[Writeup] TrendMicro 2015

I joined this CTF quite late, but luckily there’s still enough time to solve some interesting problems.

Trend Micro CTF 2015 – Programming 400

Show problem description

You are trying to sneak into a network, and and impersonate target computer.

Here, you would connect to computers connected via network, and ‘impersonate the computer by exchanging IP address’.

In the target’s network, computers are connected as illustrated below:

 swap_ip_1

You are trying to impersonate computer A by accessing it from computer F.

In here, you can impersonate A by accessing it in the sequence of B -> D -> A, but the IP addresses of computer B and D will be changed.

However, if you access computer A in the order described below, you can impersonate without changing the IP addresses of computers other than A and F.

C -> E -> A -> D -> B -> E -> C -> F -> B -> D -> A

Please sneak into the network as illustrated below, and impersonate computer A from computer P.

swap_ip_2

Please specify and generate the shortest path as an output.

(In the example above, you may generate the output ‘CEADBECFBDA’.)

If you encounter multiple paths with the same amount of steps, please generate the first value in alphabetical order as the output.

Please submit TMCTF{<Your output>} as your answer.

Solution

I solved this problem using 2-ends BFS (yes, i have quite enough RAM for it:P). A state for this problem represented by the permutation of the assigned IP address of the machines and the last machine to move on. As we will have at most 16 values for 16 machines, we can use 64-bit unsigned int to represent the permutation state, and another 4-bit for last-machine, so uint128 is enough, but finally i was too lazy to do all bitwise operations and use pair struct :D.

3 : TMCTF{CEADBECFBDA}
4 : TMCTF{DGCFAEBGCFBGDHCFBEA}
5 : TMCTF{DHCGAFBHCGBHDJEICGBHDIEJDHBFA}
6 : TMCTF{FKDICHAGBICHBIDKEJCHBIDKEJDKFLEJDIBGA}
7 : TMCTF{FLDJCIAHBJCIBJDLEKCIBJDLEKDLFNGMEKDLFMGNFLDJBHA}
8 : TMCTF{HOFMDKCJAIBKCJBKDMELCJBKDMELDMFOGNELDMFOGNFOHPGNFMDKBIA}

My final code below:

Trend Micro CTF 2015 – Programming 500

Show problem description

(From my memory) Find probability of winning if user decide to hit or stand in international 104-cards blackjack, assume that player already has 2 cards: Aces and 2 and dealer has 3.

Solution

I did not solve this problem in contest time, but after a day thinking i found out that it’s quite easy.

Trend Micro CTF 2015 – Crypto 500

Show problem description

Think about two different alphabetical strings with the same lengths.

After you encode the strings with Base64 respectively, if you find characters located in the same position between the two strings, then you may want to extract them.

You may find examples where the final strings are ‘2015’ and ‘Japan’ if you place the extracted characters from left to right in order.

Example:

  • CaEkMbVnD→(Base64)→Q2FFa01iVm5E
  • GePoMjXNW→(Base64)→R2VQb01qWE5X
  • aBckjTiRgbpS→(Base64)→YUJja2pUaVJnYnBT
  • URehZQjLyvwk→(Base64)→VVJlaFpRakx5dndr

Character ‘a’ may appear in the extracted string like the example above, character ‘f’* will never appear.

Please find a list of characters that would not appear in the extracted string, even if you specify any alphabetical characters in the input.

Once you come up with a list of characters, please sort the characters in the order of ASCII table and generate a SHA1 hash value in lower case.

This is the flag you are looking for.

Please submit the flag in the format of ‘TMCTF{<flag>}’.

*Note: Previous description suggested ‘A’ will never appear. We apologise for any inconvenience.

Solution

Alphabetical character [a-z|A-Z] has hex range 41-5A, 61-7A, or binary range 0100 0001 - 0101 1010, 0110 0001 - 0111 1010.

In base64 encoding, a group of 3 input byte will be grouped into 4 output base64 byte (3*8 bit = 4*6 bit), we can now calculate the value range for each base64 byte:

1st base64 byte: 010000-010110 + 011000-011110 = .... lol, should we do it by hand?
+/f
TMCTF{eb2cb19785a3c3bdbba6e1657fbb901097fedc63}
Posted in CTF