keyboard_arrow_up

title: Bad Patterns
date: Nov 09, 2021
tags: Writeups DamCTF CTF_review Pwn Malware Misc Reverse Web EC2_2021 CheatSheets SQLi Programming Nmap Tools PyJails HeroCTF_v3 Steganography


Bad Patterns

361 solves / 235 points

A hacker was too lazy to do proper encryption. However, they left us some examples of how their encryption "algo" was supposed to work.

original text : "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum." encoded:

"Lpthq jrvym!frpos"vmt!cpit-"fsntgfxeuwu$aeksmsdkqk fnlx,!uhh eq#iivupsd!vhqppt#mndkgmdvpw$uu"oebpth$eu"gslpth$mbiqe bnluub0#Yt!gqmm!cg$mjplq wgqman.#uuju#rotvuyd!g{irdkwetjqq$umndqcp"oebptlw okvm vv#eljsxmp!g{$eb"fsmnqgs dqqwerwdx.!Fxms!cxxe!kuyrf"gslpt#mn!thtrfjhrdftlx jp#zomwsxaug#zemkw$etuh$cjnoym!frposg#iu!hxkibv#rumnd$pbtletvt1$Eyehttfwu$sjpw$odedicbv#guqkgetbv#roo"svojfhrt-"vynu"lr dwota!sxm phimcjc#hetguynu"pslmkw$aokp$ie"hwt!ndfoswp2"
Find the pattern!
Maybe you should try the same pattern on this string:

bagelarenotwholewheatsometimes
Make sure you wrap your solution with dam{...}!

Author: BaboonWithTheGoon



For this challenge, we had to find which partterns is being used to crypt the clear text and the apply it to a little string. By giving a quick look at both, clear and cipher text, we could find something weird:

L - L = 0
p - o = 1
t - r = 2
e - h = 3
q - m = 4
...


Yes, it seems that the letters have been shifted between the clear and cipher text. Writing a little script give us: 01234 padding as we were thinking.

Apply it on the string and we got the flag! ??

Flag: dam{bbihpasgqstxjrpexjhettqpitjohw}


Finding pattern:

clear = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum."
cipher = 'Lpthq jrvym!frpos"vmt!cpit-"fsntgfxeuwu$aeksmsdkqk fnlx,!uhh eq#iivupsd!vhqppt#mndkgmdvpw$uu"oebpth$eu"gslpth$mbiqe bnluub0#Yt!gqmm!cg$mjplq wgqman.#uuju#rotvuyd!g{irdkwetjqq$umndqcp"oebptlw okvm vv#eljsxmp!g{$eb"fsmnqgs dqqwerwdx.!Fxms!cxxe!kuyrf"gslpt#mn!thtrfjhrdftlx jp#zomwsxaug#zemkw$etuh$cjnoym!frposg#iu!hxkibv#rumnd$pbtletvt1$Eyehttfwu$sjpw$odedicbv#guqkgetbv#roo"svojfhrt-"vynu"lr dwota!sxm phimcjc#hetguynu"pslmkw$aokp$ie"hwt!ndfoswp2'
pattern = ""

for i in range(len(clear)):
    ord_clear = ord(clear[i])
    ord_cipher = ord(cipher[i])
    pattern += f"{ord_cipher - ord_clear}"

print(pattern)

OUTPUT:
0123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234012340123401234


Getting flag:

cipher_flag = "bagelarenotwholewheatsometimes"
flag = ""

# encode flag
for i in range(len(cipher_flag)):
    flag += chr(ord(cipher_flag[i]) + (i%5))

print(f'dam{{{flag}}}')