhcz = syhjizjq)

s.add(

(ZV['n'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['t'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['h'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['q'] * pow(10,0))

(ZV['o'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['b'] * pow(10,5) + ZV['c'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['z'] * pow(10,1) + ZV['h'] * pow(10,0))

(ZV['n'] * pow(10,7) + ZV['s'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['s'] * pow(10,0))

(ZV['h'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['w'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['v'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['i'] * pow(10,0))

(ZV['u'] * pow(10,7) + ZV['d'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['v'] * pow(10,3) + ZV['h'] * pow(10,2) + ZV['c'] * pow(10,1) + ZV['z'] * pow(10,0))

(ZV['s'] * pow(10,7) + ZV['y'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['j'] * pow(10,4) + ZV['i'] * pow(10,3) + ZV['z'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['q'] * pow(10,0))

)

# Column 1 (bytwycju ^ wwnnnqbw & yzdgotby + yjjowdqh - nttuhlnq = fjivucti)

s.add(

(ZV['b'] * pow(10,7) + ZV['y'] * pow(10,6) + ZV['t'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['y'] * pow(10,3) + ZV['c'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['u'] * pow(10,0))

(ZV['w'] * pow(10,7) + ZV['w'] * pow(10,6) + ZV['n'] * pow(10,5) + ZV['n'] * pow(10,4) + ZV['n'] * pow(10,3) + ZV['q'] * pow(10,2) + ZV['b'] * pow(10,1) + ZV['w'] * pow(10,0))

(ZV['y'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['d'] * pow(10,5) + ZV['g'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['b'] * pow(10,1) + ZV['y'] * pow(10,0))

(ZV['y'] * pow(10,7) + ZV['j'] * pow(10,6) + ZV['j'] * pow(10,5) + ZV['o'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['d'] * pow(10,2) + ZV['q'] * pow(10,1) + ZV['h'] * pow(10,0))

(ZV['n'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['t'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['h'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['q'] * pow(10,0))

(ZV['f'] * pow(10,7) + ZV['j'] * pow(10,6) + ZV['i'] * pow(10,5) + ZV['v'] * pow(10,4) + ZV['u'] * pow(10,3) + ZV['c'] * pow(10,2) + ZV['t'] * pow(10,1) + ZV['i'] * pow(10,0))

)

# Column 2 (yzvyjjdy ^ uclfqvdu & oigsjgoj + niiqztgs - oqbctlzh = zoljwdfl)

s.add(

(ZV['y'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['j'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['y'] * pow(10,0))

(ZV['u'] * pow(10,7) + ZV['c'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['f'] * pow(10,4) + ZV['q'] * pow(10,3) + ZV['v'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['u'] * pow(10,0))

(ZV['o'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['s'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['g'] * pow(10,2) + ZV['o'] * pow(10,1) + ZV['j'] * pow(10,0))

(ZV['n'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['i'] * pow(10,5) + ZV['q'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['g'] * pow(10,1) + ZV['s'] * pow(10,0))

(ZV['o'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['b'] * pow(10,5) + ZV['c'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['z'] * pow(10,1) + ZV['h'] * pow(10,0))

(ZV['z'] * pow(10,7) + ZV['o'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['j'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['d'] * pow(10,2) + ZV['f'] * pow(10,1) + ZV['l'] * pow(10,0))

)

# Column 3 (vugljtyn ^ oncycbxh & ttligxut + ctvtwysu - nshtztns = sugvqgww)

s.add(

(ZV['v'] * pow(10,7) + ZV['u'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['l'] * pow(10,4) + ZV['j'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['y'] * pow(10,1) + ZV['n'] * pow(10,0))

(ZV['o'] * pow(10,7) + ZV['n'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['y'] * pow(10,4) + ZV['c'] * pow(10,3) + ZV['b'] * pow(10,2) + ZV['x'] * pow(10,1) + ZV['h'] * pow(10,0))

(ZV['t'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['g'] * pow(10,3) + ZV['x'] * pow(10,2) + ZV['u'] * pow(10,1) + ZV['t'] * pow(10,0))

(ZV['c'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['v'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['y'] * pow(10,2) + ZV['s'] * pow(10,1) + ZV['u'] * pow(10,0))

(ZV['n'] * pow(10,7) + ZV['s'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['s'] * pow(10,0))

(ZV['s'] * pow(10,7) + ZV['u'] * pow(10,6) + ZV['g'] * pow(10,5) + ZV['v'] * pow(10,4) + ZV['q'] * pow(10,3) + ZV['g'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['w'] * pow(10,0))

)

# Column 4 (ugdztnwv ^ oqcnwbsd & dhcqxtfw + diffhlnl - htwizvwi = uxztiywn)

s.add(

(ZV['u'] * pow(10,7) + ZV['g'] * pow(10,6) + ZV['d'] * pow(10,5) + ZV['z'] * pow(10,4) + ZV['t'] * pow(10,3) + ZV['n'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['v'] * pow(10,0))

(ZV['o'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['n'] * pow(10,4) + ZV['w'] * pow(10,3) + ZV['b'] * pow(10,2) + ZV['s'] * pow(10,1) + ZV['d'] * pow(10,0))

(ZV['d'] * pow(10,7) + ZV['h'] * pow(10,6) + ZV['c'] * pow(10,5) + ZV['q'] * pow(10,4) + ZV['x'] * pow(10,3) + ZV['t'] * pow(10,2) + ZV['f'] * pow(10,1) + ZV['w'] * pow(10,0))

(ZV['d'] * pow(10,7) + ZV['i'] * pow(10,6) + ZV['f'] * pow(10,5) + ZV['f'] * pow(10,4) + ZV['h'] * pow(10,3) + ZV['l'] * pow(10,2) + ZV['n'] * pow(10,1) + ZV['l'] * pow(10,0))

(ZV['h'] * pow(10,7) + ZV['t'] * pow(10,6) + ZV['w'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['v'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['i'] * pow(10,0))

(ZV['u'] * pow(10,7) + ZV['x'] * pow(10,6) + ZV['z'] * pow(10,5) + ZV['t'] * pow(10,4) + ZV['i'] * pow(10,3) + ZV['y'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['n'] * pow(10,0))

)

# Column 5 (xbfziozy ^ cgyoyfjg & szblgodf + thhwohwn - udluvhcz = jqxizzxq)

s.add(

(ZV['x'] * pow(10,7) + ZV['b'] * pow(10,6) + ZV['f'] * pow(10,5) + ZV['z'] * pow(10,4) + ZV['i'] * pow(10,3) + ZV['o'] * pow(10,2) + ZV['z'] * pow(10,1) + ZV['y'] * pow(10,0))

