Writeup by Valar_Dragon

  • Cryptography
  • 75 points
  • We found running at It seems to be outputting the flag but randomizing all the characters first. Is there anyway to get back the original flag?

Lets start by looking at!

import random,string

flag = "FLAG:"+open("flag", "r").read()[:-1]
encflag = ""
for c in flag:
  if c.islower():
    #rotate number around alphabet a random amount
    encflag += chr((ord(c)-ord('a')+random.randrange(0,26))%26 + ord('a'))
  elif c.isupper():
    encflag += chr((ord(c)-ord('A')+random.randrange(0,26))%26 + ord('A'))
  elif c.isdigit():
    encflag += chr((ord(c)-ord('0')+random.randrange(0,10))%10 + ord('0'))
    encflag += c
print "Unguessably Randomized Flag: "+encflag

We are actually given the seed for the RNG, so the sequence of random numbers isn't actually random. So we just need to reverse the encflag, by subtracting the random number instead of adding it. Connecting to the server a couple times, you see that the encflag being returned is the same everytime, further evidence of the same seed being used.

$ nc 33123
Unguessably Randomized Flag: BNZQ:2m8807395d9os2156v70qu84sy1w2i6e

So making a solver that repeats the code of, except with subtracting the random number, and using encflag instead of flag, we get:

$ python

Which is our flag!

results matching ""

    No results matching ""