My Write-up on Black Valentine CTF 2015: Ular Ganas (Forensic 100)

Problem

Given pL4n3t.mp3 file.
soal

Solution

To obtain information from this file, we could use hexeditor.

hexeditor

There is hexadecimal string. Just decode it.

SXlFdmFHWmxMMjkyWVM5amJHZDFZbUVnYzJWaWVpQm1aMlYyWVhRZ2RucGpZbVZuSUhwdWVISm5aVzVoWmlCNFlpQTlJQ0p1ZG1Kb1NHRWlJSEJpZUNBOUlDSkFNVGsxYUVFaUlIaGljR0o0ZG5rZ1BTQjZibmh5WjJWdVlXWW9lR0lzSUhCaWVDa2dabWRvWlNBOUlsd3dhelUwWERCck5qaGNNR3MyTlZ3d2F6SXdYREJyTkRaY01HczBjRnd3YXpReFhEQnJORGRjTUdzeU1Gd3dhekp4WERCck0zSmNNR3N5TUZ3d2F6WnZYREJyTlRWY01HczJNVnd3YXpNMVhEQnJOREZjTUdzMU5Gd3dhemMxWERCck5EaGNNR3MyTVZ3d2F6WnlYREJyTnpsY01HczBNVnd3YXpaeVhEQnJNemxjTUdzek0xd3dhelV6WERCck5qRWlPeUJqWlhaaFp5Qm1aMmhsTG1kbGJtRm1lVzVuY2loNFluQmllSFo1S1RzPQ==

O, Base64? Decode again.

IyEvaGZlL292YS9jbGd1YmEgc2VieiBmZ2V2YXQgdnpjYmVnIHpueHJnZW5hZiB4YiA9ICJudmJoSGEiIHBieCA9ICJAMTk1aEEiIHhicGJ4dnkgPSB6bnhyZ2VuYWYoeGIsIHBieCkgZmdoZSA9IlwwazU0XDBrNjhcMGs2NVwwazIwXDBrNDZcMGs0cFwwazQxXDBrNDdcMGsyMFwwazJxXDBrM3JcMGsyMFwwazZvXDBrNTVcMGs2MVwwazM1XDBrNDFcMGs1NFwwazc1XDBrNDhcMGs2MVwwazZyXDBrNzlcMGs0MVwwazZyXDBrMzlcMGszM1wwazUzXDBrNjEiOyBjZXZhZyBmZ2hlLmdlbmFmeW5ncih4YnBieHZ5KTs=
#!/hfe/ova/clguba sebz fgevat vzcbeg znxrgenaf xb = "nvbhHa" pbx = "@195hA" xbpbxvy = znxrgenaf(xb, pbx) fghe ="k54k68k65k20k46k4pk41k47k20k2qk3rk20k6ok55k61k35k41k54k75k48k61k6rk79k41k6rk39k33k53k61"; cevag fghe.genafyngr(xbpbxvy);

This is ROT13. Rotate again.

#!/usr/bin/python from string import maketrans ko = "aiouUn" cok = "@195uN" kocokil = maketrans(ko, cok) stur ="x54x68x65x20x46x4cx41x47x20x2dx3ex20x6bx55x61x35x41x54x75x48x61x6ex79x41x6ex39x33x53x61"; print stur.translate(kocokil);
#!/usr/bin/python 
from string import maketrans 
ko = "aiouUn" 
cok = "@195uN" 
kocokil = maketrans(ko, cok) 
stur ="x54x68x65x20x46x4cx41x47x20x2dx3ex20x6bx55x61x35x41x54x75x48x61x6ex79x41x6ex39x33x53x61"; 
print stur.translate(kocokil);

Try compiling.

x54x68x65x20x46x4cx41x47x20x2dx3ex20x6bx55x61x35x41x54x75x48x61x6ex79x41x6ex39x33x53x61

This is a hexadecimal string. Decode again.

kUa5ATuHanyAn93Sa

Use missing variable to reveal the real flag.

The flag is ku@5AT5H@NyAN93S@

Advertisements