(ZV['c'] * pow(10,7) + ZV['g'] * pow(10,6) + ZV['y'] * pow(10,5) + ZV['o'] * pow(10,4) + ZV['y'] * pow(10,3) + ZV['f'] * pow(10,2) + ZV['j'] * pow(10,1) + ZV['g'] * pow(10,0))

(ZV['s'] * pow(10,7) + ZV['z'] * pow(10,6) + ZV['b'] * pow(10,5) + ZV['l'] * pow(10,4) + ZV['g'] * pow(10,3) + ZV['o'] * pow(10,2) + ZV['d'] * pow(10,1) + ZV['f'] * pow(10,0))

(ZV['t'] * pow(10,7) + ZV['h'] * pow(10,6) + ZV['h'] * pow(10,5) + ZV['w'] * pow(10,4) + ZV['o'] * pow(10,3) + ZV['h'] * pow(10,2) + ZV['w'] * pow(10,1) + ZV['n'] * pow(10,0))

(ZV['u'] * pow(10,7) + ZV['d'] * pow(10,6) + ZV['l'] * pow(10,5) + ZV['u'] * pow(10,4) + ZV['v'] * pow(10,3) + ZV['h'] * pow(10,2) + ZV['c'] * pow(10,1) + ZV['z'] * pow(10,0))

(ZV['j'] * pow(10,7) + ZV['q'] * pow(10,6) + ZV['x'] * pow(10,5) + ZV['i'] * pow(10,4) + ZV['z'] * pow(10,3) + ZV['z'] * pow(10,2) + ZV['x'] * pow(10,1) + ZV['q'] * pow(10,0))

)

# Print answers

print(s.check())

print(s.model())

This is really a simple script. I use a dictionary called ZV to keep track of all my letters. I add in every letter as 32 bit BitVec’s. Next I add the constraint that ensures each letter is in [0,9]. I add the q != 0 contraint which eliminates the trivial all zero solution. Finally I add all the rules I generated above and run the script!

The following solution is found after 20 seconds or so:

[x = 1,  
z = 0,  
c = 3,  
v = 9,  
s = 9,  
q = 5,  
l = 8,  
g = 3,  
b = 5,  
f = 6,  
i = 8,  
o = 7,  
j = 0,  
u = 2,  
h = 7,  
w = 4,  
n = 1,  
d = 6,  
y = 2,  
t = 4]

[x = 1,

z = 0,

c = 3,

v = 9,

s = 9,

q = 5,

l = 8,

g = 3,

b = 5,

f = 6,

i = 8,

o = 7,

j = 0,

u = 2,

h = 7,

w = 4,

n = 1,

d = 6,

y = 2,

t = 4]

Nice!
I write a short script to decode the original message using the above solution (or key).
I end up with:

#!/usr/bin/python
import sys
# The secret message
# Each letter represents a digit which represents an ascii number
codes=['iw','hu','fv','lu','dv','cy','og','lc','gy','fq','od','lo','fq','is','ig','gu','hs','hi','ds','cy','oo','os','iu','fs','gu','lh','dq','lv','gu','iw','hv','gu','di','hs','cy','oc','iw','gc']
#Key
key={}
key['x']=1
key['z']=0
key['c']=3
key['v']=9
key['s']=9
key['q']=5
key['l']=8
key['g']=3
key['b']=5
key['f']=6
key['i']=8
key['o']=7
key['j']=0
key['u']=2
key['h']=7
key['w']=4
key['n']=1
key['d']=6
key['y']=2
key['t']=4
for code in codes:
ascii_num = int(key[code[0]])*10 + int(key[code[1]])
sys.stdout.write(chr(ascii_num))

#!/usr/bin/python

import sys

# The secret message

# Each letter represents a digit which represents an ascii number

codes=['iw','hu','fv','lu','dv','cy','og','lc','gy','fq','od','lo','fq','is','ig','gu','hs','hi','ds','cy','oo','os','iu','fs','gu','lh','dq','lv','gu','iw','hv','gu','di','hs','cy','oc','iw','gc']

#Key

key={}

key['x']=1

key['z']=0

key['c']=3

key['v']=9

key['s']=9

key['q']=5

key['l']=8

key['g']=3

key['b']=5

key['f']=6

key['i']=8

key['o']=7

key['j']=0

key['u']=2

key['h']=7

key['w']=4

key['n']=1

key['d']=6

key['y']=2

key['t']=4

for code in codes:

ascii_num = int(key[code[0]])*10 + int(key[code[1]])

sys.stdout.write(chr(ascii_num))

I run the script and the following message is printed:

THERE IS ALWAYS ONE MORE WAY TO DO IT!

I enter this into the ball-0-matic, get the daily QR code and the daily flag!

Day 15 Solution Ball

Flag: HV15-U3bA-BKhc-gNqN-Hit6-C1fK

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 14

14 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 14 December 2015

Challenge

pull out the Nugget out of this binary.

1	pull out the Nugget out of this binary.

The following Windows binary was also provided: Download EXE File

Solution

I download the binary and run it and am presented with the following program:

Hackvent Day 14 Program

It turns out that this program will tell you (via a messagebox) if you enter in the correct daily nugget or not!
So all we have to do is check the binary to see what causes the successful message box to appear.

Note: You can do this challenge using IDA or a .NET disassembler like ILSpy (link).

If using IDA, its useful to be familiar with CIL instructions.

ILSpy Approach
I decided to use ILSpy as it is apparently a very good .NET disassembler. I open the program and load the binary and it disassembles it into various classes as you would expect.
We are mainly interested in the hv15 class. By searching for strings like yes, that is the key! we realise the only important functions we need to look at are Button1_Click and Encrypt .

This is the code for both:

Button1_Click

// hv15.Form1
private void Button1_Click(object sender, EventArgs e)
{
string text = this.TextBox1.Text;
string left = this.Encrypt(text, Form1.GlobalVariables.assembly);
if (Operators.CompareString(left, "zV5/UFU8PUD3N2T49IBuCwvGzCLYz39tkMZts7rfBU4=", false) == 0)
{
Interaction.MsgBox("yes, that is the key!", MsgBoxStyle.Information, "HACKVent 2015");
}
else
{
Interaction.MsgBox("nope, that is NOT the key!", MsgBoxStyle.Critical, "HACKVent 2015");
}
}

// hv15.Form1

private void Button1_Click(object sender, EventArgs e)

{

string text = this.TextBox1.Text;

string left = this.Encrypt(text, Form1.GlobalVariables.assembly);

if (Operators.CompareString(left, "zV5/UFU8PUD3N2T49IBuCwvGzCLYz39tkMZts7rfBU4=", false) == 0)

{

Interaction.MsgBox("yes, that is the key!", MsgBoxStyle.Information, "HACKVent 2015");

}

else

{

Interaction.MsgBox("nope, that is NOT the key!", MsgBoxStyle.Critical, "HACKVent 2015");

