Skip to content

Instantly share code, notes, and snippets.

@matthw

matthw/bf.md

Created June 11, 2023 19:11
Show Gist options
  • Save matthw/688bd912a40e47fba7946fec2a1c601b to your computer and use it in GitHub Desktop.
Save matthw/688bd912a40e47fba7946fec2a1c601b to your computer and use it in GitHub Desktop.
Download ZIP
n00bz CTF - bf
Raw
bf.md 
>->>>>>,[----------[++++++++++>>>>>,>]<]>---<+[-<+]->>>>>[<+++++++++++++++++++++
+++++++++++[>>[-]+>[-]<<-<->[>-]>[-<<[-]>>>]<<<]>+++++++++++++++++++++++++++++++
++++++++++++++++>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++<[>->+<[>]>[<+>-]<<[<]>-]>[-]>[-<<+>>]>>>]+[-<+]-
>>>>>-------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>----------
-----------------------------------------------------[[-]--+[-<+]-<[-]+>++[-->++
]]>>>>>---------------------------------------------------------------[[-]--+[-<
+]-<[-]+>++[-->++]]>>>>>-------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---
----------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>------
--------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>--------
--[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>--------------------------------------------
-------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---------------------------
-----------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>----------------[[-]--+[-<+]-<[-]+>
++[-->++]]>>>>>-----------------------------------------------------------------
----[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>------------------------------------------
---------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-------------------------
----------------------------------------------------------[[-]--+[-<+]-<[-]+>++[
-->++]]>>>>>----------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>------------------
----------------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>
-------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---------
-------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---------------------------------------
------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>----------------
-----------------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>
>---------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>------------------------
-------------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---
--------------------------------------------------------------------------------
---------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>------------------------------[[-]--+
[-<+]-<[-]+>++[-->++]]>>>>>-----------------------------------------------------
-----------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-----------------------------------
-----------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-----------
-----[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-----------------------------------------
-----------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-----------------------
-------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>----------------[[-]--+[-<+]-<[-]+>++[-
->++]]>>>>>-[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>----------------------------------
-[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---------------------------------------------
------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>------[[-]--+[-<+]-<[-]+>++[
-->++]]>>>>>---------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-------------
---[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-------------------------------------------
--------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-----------------------[[-
]--+[-<+]-<[-]+>++[-->++]]>>>>>----------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>
>------------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---
------------------------------------------------------------[[-]--+[-<+]-<[-]+>+
+[-->++]]>>>>>------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>----------------[[-]--+[-<
+]-<[-]+>++[-->++]]>>>>>--------------------------------------------------------
-------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---------
------------------------------------------------------[[-]--+[-<+]-<[-]+>++[-->+
+]]>>>>>--------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>----------------[[-]--+[-<+]-<
[-]+>++[-->++]]>>>>>-------------------------------------[[-]--+[-<+]-<[-]+>++[-
->++]]>>>>>-------------------------------------------------------------------[[
-]--+[-<+]-<[-]+>++[-->++]]>>>>>------------------------------------------------
------------------------------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>----
--------------------------------------------------------------[[-]--+[-<+]-<[-]+
>++[-->++]]>>>>>----------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---[[-]--+[-<+
]-<[-]+>++[-->++]]>>>>>----------------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-
-------------------------------------------------------------------[[-]--+[-<+]-
<[-]+>++[-->++]]>>>>>-----------------------------------------------------------
-----------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-----------------------------------
-------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>---------------------------------
---------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-------------------------------
-----------------[[-]--+[-<+]-<[-]+>++[-->++]]>>>>>-----------------------------
-----------------[[-]--+[-<+]-<[-]+>++[-->++]]+[-<+]->+++[[-]>+++]+[-<+]-<[->[-]
<->++++++++++[>+++++++>+++++++++++>++++++++++>+++>+++++++++++>+++++++++++>++++++
+++++>+++++++++++>++++++++++++>++++>+++>+++++++++++>+++++++++++>+++++++++++>++++
+++++++>++++++++++>+++>++++++++++>++++++++++>+++++++++>++++++++++>++++>+++>+++++
++++++>+++++++++++>++++++++++++>+++>+++++++++>++++++++++>+++++++++>++++++++++>++
+++++++++>++++>+++>+++++++>+++++++++++>+++>+++++++++++>+++++++++++>+++++++++++>+
+++++>+++>++++++++++>++++++++++>++++++++++>+++>+++++>+++++[-<+]->-]>++++++>+>+++
+++++>++>+++++>+>++++>++++>+>++++>++>+++++++++>++++>+>>+++>++>++>++++++++>++++++
+>+++>++++>++>++++++>++++>+>++>+++++++>+++>+++++++>+++++>>++++++>++>+++++++++>++
++>++>>+>++++++>+++>++>+++++>>+++++++>++>++++++++>++[-<+]>>[.[-]>]]>[[-]<->+++++
+++++[>+++++++>++++++++++>+++++++++>++++++++++>+++>+++>++++++++>+++++++++++>++++
+++++++>+++>++++++++++>+++++++++++>+++++++++++>+++>++++++++++>+++++++++++>++++[-
<+]->-]>++++++++>+++++>+++++++++>+>+++>++>+++++++++>+>+++++++>++>+++>+>++++++>++
>+++++>++++++>++++[-<+]>>[.[-]>]]

want to reverse that ? nop :)

