Magnet Virtual Summit 2021 CTF - Hunt!

Previous: Chromebook

This go around we have a short category but a fun one nonetheless. This one is Hunt! and is questions around cipher decoding techniques.

Question 1 - Good Advice (5 points)

Flag will be in format FLAG(something)

The given QR code results in the following text:

RkxBRyhQcmVwYXJhdGlvbikgaXMgdGhlIGtleSB0byBzdWNjZXNzLg==

From experience, I had a feeling this looked like Base64 so I dropped it into CyberChef and viola, the answer is FLAG(Preparation).

Figure 1: CyberChef decode of Base64

Question 2 - One Off (5 points)

58 69 62 75 21 6A 67 21 4A 21 75 70 6D 65 21 7A 70 76 21 75 69 66 21 67 6D 62 68 21 78 62 74 3B 21 4E 6A 6E 6A 64

This is hex so we can go back to CyberChef to decode.

Figure 2: CyberChef hex decode

We clearly aren't done yet, so looking at the question name, it's a hint at this being a rotation. Using the ROT13 recipe and rotating it down to -1 results in the answer, Mimic.

Figure 3: CyberChef decode from hex and ROT13 rotation

Question 3 - Success (5 points)

PJGXI zs t kvngrgiei egkcqxek htrnwifq ufv tlvcmzcaxt gdmdugqqnizsc. Hvrx, es hhv mi tf egkcqt wppg(khbvuf4j2wmcd).

This one looked familiar but I just couldn't place it to start. I tried it in CyberChef with not automatic results so scrolled through the different Encryption/Encoding items there to see if anything stuck out but nothing seemed right. A Google search of common ciphers led me to find Vigenere. Using https://www.dcode.fr/vigenere-cipher the results presented itself quickly.

Figure 4: Vigenere cipher decode

Using their automation we can see that the key for the cipher was "Preparation" which was our flag from question 1. The answer for this question was "flag(things4u2find)".

Question 4 - Validation

Flag will be in format FLAG(something)

4d6179626520697473206e6f74206120666c61672874316d333574346d70293f

Another fairly simple one with the use of CyberChef. Convert if from hex and you got the answer of flag(t1m35t4mp).

Figure 5: CyberChef decode of hex

Question 6 - Comes Before Time (5 points)

1618091305

At first glance this appears to be a Unix timestamp and indeed it is but that's not what they wanted here. As with the others, this is a cipher that needs decoded which will turn into some word or flag. Breaking each set of two numbers down, you can start to see a bit of a pattern. There is a cipher called A1Z26 (or letter number cipher) which gives a number from 1-26 to each letter of the alphabet. Using dCode to make this easy, we can see that the answer was "prime".

https://www.dcode.fr/letter-number-cipher

Figure 6: dCode use on A1Z26 cipher

Question 5 - Spam (10 points)

Dear Business person , Especially for you - this cutting-edge intelligence ! This is a one time mailing there is no need to request removal if you won't want any more . This mail is being sent in compliance with Senate bill 2416 ; Title 7 ; Section 309 . This is a ligitimate business proposal . Why work for somebody else when you can become rich inside 14 DAYS ! Have you ever noticed nearly every commercial on television has a .com on in it & more people than ever are surfing the web ! Well, now is your chance to capitalize on this ! WE will help YOU SELL MORE and SELL MORE ! You are guaranteed to succeed because we take all the risk ! But don't believe us ! Prof Anderson of Indiana tried us and says "I was skeptical but it worked for me" ! We assure you that we operate within all applicable laws ! You have no reason not to act now ! Sign up a friend and you get half off . Thanks !

This sure does looks like spam you'd get in an email, but did you know there is a spam cipher too?! I didn't but https://www.spammimic.com/decode.shtml can decode pretty quickly. Don't ask me how it decodes or what process it does because I don't know but I do know the answer was "robotsarebad".

Figure 6: Spam mimic decode

 

Comments