}

Encrypt

// hv15.Form1
public string Encrypt(string input, string pass)
{
RijndaelManaged rijndaelManaged = new RijndaelManaged();
MD5CryptoServiceProvider mD5CryptoServiceProvider = new MD5CryptoServiceProvider();
string result;
try
{
byte[] array = new byte[32];
byte[] sourceArray = mD5CryptoServiceProvider.ComputeHash(Encoding.ASCII.GetBytes(pass));
Array.Copy(sourceArray, 0, array, 0, 16);
Array.Copy(sourceArray, 0, array, 15, 16);
rijndaelManaged.Key = array;
rijndaelManaged.Mode = CipherMode.ECB;
ICryptoTransform cryptoTransform = rijndaelManaged.CreateEncryptor();
byte[] bytes = Encoding.ASCII.GetBytes(input);
result = Convert.ToBase64String(cryptoTransform.TransformFinalBlock(bytes, 0, bytes.Length));
}
catch (Exception expr_7B)
{
ProjectData.SetProjectError(expr_7B);
Exception ex = expr_7B;
Interaction.MsgBox(ex.Message, MsgBoxStyle.OkOnly, null);
result = "";
ProjectData.ClearProjectError();
}
return result;
}

// hv15.Form1

public string Encrypt(string input, string pass)

{

RijndaelManaged rijndaelManaged = new RijndaelManaged();

MD5CryptoServiceProvider mD5CryptoServiceProvider = new MD5CryptoServiceProvider();

string result;

try

{

byte[] array = new byte[32];

byte[] sourceArray = mD5CryptoServiceProvider.ComputeHash(Encoding.ASCII.GetBytes(pass));

Array.Copy(sourceArray, 0, array, 0, 16);

Array.Copy(sourceArray, 0, array, 15, 16);

rijndaelManaged.Key = array;

rijndaelManaged.Mode = CipherMode.ECB;

ICryptoTransform cryptoTransform = rijndaelManaged.CreateEncryptor();

byte[] bytes = Encoding.ASCII.GetBytes(input);

result = Convert.ToBase64String(cryptoTransform.TransformFinalBlock(bytes, 0, bytes.Length));

}

catch (Exception expr_7B)

{

ProjectData.SetProjectError(expr_7B);

Exception ex = expr_7B;

Interaction.MsgBox(ex.Message, MsgBoxStyle.OkOnly, null);

result = "";

ProjectData.ClearProjectError();

}

return result;

}

It becomes super simple to solve this challenge at this stage. The input parameter is just the text we enter into the textbox and the pass parameter is Form1.GlobalVariables.assembly which is defined to be the string __ERROR_HANDLER. All we have to do is reverse the encryption starting with an input that equals zV5/UFU8PUD3N2T49IBuCwvGzCLYz39tkMZts7rfBU4=. We first decode the base64 string into a byte array and then run the program again but with rijndaelManaged.CreateEncryptor() changed to rijndaelManaged.CreateDecryptor().

I wrote a small C# program that accomplishes what we want to do:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Security.Cryptography;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
//Undo Encrypt function!
string input = "zV5/UFU8PUD3N2T49IBuCwvGzCLYz39tkMZts7rfBU4=";
string pass = "__ERROR_HANDLER";
//Decode base64
byte[] unb64 = Convert.FromBase64String(input);
//Set up the Rijndael keys in same way as before
byte[] result;
RijndaelManaged rijndaelManaged = new RijndaelManaged();
MD5CryptoServiceProvider mD5CryptoServiceProvider = new MD5CryptoServiceProvider();
byte[] array = new byte[32];
byte[] sourceArray = mD5CryptoServiceProvider.ComputeHash(Encoding.ASCII.GetBytes(pass));
Array.Copy(sourceArray, 0, array, 0, 16);
Array.Copy(sourceArray, 0, array, 15, 16);
rijndaelManaged.Key = array;
rijndaelManaged.Mode = CipherMode.ECB;
ICryptoTransform cryptoTransform = rijndaelManaged.CreateDecryptor(); //This time we make a decryptor
//Transform final block
result = cryptoTransform.TransformFinalBlock(unb64, 0, unb64.Length);
//Print result as ASCII
Console.WriteLine(Encoding.ASCII.GetString(result));
}
}
}

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Threading.Tasks;

using System.Security.Cryptography;

namespace ConsoleApplication1

{

class Program

{

static void Main(string[] args)

{

//Undo Encrypt function!

string input = "zV5/UFU8PUD3N2T49IBuCwvGzCLYz39tkMZts7rfBU4=";

string pass = "__ERROR_HANDLER";

//Decode base64

byte[] unb64 = Convert.FromBase64String(input);

//Set up the Rijndael keys in same way as before

byte[] result;

RijndaelManaged rijndaelManaged = new RijndaelManaged();

MD5CryptoServiceProvider mD5CryptoServiceProvider = new MD5CryptoServiceProvider();

byte[] array = new byte[32];

byte[] sourceArray = mD5CryptoServiceProvider.ComputeHash(Encoding.ASCII.GetBytes(pass));

Array.Copy(sourceArray, 0, array, 0, 16);

Array.Copy(sourceArray, 0, array, 15, 16);

rijndaelManaged.Key = array;

rijndaelManaged.Mode = CipherMode.ECB;

ICryptoTransform cryptoTransform = rijndaelManaged.CreateDecryptor(); //This time we make a decryptor

//Transform final block

result = cryptoTransform.TransformFinalBlock(unb64, 0, unb64.Length);

//Print result as ASCII

Console.WriteLine(Encoding.ASCII.GetString(result));

}

We run the above program and get our flag!

Flag: HV15-uQEJ-4HPX-Qcau-Xvt7-NAlP

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 13

13 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 13 December 2015

Challenge

... here it is, but will you be able to reveal it's secret?

1	... here it is, but will you be able to reveal it's secret?

The following image was also provided:

Day 13 Ball

Solution

First I suspect the common least significant bit steganography technique has been used here where the least two or one significant bit(s) of the image have been changes so other images can be hidden without affecting the appearance of the first image by much.

I load up Matlab as it is fairly good for image processing and write a little script to gather the least significant bit of each RGB channel for every pixel (this is based off a script I wrote for HV14).

I end up with this code:

%Takes RGB image matrix and returns hidden day13 images
function res = day13(rgbimage)
%for each pixel in image
for i=1: size(rgbimage, 1),
for j=1:size(rgbimage,1),
%Get RGB values of least significant bit
R = bitand(rgbimage(i,j,1), 1);
G = bitand(rgbimage(i,j,2), 1);
B = bitand(rgbimage(i,j,3), 1);
%Calculate new pixels for image
res(i,j) = R + G + B;
end
end
%Show image in grayscale
imagesc(res)
colormap('gray');

%Takes RGB image matrix and returns hidden day13 images

function res = day13(rgbimage)

%for each pixel in image

for i=1: size(rgbimage, 1),

for j=1:size(rgbimage,1),

%Get RGB values of least significant bit

R = bitand(rgbimage(i,j,1), 1);

G = bitand(rgbimage(i,j,2), 1);

B = bitand(rgbimage(i,j,3), 1);

%Calculate new pixels for image

res(i,j) = R + G + B;

end

%Show image in grayscale

imagesc(res)

colormap('gray');

Now, I added the RGB channels least significant bits together and observe the image that is produced.