  1. get rid of unicode
>>> open("chall3.bf", "wb").write(open("chall.bf", "rb").read().replace(b'\x00', b'')[2:])
6019
  1. generate C source
from bftc import code_generator, tokenizer

with open("chall3.bf") as bf_source:
    tokens = [tokenizer.tokenize(char) for char in bf_source.read()]
    with open("chall3.c", "w") as c_source:
        c_source.write(code_generator.generate(tokens))
  1. compile
% gcc -O3 chall3.c -o chall3
% echo $"lol\x00" | ./chall3
Lol sorry, wrong flag, try again. Or not? idk :)
  1. use valgrind to count instructions
#!/usr/bin/zsh

echo $"$1\x00" | valgrind --tool=callgrind ./chall3 2>&1| grep Collected | awk '{ print $NF }'
rm -f callgrind.out.*
  1. profit with heavy machinery
import os

rg = " !./0123456789@ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz{}"

def count(s):
    os.system('./count.sh "%s" > l'%s)
    return int(open("l").read().strip())

f = "____{"     # works with 4 chars before {, not with 5 or "n00bz", dont ask me why
while True:
    prev = 0 
    for x in rg: 
        s = f+x 
        c = count(s)
        # when the char is correct, this is somehow negative, dont ask me why
        if c - prev < 0:
            print(s)
            print("%d  (%d)"%(c, c-prev))
            f += x
            break
        prev = c 
% python slv.py
____{Y
403486  (-615)
____{Y0
408035  (-710)
____{Y0u
416879  (-805)
____{Y0u_
424220  (-644)
____{Y0u_6
428868  (-995)
____{Y0u_60
433037  (-1090)
____{Y0u_60D
438391  (-1185)
____{Y0u_60D_
445352  (-1024)
____{Y0u_60D_1
449300  (-1375)
____{Y0u_60D_1t
457415  (-1470)
____{Y0u_60D_1t_
464091  (-1309)
____{Y0u_60D_1t_6
468074  (-1660)
____{Y0u_60D_1t_60
471578  (-1755)
____{Y0u_60D_1t_60d
478289  (-1850)
____{Y0u_60D_1t_60d4
481859  (-1945)
____{Y0u_60D_1t_60d4M
486934  (-2040)
____{Y0u_60D_1t_60d4Mm
493936  (-2135)
____{Y0u_60D_1t_60d4Mm1
497029  (-2230)
____{Y0u_60D_1t_60d4Mm17
500411  (-2325)
____{Y0u_60D_1t_60d4Mm17_
506232  (-2164)
____{Y0u_60D_1t_60d4Mm17_1
509040  (-2515)
____{Y0u_60D_1t_60d4Mm17_1m
515567  (-2610)
____{Y0u_60D_1t_60d4Mm17_1m_
521103  (-2449)
____{Y0u_60D_1t_60d4Mm17_1m_P
525584  (-2798)
____{Y0u_60D_1t_60d4Mm17_1m_Pr
532146  (-2895)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0
534415  (-2990)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0U
538931  (-3085)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud
544312  (-3180)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_
549278  (-3019)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0
551167  (-3370)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f
556391  (-3465)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_
561072  (-3304)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y
567322  (-3655)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0
568831  (-3750)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U
572587  (-3845)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_
576888  (-3684)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N
580032  (-4035)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0
581161  (-4130)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W
584665  (-4225)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_
588586  (-4064)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t
593756  (-4415)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4
594761  (-4510)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K
597143  (-4605)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3
597894  (-4700)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_
601340  (-4539)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_R
603859  (-4890)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_Re
607499  (-4985)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_Re5
607998  (-5080)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_Re57
608530  (-5175)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_Re57!
607559  (-5264)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_Re57!!
606493  (-5359)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_Re57!!!
605332  (-5454)
____{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_Re57!!!}
609937  (-5492)

% echo $'n00bz{Y0u_60D_1t_60d4Mm17_1m_Pr0Ud_0f_y0U_N0W_t4K3_Re57!!!}\x00' | ./chall3
Nice! You got it!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment