Category: Cryptography — Long Crypto Guessing
In the question, we are given nc
address and the
python source code for the server.
Reading through the code, the code give first 3 random number to the user then the user need to enter (guess/predict) the next number(remainder of divide by 10000) that the server generated correctly for 1000 times consecutively.
In PRNG(pseudo random generator) class it generate a random
b and given
p value, also it has
state value initialize through object creation. After that function
next is to create calculate the next number using the number before. Therefore, the function is a type of linear function. This specific generator are called Linear Congruential Generator(LCG)
In here, the server will generate random number that will become the seeds of the PRNG object, then it will generate next 3 number and print to users Since it is type of linear function.
Therefore seeds is
state or first term of the equation, we are gonna call it T:
Then it will generate next 3 term:
In LCG it has 3 integer:
p is given in the source code
11760071327054544317, So we need to find
b to predict/solve the next number. Since we have 2 equation and 2 unknown
b, we can solve the equation. Here are detail explaination of finding the missing
Increment, also contains different ways to crack LCG. Once we find out the
b, we can find out next number using script below.
By implement some of his code to find
b then we write the script to answer 1000 consecutive number correctly until it return a flag.
Category: Mobile — SpeedyQuizy
Given APK file
Using online apk decompiler, we can decompile the file.
Inside source code
StartQuiz.java, below some snippet of the code
We know that it used
socket to connect to the server, therefore we can just use
nc in terminal to the server
www2.wargames.my with port
8080. In terminal we
nc www2.wargames.my 8080
ok will lead to question
But the question are randomly select from a set of question. Therefore we need to fetch some of the question so we can create script to answer it.
Using script below we can fetch some of the question. Credits to H0j3n
Below is list of some of the question
Script below will automatically answer the question:
Category: Steganography — Nuisance
Open file using HxD to look for signature file, Quick Google of
.arc file type signature found
41 72 43 01 which is a FreeArc compress file.
Download FreeArc software, In the software we cannot extract the file due to it is corrupted. But the software has the ability to repair the damaged achive.
After repairing and extract, we still cannot open
flag.palm file. So, we did a quick google on
.palm file and found some information and it says that the file is an image file of
Palm OS Bitmap Image that can be open with application ImageDisk. Download ImageDisk and open the file using it:
Category: Miscellaneous — Defuse The Bomb!
bomb.zip. The file is a Zip bomb which contain file that have multiple time been compress. Open it using
We can see that one of the zip is contains file
CRC32 that is different, so we just click it to reveal another of the same situation. so we just click all zip file that is different until it reach to flag.txt
The we just extract the
flag.txt file, but the file is
2GB. So cannot open with any normal text editor, but HxD can open it, then scroll down to find the flag.