Last active
December 3, 2016 15:47
-
-
Save basvandorst/8a4b5521199647ff7df5 to your computer and use it in GitHub Desktop.
AIVD Cyberchallenge 2015
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/lua | |
| --[[ | |
| AIVD Cyber challenge (https://www.aivd.nl/@3269/ga-cyberchallenge/) | |
| bas@laptop:/var/www$ lua solve.lua | |
| [*] --------------------------------- | |
| [*] --- AIVD Cyber challenge 2015 --- | |
| [*] --------------------------------- | |
| [+] Start inverting number: 4241186467 | |
| [+] Finished inverting number: 4241186467 | |
| [+] Start inverting number: 2486763883 | |
| [+] Finished inverting number: 2486763883 | |
| [+] Start inverting number: 2066590424 | |
| [+] Finished inverting number: 2066590424 | |
| [+] Start inverting number: 2743090029 | |
| [+] Finished inverting number: 2743090029 | |
| [*] Passphrase found: Grh7F1maWs9r5Ty8 | |
| [*] Elapsed time: 26.83 | |
| --]] | |
| print('[*] ---------------------------------'); | |
| print('[*] --- AIVD Cyber challenge 2015 ---'); | |
| print('[*] ---------------------------------\n'); | |
| local start_time = os.clock() | |
| function rfa( secret ) | |
| return inverse(secret, 3141592653,2) | |
| end | |
| function rfb( secret ) | |
| return inverse(secret, 1732050808,4) | |
| end | |
| function rfc( secret ) | |
| return inverse(secret, 2236067977,6) | |
| end | |
| function rfd( secret ) | |
| return inverse(secret, 2645751311,8) | |
| end | |
| function int2ascii(number) | |
| c1 = ( number / 16777216 ) % 256; | |
| c2 = ( number / 65536) %256; | |
| c3 = ( number / 256) %256; | |
| c4 = ( number %256); | |
| return string.char(c1) .. string.char(c2) .. string.char(c3) .. string.char(c4) | |
| end | |
| function inverse( secret, substract, roundtrips) | |
| local max = 4294967296 | |
| local t = {} | |
| for i = 0,roundtrips do | |
| local result = ( (max*i) + (secret-substract) ) | |
| if result > 0 then | |
| result = result / (roundtrips-1) | |
| if result == math.floor(result) then | |
| return result | |
| end | |
| end | |
| end | |
| end | |
| local secret = {} | |
| secret[2066590424] = {rfd,rfb,rfa} | |
| secret[4241186467] = {rfb,rfa,rfd} | |
| secret[2486763883] = {rfb,rfa,rfd} | |
| secret[2743090029] = {rfa,rfd,rfb} | |
| local result = {} | |
| for index,sequences in pairs(secret) do | |
| print("[+] Start inverting number: " .. index) | |
| local number = index | |
| for i = 1,3333333 do | |
| for key,fn in pairs(sequences) do | |
| number = fn(number); | |
| end | |
| end | |
| result[index] = number | |
| print("[+] Finished inverting number: " .. index) | |
| end | |
| -- last roundtrip and convert to ascii values | |
| passphrase = int2ascii(rfd(result[2066590424])) .. | |
| int2ascii(rfb(result[4241186467])) .. | |
| int2ascii(rfc(result[2486763883])) .. | |
| int2ascii(rfa(result[2743090029])) | |
| if passphrase then | |
| print("\n[*] Passphrase found: " .. passphrase) | |
| end | |
| print(string.format("[*] Elapsed time: %.2f\n", os.clock() - start_time)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Debug the original LUA script (output the function names, there is logical sequence in it)
There is no (reverse modular-arithmetic) solution for 2486763883 with the other functions.
Nope, I'm not familiar enough with the IDA debugger ;) But... someone else figured it out: https://github.com/smokeleeteveryday/CTF_WRITEUPS/tree/master/2015/AIVD_CYBERCHALLENGE (spoiler alert)