I get:
Secret image R+G+B

I can read the text on the image but its clear that each RGB channel contains something different. I run the script three more times and change res(i,j) = R + G + B to res(i,j) = R then res(i,j) = G and finally res(i,j) = B

After this I get three clear images:

Red Channel

Red Channel Image

This is a message telling us that we should look elsewhere. Nothing special but a sweet Mario reference!

Blue Channel

Blue Channel Image

This one is interesting, its telling us to look at XKCD comic number #26 which is available here.

Comic:

XKCD 26 Fourier

Seems interesting and important.

Green Channel

Green Channel Image

This image also seems important. I try to convert all the bits within to ASCII but no luck. I scan the image for QR codes and barcodes and do fine some UPC_E barcodes but they just happened to be created by coincidence.

Putting it all together

Finally, I think about the XKCD comic and discover (through research) that you can hide images within images using a Fourier transform. I try to do this within Photoshop but my plugin was not compatible or perhaps it was corrupt. Gimp should have a FFT filter but I did not have access to linux at the time. So I found an online tool that performs Fourier transformations to images (link).

I use the online tool on the original Christmas ball image (because the excess amounts of green blobs in the center of the image make it the primary candidate) and get this result:

Fourier Secret Image

A secret message is found which says: f0uRier-ru1ez

We put this in the ball-o-matic and get it gives us the ball which we scan to get our flag!

Day 13 Solution Ball

Flag: HV15-1W0A-gTOY-bOpM-mexV-LoAz

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 12

12 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 12 December 2015

Challenge

We were given this little piece of code to run.
Unfortunately it takes a bit too long to terminate on our systems and even gcc's -O3 does not seem to help.
Maybe you want to run it on your new peta-flop CPU for a couple of years?

We were given this little piece of code to run.

Unfortunately it takes a bit too long to terminate on our systems and even gcc's -O3 does not seem to help.

Maybe you want to run it on your new peta-flop CPU for a couple of years?

The following C code is also provided:

#include <stdio.h>
#include <stdint.h>
uint64_t foo(uint64_t a) {
uint64_t s = a - 42;
s += 23*2-3;
return s;
}
uint64_t bar(uint64_t a) {
uint64_t s = a + 42;
s -= 23*2-3;
return s;
}
uint64_t baz(uint64_t a, uint64_t b) {
uint64_t r = 0;
for(uint64_t i=0; i<a; i++)
r = foo(r);
for(uint64_t i=0; i<b; i++)
r = foo(r);
return r;
}
uint64_t spam(uint64_t a, uint64_t b) {
uint64_t r = baz(0,a);
for(uint64_t i=0; i<b; i++)
r = bar(r);
return r;
}
uint64_t eggs(uint64_t a, uint64_t b) {
uint64_t r = 0;
for(uint64_t i=0; i<a; i++)
r = baz(r, b);
return r;
}
uint64_t merry(uint64_t a, uint64_t b) {
uint64_t i;
for(i=0; a>=b; i++)
a = spam(a, b);
return i;
}
uint64_t xmas(uint64_t a, uint64_t b) {
return spam(a, eggs(merry(a,b),b));
}
uint64_t hackvent(uint64_t a, uint64_t b) {
uint64_t r = 1;
for(uint64_t i=0; i<a; i++)
r = eggs(r, b);
return r;	
}
int main() {
uint64_t val=0;
for(uint64_t i=0; i<0xC0DE42; i++) {
val = xmas(eggs(baz(hackvent(merry(i,42),3),val),i),0x42DEADBABEC0FFEE);
}
printf("HV15-mHPC-%04llx-%04llx-%04llx-%04llx\n",
val>>48,(val&0x0000FFFF00000000)>>32,
(val&0x00000000FFFF0000)>>16, (val&0x000000000000FFFF));
return 0;
}

#include <stdio.h>

#include <stdint.h>

uint64_t foo(uint64_t a) {

uint64_t s = a - 42;

s += 23*2-3;

return s;

}

uint64_t bar(uint64_t a) {

uint64_t s = a + 42;

s -= 23*2-3;

return s;

}

uint64_t baz(uint64_t a, uint64_t b) {

uint64_t r = 0;

for(uint64_t i=0; i<a; i++)

r = foo(r);

for(uint64_t i=0; i<b; i++)

r = foo(r);

return r;

}

uint64_t spam(uint64_t a, uint64_t b) {

uint64_t r = baz(0,a);

for(uint64_t i=0; i<b; i++)

r = bar(r);

return r;

}

uint64_t eggs(uint64_t a, uint64_t b) {

uint64_t r = 0;

for(uint64_t i=0; i<a; i++)

r = baz(r, b);

return r;

}

uint64_t merry(uint64_t a, uint64_t b) {

uint64_t i;

for(i=0; a>=b; i++)

a = spam(a, b);

return i;

}

uint64_t xmas(uint64_t a, uint64_t b) {

return spam(a, eggs(merry(a,b),b));

}

uint64_t hackvent(uint64_t a, uint64_t b) {

uint64_t r = 1;

for(uint64_t i=0; i<a; i++)

r = eggs(r, b);

return r;

}

int main() {

uint64_t val=0;

for(uint64_t i=0; i<0xC0DE42; i++) {

val = xmas(eggs(baz(hackvent(merry(i,42),3),val),i),0x42DEADBABEC0FFEE);

}

printf("HV15-mHPC-%04llx-%04llx-%04llx-%04llx\n",

val>>48,(val&0x0000FFFF00000000)>>32,

(val&0x00000000FFFF0000)>>16, (val&0x000000000000FFFF));

return 0;

}

Solution

Clearly the issue here is that this program is very inefficient.
So what does the program do? First it sets the unsigned 64 bit integer variables val and i to 0. Then 0xC0DE42 iterations occur and the val is recomputed each calculation. The previous val and i values are used to recompute the new val value.

