def ch126(fp): ringzer0.output('parsing dictionary') wordset, wordmap = set(), {} with open(fp, 'r') as f: for line in f: word = line.strip() wordset.add(word) mapped = ''.join(sorted(word)) wordmap[mapped] = word ringzer0.output('done parsing dictionary') ch, s = 126, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, words = sections['title'], sections['words'] ringzer0.output('solving') result = [] for word in words.split(','): if word in wordset: result.append(word) continue mapped = ''.join(sorted(word)) if mapped in wordmap: word = wordmap[mapped] result.append(word) result = ','.join(result) ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch119(): ch, s = 119, ringzer0.login() sections = ringzer0.read_challenge(s, ch, clean=False) title, msg = sections['title'], sections['message'] ringzer0.output('solving') result = parse_ascii(msg) ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch159(): ch, s = 159, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, sha1 = sections['title'], sections['hash'] ringzer0.output('solving') result = check_output(['php', 'coding.ch159.lookup.php', sha1]).strip() ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch125(): ch, s = 125, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, shellcode = sections['title'], sections['shellcode'] ringzer0.output('solving') sc = shellcode.replace('\\x', '').decode('hex') hx = sc[0x57:0x57+0x0c].encode('hex') result = ''.join(chr(int(x,16) ^ 0xff) for x in re.findall('..', hx)) ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch121(): ch, s = 121, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, shellcode = sections['title'], sections['shellcode'] ringzer0.output('solving') sc = shellcode.replace('\\x', '').decode('hex') hx = sc[0x54:0x54 + 0x0c].encode('hex') result = ''.join(chr(int(x, 16) ^ 0xff) for x in re.findall('..', hx)) ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch56(): ch, s = 56, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, xhash = sections['title'], sections['hash'] ringzer0.output('solving') charset = '0123456789' result = search_hash(charset, 4, 4, hashlib.sha1, xhash) if result is None: ringzer0.error('could not lookup hash ' + xhash) ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch32(): ch, s = 32, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, msg = sections['title'], sections['message'] ringzer0.output('solving') calc = ' %s ' % msg.split('=')[0] mx = re.findall(' ([01]+) ', calc) for b in mx: calc = calc.replace(b, str(int(b, 2))) result = str(eval(calc)) ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch13(): ch, s = 13, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, msg = sections['title'], sections['message'] ringzer0.output('solving') mx = re.search(r'using ([a-z0-9]+) algorithm', title) algorithm = mx.group(1) h = hashlib.new(algorithm) h.update(msg) result = h.hexdigest() ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch57(): ch, s = 57, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, xhash, xsalt = sections['title'], sections['hash'], sections['salt'] ringzer0.output('solving') charset = '0123456789' transformation = lambda x: x + xsalt result = search_hash(charset, 4, 4, hashlib.sha1, xhash, transformation) if result is None: ringzer0.error('could not lookup hash ' + xhash) result = result[:result.rindex(xsalt)] ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch14(): ch, s = 14, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, msg = sections['title'], sections['message'] ringzer0.output('solving') mx = re.search(r'using ([a-z0-9]+) algorithm', title) algorithm = mx.group(1) h = hashlib.new(algorithm) data = ''.join(chr(int(msg[i:i+8], 2)) for i in xrange(0, len(msg), 8)) h.update(data) result = h.hexdigest() ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch16(): ch, s = 16, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, hidden_xor_key, crypted_message = sections['title'], sections['xor key'], sections['crypted message'] ringzer0.output('solving') xor_key_len = 10 message = base64.b64decode(crypted_message) result = '' for i in range(0,len(hidden_xor_key) - xor_key_len + 1): xor_key = hidden_xor_key[i:i+xor_key_len] xored = xor_str(message, xor_key) alpha = re.match('^[\w-]+$', xored) if alpha: result = xored ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch15(): ch, s = 15, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, msg, chksum = sections['title'], sections['elf message'], sections['checksum'] ringzer0.output('solving') elf = msg while re.match(r'^[a-zA-Z0-9+/]*={0,3}$', elf): elf = base64.b64decode(elf) elf = elf[::-1] elf_md5 = hashlib.md5(elf).hexdigest() if chksum != elf_md5: ringzer0.error('checksum mismatch ({0} vs {1})'.format(chksum, elf_md5)) result = '' with ringzer0.tmpfile() as (fd, fn): ringzer0.write_bin_file(fd, elf) r2 = r2pipe.open(fn) asm_lines = r2.cmd('aa; s sym.main; pif~&mov,rbp').splitlines() asm_rg = re.compile(r'^mov [^,]*\[rbp\s?-\s?([0-9a-fx]+)\],\s?([^\s]+)$') asm_vals, top = {}, 0 for asm_line in asm_lines: rx = re.match(asm_rg, asm_line) if not rx: continue pos, val = rx.group(1), rx.group(2) if val.startswith('r'): continue if val.startswith('0x'): val = val[2:] if len(val) % 2 == 1: val = '0' + val pos, val = int(pos, 16), val.decode('hex') asm_vals[pos] = val top = max(top, pos) stack = bytearray('\0' * top) for k in sorted(asm_vals, reverse=True): v = asm_vals[k] stack[top - k:len(v)] = v[::-1] result = stack[:stack.index('\00')] ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)
def ch16(): ch, s = 16, ringzer0.login() sections = ringzer0.read_challenge(s, ch) title, hidden_xor_key, crypted_message = sections['title'], sections[ 'xor key'], sections['crypted message'] ringzer0.output('solving') xor_key_len = 10 message = base64.b64decode(crypted_message) result = '' for i in range(0, len(hidden_xor_key) - xor_key_len + 1): xor_key = hidden_xor_key[i:i + xor_key_len] xored = xor_str(message, xor_key) alpha = re.match('^[\w-]+$', xored) if alpha: result = xored ringzer0.output('solved', result) response = ringzer0.submit_challenge(s, ch, result) ringzer0.output('response', response)