After all this, it appears as if the nugget we need is printed out! The 4 missing blocks in the nugget are based on 4 groups of 16 bits which come from the final val value.
So we begin to optimize the code!

foo and bar

We start with the foo and bar functions which are very similar to each other.
It turns out that they simplify to:

uint64_t foo(uint64_t a) { return (a - 42) + 23 * 2 - 3; }
uint64_t foo(uint64_t a) { return (a - 42) + 43; }
uint64_t foo(uint64_t a) { return (a + 1); }
uint64_t bar(uint64_t a) { return (a + 42) - 23 * 2 - 3; }
uint64_t bar(uint64_t a) { return (a + 42) - 43; }
uint64_t bar(uint64_t a) { return (a - 1); }

uint64_t foo(uint64_t a) { return (a - 42) + 23 * 2 - 3; }

uint64_t foo(uint64_t a) { return (a - 42) + 43; }

uint64_t foo(uint64_t a) { return (a + 1); }

uint64_t bar(uint64_t a) { return (a + 42) - 23 * 2 - 3; }

uint64_t bar(uint64_t a) { return (a + 42) - 43; }

uint64_t bar(uint64_t a) { return (a - 1); }

So we have just optimised these two functions slightly. The next step is go through the code and replace all calls to foo and bar with simply increments or decrements. I’m not going to show the changes I made to each call as that would make this post too long but you get the idea.

Optimized functions:

uint64_t foo(uint64_t a) {
return a + 1;
}
uint64_t bar(uint64_t a) {
return a - 1;
}

uint64_t foo(uint64_t a) {

return a + 1;

}

uint64_t bar(uint64_t a) {

return a - 1;

}

baz

baz should look like this at this stage:

uint64_t baz(uint64_t a, uint64_t b) {
uint64_t r = 0;
for(uint64_t i=0; i<a; i++)
r += 1;
for(uint64_t i=0; i<b; i++)
r += 1;
return r;
}

uint64_t baz(uint64_t a, uint64_t b) {

uint64_t r = 0;

for(uint64_t i=0; i<a; i++)

r += 1;

for(uint64_t i=0; i<b; i++)

r += 1;

return r;

}

It is clear from the code that baz can be optimised. First the variable r is set to zero and then a 1 is added to r , a times. Then 1 is added to r, b times.
This is simply the same as adding a to b and storing the result in r .

Optimized function:

uint64_t baz(uint64_t a, uint64_t b) {
return a + b;
}

uint64_t baz(uint64_t a, uint64_t b) {

return a + b;

}

spam

Spam should look like this at this stage:

uint64_t spam(uint64_t a, uint64_t b) {
uint64_t r = a;
for(uint64_t i=0; i<b; i++)
r -= 1;
return r;
}

uint64_t spam(uint64_t a, uint64_t b) {

uint64_t r = a;

for(uint64_t i=0; i<b; i++)

r -= 1;

return r;

}

This function is simply setting r to a and then taking away 1 from r, b times before returning the result in r .
This is the same as returning a - b .

Optimized function:

uint64_t spam(uint64_t a, uint64_t b) {
return a - b;
}

uint64_t spam(uint64_t a, uint64_t b) {

return a - b;

}

eggs

eggs should look like this at this stage:

uint64_t eggs(uint64_t a, uint64_t b) {
uint64_t r = 0;
for(uint64_t i=0; i<a; i++)
r += b;
return r;
}

uint64_t eggs(uint64_t a, uint64_t b) {

uint64_t r = 0;

for(uint64_t i=0; i<a; i++)

r += b;

return r;

}

Well all that is happening here is r is increasing by b, a times. That means we are adding a number of b’s to r .
This is the same as returning a * b .

Optimized function:

uint64_t eggs(uint64_t a, uint64_t b) {
return a * b;
}

uint64_t eggs(uint64_t a, uint64_t b) {

return a * b;

}

merry

merry should look like this at this stage:

uint64_t merry(uint64_t a, uint64_t b) {
uint64_t i;
for(i=0; a>=b; i++)
a -= b;
return i;
}

uint64_t merry(uint64_t a, uint64_t b) {

uint64_t i;

for(i=0; a>=b; i++)

a -= b;

return i;

}

So at this stage, we are taking away b from a while a is still bigger than b . The value of i is then returned which is the number of times we took away b from a .
This is clearly a simple division operation: a / b

Optimized function:

uint64_t merry(uint64_t a, uint64_t b) {
return a / b;
}

uint64_t merry(uint64_t a, uint64_t b) {

return a / b;

}

xmas

xmas should look like this at this stage:

uint64_t xmas(uint64_t a, uint64_t b) {
return a - (a/b) * b;
}

uint64_t xmas(uint64_t a, uint64_t b) {

return a - (a/b) * b;

}

This one is a little more tough. a is divided by b then multiplied by b and this result is subtracted from a . You may be tempted to think that this returns 0 all the time but it does not.
This is because the division operation that occurs is integer division and multiplying that result by b may not result in the original a being restored.
A small example: 10/3 = 3.33 but is stored as 3 in an integer. However, 3*3 = 9 and not 10!

In this case, a modulo operation is happening: a % b

Optimized function:

uint64_t xmas(uint64_t a, uint64_t b) {
return a % b;
}

uint64_t xmas(uint64_t a, uint64_t b) {

return a % b;

}

hackvent

hackvent should look like this at this stage:

uint64_t hackvent(uint64_t a, uint64_t b) {
uint64_t r = 1;
for(uint64_t i=0; i<a; i++)
r *= b;
return r;	
}

uint64_t hackvent(uint64_t a, uint64_t b) {

uint64_t r = 1;

for(uint64_t i=0; i<a; i++)

r *= b;

return r;

}

This is a fun one. Notice how r is set to 1 initially, that is important. r is then multiplied by b, a number of times.
This is the same as calculating b to the power of a.
However, we cannot just use the pow function defined in <math.h>.
We are dealing with uint64_t data types and must thus get a power function that can handle these larger numbers.
I decide to find one online and use it.

Optimized function ( ipow and hackvent):

//Altered version found online
//Source: http://stackoverflow.com/q/15224911/1800854
uint64_t ipow(uint64_t base, uint64_t exp)
{
uint64_t result = 1ULL;
while (exp)
{
if (exp & 1)
{
result *= (uint64_t)base;
}
exp >>= 1;
base *= base;
}
return result;
}
uint64_t hackvent(uint64_t a, uint64_t b) {
return ipow(b, a);
}

//Altered version found online

//Source: http://stackoverflow.com/q/15224911/1800854

uint64_t ipow(uint64_t base, uint64_t exp)

{

uint64_t result = 1ULL;

while (exp)

{

if (exp & 1)

{

result *= (uint64_t)base;

}

exp >>= 1;

base *= base;

}

return result;

}

uint64_t hackvent(uint64_t a, uint64_t b) {

return ipow(b, a);

}

Putting it all together

At this stage you can do two things.
You can either run your program as is to find the answer or you can inline your function or convert the function calls in main so you save making all those function frames.
In this case it doesn’t really matter but this is what the calculation of val in main should look like with no function calls:

val = ((ipow(3, i / 42) + val) * i) % 0x42DEADBABEC0FFEE;

1	val = ((ipow(3, i / 42) + val) * i) % 0x42DEADBABEC0FFEE;

Then you run your program and within a few seconds you get the flag!

Flag: HV15-mHPC-067e-751e-f50e-17e3

Note: You can download my final solution C file here:
Download hv15-d12-solution.c

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 11

11 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 11 December 2015

Challenge

The following image is provided:

Solution

I had to spend some time researching the above image but I soon discover that it is a punch card.
It turns out to be a IBM 96 Column Punchcard. Unfortunately there isn’t much information online on how to decode them.

A reverse image search comes up with the following image:
IBM 96 Punchcard

This is what the challenge organiser used to make the above challenge!
The first thing I do is open the image in Photoshop and apply a black background so I can see the data (black dots) more easily.

I get:
HV15 Punchcard Black Dots

Another important piece of information was this image I found online:
Zorch its a system 3

I used the above image to determine how I decoded the data. The above image encodes the data ZORCH IT’S A SYSTEM 3.

You have to look at each column in the punch card and generate a number.
For example, in the first column above we have _A__81 or in binary 011001.
This corresponds to the letter Z (more on this later).

Thus each block can have a total of 32 bit characters. The total card can therefore contain a total of 96 (32*3) characters.

Now, going back to our message, I first write out all the bits in one big block, I get:

00110100110001111100110111101100 01000110111110111011100111101100 00111101110110110010111101011100
01011101110001001010101100111010 01100100101110110111101001011000 01001001010001100100111000111110
00110000100000000000000010000010 01000100101000110000110001010000 00000100000000010000001000000000
01000100010100010000000101001000 00101110011011010111101111001000 01111000110011100010100101111100
01001001000101111110011000010100 00000101001110011010101101101100 00110000000111000110100000011010
00111101010000101000111111111100 00111101011011011001100101010000 00111101100100110100111101011110

00110100110001111100110111101100 01000110111110111011100111101100 00111101110110110010111101011100

01011101110001001010101100111010 01100100101110110111101001011000 01001001010001100100111000111110

00110000100000000000000010000010 01000100101000110000110001010000 00000100000000010000001000000000

01000100010100010000000101001000 00101110011011010111101111001000 01111000110011100010100101111100

01001001000101111110011000010100 00000101001110011010101101101100 00110000000111000110100000011010

00111101010000101000111111111100 00111101011011011001100101010000 00111101100100110100111101011110

At this stage all I need to figure out is the language, I don’t find much on this online but I eventually come up with a 64 length partially working language (it begins with a space):

123456789????????STUVWXYZ???????JKLMNOPQR???????ABCDEFGHI?????|

1	123456789????????STUVWXYZ???????JKLMNOPQR???????ABCDEFGHI?????\|

So in the example I discussed, 011001 is Z because 011001 is 25 in decimal and Z is at index 25 in the string array above.

Note: This language was created using trial and error and so I didn’t determine many characters initially (which I have just left as a ? ). Later on I discovered an image (link) which allowed me to determine every character! (some special characters were still left as a ? )

At this stage I can write a nice short python script to read the data and convert it to the language.

# IBM 96 Column Punch Card decoder (Based on EBCDIC)
# Source of information: https://en.wikipedia.org/wiki/EBCDIC
# Language decuded from: http://www.quadibloc.com/comp/images/cardtabl.gif (TOP RIGHT)
language = " 123456789:#@'=?0/STUVWXYZ&,%_>?-JKLMNOPQR!$*);?.ABCDEFGHI?.<(+|"
rows = []
codewords = []
with open('input.txt') as f:
for line in f:
list = line.rstrip().replace(' ', '') #ignore whitespace
rows.append(list)
# make codewords
count = 0
while count < len(rows[0]):
tempcode = ''
for row in rows:
tempcode += row[count]
codewords.append(int(tempcode, 2))
count += 1
# Print out codeword
count = 0
for code in codewords:
print language[code],
count += 1
# Seperate into 32 blocks
if count == 32:
count = 0
print '\n',

# IBM 96 Column Punch Card decoder (Based on EBCDIC)

# Source of information: https://en.wikipedia.org/wiki/EBCDIC

# Language decuded from: http://www.quadibloc.com/comp/images/cardtabl.gif (TOP RIGHT)

language = " 123456789:#@'=?0/STUVWXYZ&,%_>?-JKLMNOPQR!$*);?.ABCDEFGHI?.<(+|"

rows = []

codewords = []

with open('input.txt') as f:

for line in f:

list = line.rstrip().replace(' ', '') #ignore whitespace

rows.append(list)

# make codewords

count = 0

while count < len(rows[0]):

tempcode = ''

for row in rows:

tempcode += row[count]

codewords.append(int(tempcode, 2))

count += 1

# Print out codeword

count = 0

for code in codewords:

print language[code],

count += 1

# Seperate into 32 blocks

if count == 32:

count = 0

print '\n',

I put the bit data into a file called input.txt and run my script.
The following message is printed out:

W R I T E   T H E   6   B L O C K S   A L T E R N A T E L Y
H V 1 5 | M 3 H N | B G 5 H | L U F E | 8 W P M | K Z F K
U P P E R   A N D   L O W E R   T O   G A I N   N U G G E T

W R I T E T H E 6 B L O C K S A L T E R N A T E L Y

H V 1 5 | M 3 H N | B G 5 H | L U F E | 8 W P M | K Z F K

U P P E R A N D L O W E R T O G A I N N U G G E T

Great! The clue is quite simple, we simply need to alternate the case of each of the 6 blocks in the nugget (as separated with | ). We know the nugget begins with the uppercase HV15 so we know the pattern straight away.

Flag: HV15-m3hn-BG5H-lufe-8WPM-kzfk

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 10

10 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 10 December 2015

Challenge

get the ZIP, you'll know what's to do!

1	get the ZIP, you'll know what's to do!

The following zip file was also provided: Download ZIP File

Solution

We notice that the zip file nasty-Shit.zip contains one zip file called 1.zip, that contains one zip file called 2.zip and so on. I also know that the file zile will keep getting lower and lower in file size the more we extract (due to ZIP headers and padding). Furthermore, opening the file in HxD (the hex editor) allows us to see the names of all embedded zip files. We see the number 30546.zip among many others so we know there are a lot of files here!

We write a quick python script to recursively extract each zip file.
Script:

import os.path, sys
from subprocess import call
partNum = 1
partStr = str(partNum) + ".zip"
while os.path.isfile(partStr):
#unzip
call(["unzip", partStr])
#remove old file
os.remove(partStr)
# increment part num
partNum += 1
# construct file name
partStr = str(partNum) + ".zip"

import os.path, sys

from subprocess import call

partNum = 1

partStr = str(partNum) + ".zip"

while os.path.isfile(partStr):

#unzip

call(["unzip", partStr])

#remove old file

os.remove(partStr)

# increment part num

partNum += 1

# construct file name

partStr = str(partNum) + ".zip"

Finally we reach the zip file: 31337.zip which is different from all of the other files.
This zip file contains one file called worst.500 and is password protected.

We use the glorious Accent Zip Password Recovery to crack the password in milliseconds.

The password for the zip file is: love

We extract the file, look inside and find the flag!

Flag: HV15-iQYf-adNg-o4S9-JHc7-vfWu

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 1

09 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 09 December 2015

Challenge

Ns ly ns! Hy esy dnmru Yerdg mw xux e parri ser kz epv? Lsv iuy roxhw s nezo g wtoimev xmhnri: Jsth xrk tmmzyvo o'zi lkir rohmxm hsehpc puv cya. Jmbyx cya amvr jmxj mx rohhot sr dni lkiozotx woxzib grh dnir ... knq, ry, lmrn zli sjirdogev oqeqk csexwivl mr dni ayxph gohi gkf. Lk ne lk, tmgo psoo cled? Hyx sz'w xrk xvezl, cya lefk xs nu xlkz! Lezvc enbird, esyby Wexze

Ns ly ns! Hy esy dnmru Yerdg mw xux e parri ser kz epv? Lsv iuy roxhw s nezo g wtoimev xmhnri: Jsth xrk tmmzyvo o'zi lkir rohmxm hsehpc puv cya. Jmbyx cya amvr jmxj mx rohhot sr dni lkiozotx woxzib grh dnir ... knq, ry, lmrn zli sjirdogev oqeqk csexwivl mr dni ayxph gohi gkf. Lk ne lk, tmgo psoo cled? Hyx sz'w xrk xvezl, cya lefk xs nu xlkz! Lezvc enbird, esyby Wexze

Solution

I decode the string above using a Vigenere Cipher solver with the key ‘geek‘ (deduced from frequency analysis).

The message I get is:

ho ho ho! do you think santa is not a funny man at all? for you nerds i have a special riddle: find the picture i've been hiding doubly for you. first you will find it hidden on the hackvent server and then ... ahm, no, find the identical image yourself in the world wide web. ha ha ha, nice joke what? but it's the truth, you have to do that! happy advent, yours santa

ho ho ho! do you think santa is not a funny man at all? for you nerds i have a special riddle: find the picture i've been hiding doubly for you. first you will find it hidden on the hackvent server and then ... ahm, no, find the identical image yourself in the world wide web. ha ha ha, nice joke what? but it's the truth, you have to do that! happy advent, yours santa

The message is pretty clear. First spot I check as a webmaster is /robots.txt (psss go check my websites robots.txt :p). I find 1 disallowed resource which is: /MeMyselfAndI-surfingInTheSky/hacker.jpg

I visit this webpage in my browser and find the picture Santa was hiding, here it is:
Santas Hidden Picture

Following Santa’s clues, I use Google reverse image search to find other images like this on the web.
I find one website with a similar image, namely at: http://hacking-lab.club/

This is what the webpage looks like:
Hacking-Lab Club Webpage

Drat! We are too late, luckily cache is a thing.
You can either check WayBackMachine or Google cache to find a previous state for the webpage.
We inspect the source of the website in Google cache and discover a reference to: /work.jpg
Unfortunately that image is not on the live website but work.png was! (Finding this was just guesswork based on the format of the ‘too late’ Christmas ball).

This is what work.png looks like:

Day 1 Solution QR Code

We scan it to get our flag: HV15-Tz9K-4JIJ-EowK-oXP1-NUYL

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 9

09 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 09 December 2015

Challenge

sadly we didnt receive todays code transmission properly and it seems that a part of the information got lost. are you able to recover the missing parts?
all we know is that the lowercase sha1 of the code gives:
B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224
and the sha1 of the case sensitive code should be:
0D353038908AD0FC8C51A5312BB3E2FEE1CDDF83

sadly we didnt receive todays code transmission properly and it seems that a part of the information got lost. are you able to recover the missing parts?

all we know is that the lowercase sha1 of the code gives:

B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224

and the sha1 of the case sensitive code should be:

0D353038908AD0FC8C51A5312BB3E2FEE1CDDF83

The following sound file was also provided: Download MP3

Solution

This was a very simple challenge.
First we listen to the transmission and discover it spells out the nugget but some characters are turned into noise.

We get:

HV?5 g?uj 1yq7 ?dyc 2wlr e6?j

1	HV?5 g?uj 1yq7 ?dyc 2wlr e6?j

The ? character represents a character in the set [A-Za-z0-9] (because those are the only characters that can appear in the nugget).
We notice that dashes are omitted. We also know the nugget starts with HV15 so the first unknown character is determined to be 1.

Now, we bruteforce the remaining 3 characters using our hint. We want to first find a full lowercase solution that has a sha1sum which equals B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224 .
After a solution is found for that, we can then try to find the sha1sum of all permutations of the case of each character after HV15 (we know HV15 must be uppercase).

So we construct our template to be:

HV15-g?uj-1yq7-?dyc-2wlr-e6?j

1	HV15-g?uj-1yq7-?dyc-2wlr-e6?j

Then we write a python script to carry out the Bruteforce attack:

#!/usr/bin/env python
# Day 9
import hashlib, itertools
message = 'HV15-G?UJ-1YQ7-?DYC-2WLR-E6?J'
# Source: http://stackoverflow.com/a/6792898/1800854
def all_casings(input_string):
if not input_string:
yield ""
else:
first = input_string[:1]
if first.lower() == first.upper():
for sub_casing in all_casings(input_string[1:]):
yield first + sub_casing
else:
for sub_casing in all_casings(input_string[1:]):
yield first.lower() + sub_casing
yield first.upper() + sub_casing
# Bruteforce
for res in list(itertools.permutations('abcdefghijklmnopqrstuvwxyz0123456789', 3)):
template = list(message)
template[6] = res[0]
template[15] = res[1]
template[27] = res[2]
# Check sha1
input = ''.join(template).lower()
hash_object = hashlib.sha1(input)
hex_dig = hash_object.hexdigest().upper()
if hex_dig == 'B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224':
print "Found match:", ''.join(template).lower()
input2 = list(''.join(template).lower())
input2_str = ''.join(input2)
# Bruteforce character cases
for perm in all_casings(input2_str[4:]):
final_test = "HV15" + perm
hash_object = hashlib.sha1(final_test)
hex_dig = hash_object.hexdigest().upper()
# Check final solution
if hex_dig == '0D353038908AD0FC8C51A5312BB3E2FEE1CDDF83':
print "Found solution:", final_test

#!/usr/bin/env python

# Day 9

import hashlib, itertools

message = 'HV15-G?UJ-1YQ7-?DYC-2WLR-E6?J'

# Source: http://stackoverflow.com/a/6792898/1800854

def all_casings(input_string):

if not input_string:

yield ""

else:

first = input_string[:1]

if first.lower() == first.upper():

for sub_casing in all_casings(input_string[1:]):

yield first + sub_casing

else:

for sub_casing in all_casings(input_string[1:]):

yield first.lower() + sub_casing

yield first.upper() + sub_casing

# Bruteforce

for res in list(itertools.permutations('abcdefghijklmnopqrstuvwxyz0123456789', 3)):

template = list(message)

template[6] = res[0]

template[15] = res[1]

template[27] = res[2]

# Check sha1

input = ''.join(template).lower()

hash_object = hashlib.sha1(input)

hex_dig = hash_object.hexdigest().upper()

if hex_dig == 'B39ECFBC2C64ADBB7C7A9292EEE31794D28FE224':

print "Found match:", ''.join(template).lower()

input2 = list(''.join(template).lower())

input2_str = ''.join(input2)

# Bruteforce character cases

for perm in all_casings(input2_str[4:]):

final_test = "HV15" + perm

hash_object = hashlib.sha1(final_test)

hex_dig = hash_object.hexdigest().upper()

# Check final solution

if hex_dig == '0D353038908AD0FC8C51A5312BB3E2FEE1CDDF83':

print "Found solution:", final_test

We run this and get our flag in 1 second:

Flag: HV15-GnUj-1YQ7-vdYC-2wlr-E6xj

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 8

08 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 08 December 2015

Challenge

The challenge required one to enter a username and password to login to a website. The website was running PHP 5.4.

1	The challenge required one to enter a username and password to login to a website. The website was running PHP 5.4.

Link to website (may be down): http://hackvent.hacking-lab.com/xMasStore_wqbrGjHxxZ9YkbfiKiGC/index.php

Solution

I inspect the source of the website and take a look at the background image but that seems to be fine. There is nothing else of interest on the website so I figure this may require a brute-force attack.

I then however find a cookie that is generated once I fail to authenticate with the website. I try to login using the username admin and the password pass. The following cookie is generated for me:

eyJ1c2VyIjoiYWRtaW4iLCJwYXNzd29yZCI6InBhc3MifQ%3D%3D

1	eyJ1c2VyIjoiYWRtaW4iLCJwYXNzd29yZCI6InBhc3MifQ%3D%3D

I then replace %3D with = and decode the above as base64.

eyJ1c2VyIjoiYWRtaW4iLCJwYXNzd29yZCI6InBhc3MifQ==
Decoded:
{"user":"admin","password":"pass"}

eyJ1c2VyIjoiYWRtaW4iLCJwYXNzd29yZCI6InBhc3MifQ==

Decoded:

{"user":"admin","password":"pass"}

Thus it is obvious that the cookie is simply calculated like so:

cookie = base64_enc(JSON.stringify(json_data))

1	cookie = base64_enc(JSON.stringify(json_data))

I then try to tinker with the cookie fields. I figure that the challenge would not be making any database calls and thus the password would be hardcoded. In this case, the PHP code in the authentication script would look like so:

if ($pass === SOMETHING) {....}

1	if ($pass === SOMETHING) {....}

The above uses strict comparison. However, the PHP script may use loose comparison which opens up a vulnerability. This turns out to be the case and the script does something like this:

if ($pass == SOMETHING) {....}

1	if ($pass == SOMETHING) {....}

In the above examples SOMETHING can be anything we want it to be. It does not have to just be a string. We could modify our JSON payload to pass a value like true as the username and password. This is what we will do as a loose comparison with true is almost always true (unless the true username or password is “0” which is unlikely).

We construct our payload:

{"user":true,"password":true}

1	{"user":true,"password":true}

Then we encrypt this using base64 (converting all = symbols back to %3D ):

eyJ1c2VyIjoiYWRtaW4iLCJwYXNzd29yZCI6InBhc3MifQ==
eyJ1c2VyIjoiYWRtaW4iLCJwYXNzd29yZCI6InBhc3MifQ%3D%3D

1 2	eyJ1c2VyIjoiYWRtaW4iLCJwYXNzd29yZCI6InBhc3MifQ== eyJ1c2VyIjoiYWRtaW4iLCJwYXNzd29yZCI6InBhc3MifQ%3D%3D

Finally, we use a scripting language or a web browser extension (I used EditThisCookie for Chrome) to load the cookie for the webpage. Then we refresh the page and are greeted with the following message:

Welcome admin! Here is your daily goodie:

1	Welcome admin! Here is your daily goodie:

The goodie is our flag!

Flag: HV15-0Ch0-91zo-m99Y-kxGI-8iQ5

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

HACKvent 2015: Day 6

08 Dec 2015

CTF: Hackvent 2015
Link to challenge: http://hackvent.hacking-lab.com

Date Completed: 08 December 2015

Challenge

We are given the following string:

HR7DYQ3ON4TC6U2AFAZDGJK3J44TYXZUNRCTATK2GEZDGJR5JJUC6ULUFQZEI5L6HY======

1	HR7DYQ3ON4TC6U2AFAZDGJK3J44TYXZUNRCTATK2GEZDGJR5JJUC6ULUFQZEI5L6HY======

Solution

We can deduce by the amount of padding that this is Base32 encoded string. We use an online decoder and get:

<~<Cno&/S@(23%[O9<_4lE0MZ123&=Jh/Qt,2Du~>

1	<~<Cno&/S@(23%[O9<_4lE0MZ123&=Jh/Qt,2Du~>

Then we try various other things to decode the above string. I will admit I failed to find a proper solution until I received some help from SlEePlEs5 on the hacking-lab IRC. Then I was able to realise that I had to decode the above string using ASCII85. I get:

UI15-g9C8-DnVI-W0Ne-83S3-Z8Qp

1	UI15-g9C8-DnVI-W0Ne-83S3-Z8Qp

Great! This looks a lot like our nugget. I guess a simple Caesar cipher is required here and find the offset number to be 13 (as we want U->H for first character in our nugget). We apply the cipher (basically ROT13) and get our flag!

Flag: HV15-t9P8-QaIV-J0Ar-83F3-M8Dc

No Comments

Posted Mo BeigiPersianMG in Hackvent 2015

Mo Beigi

Archive for the ‘Hackvent 2015’ Category

HACKvent 2015: Day 15

Challenge

Solution

HACKvent 2015: Day 14

Challenge

Solution

HACKvent 2015: Day 13

Challenge

Solution

Putting it all together

HACKvent 2015: Day 12

Challenge

Solution

HACKvent 2015: Day 11

Challenge

Solution

HACKvent 2015: Day 10

Challenge

Solution

HACKvent 2015: Day 1

Challenge

Solution

HACKvent 2015: Day 9

Challenge

Solution

HACKvent 2015: Day 6

Challenge

Solution

Pages

Recent Posts

Recent Comments

My Networks

Site Stats