226 lines
3.6 KiB
Markdown
226 lines
3.6 KiB
Markdown
## Friends
|
|
The main idea finding the flag is just parsing the input smartly.
|
|
|
|
#### Step-1:
|
|
When we download `namo.py`, we are greeted with:
|
|
|
|
```python
|
|
import math
|
|
import sys
|
|
|
|
def fancy(x):
|
|
a = (1/2) * x
|
|
b = (1/2916) * ((27 * x - 155) ** 2)
|
|
c = 4096 / 729
|
|
d = (b - c) ** (1/2)
|
|
e = (a - d - 155/54) ** (1/3)
|
|
f = (a + d - 155/54) ** (1/3)
|
|
g = e + f + 5/3
|
|
return g
|
|
|
|
def notfancy(x):
|
|
return x**3 - 5*x**2 + 3*x + 10
|
|
|
|
def mathStuff(x):
|
|
if (x < 3 or x > 100):
|
|
exit()
|
|
|
|
y = fancy(notfancy(x))
|
|
|
|
if isinstance(y, complex):
|
|
y = float(y.real)
|
|
|
|
y = round(y, 0)
|
|
return y
|
|
|
|
print("Enter a number: ")
|
|
sys.stdout.flush()
|
|
x = round(float(input()), 0)
|
|
if x == mathStuff(x):
|
|
print('Fail')
|
|
sys.stdout.flush()
|
|
else:
|
|
print(open('namo.txt').read())
|
|
sys.stdout.flush()
|
|
```
|
|
|
|
#### Step-2:
|
|
So I tried basic numbers and it worked according to the given algorithm but however, we could try a float `nan` and then I ran it along with the remote server to enter the `else` condition at the end.
|
|
|
|
```bash
|
|
echo nan | nc chall.csivit.com 30425
|
|
```
|
|
Output:
|
|
|
|
```bash
|
|
Enter a number:
|
|
Mitrooon
|
|
bhaiyo aur behno "Enter a number"
|
|
mann ki baat nambar
|
|
|
|
agar nambar barabar 1 hai {
|
|
bhaiyo aur behno "s"
|
|
}
|
|
|
|
nahi toh agar nambar barabar 13 hai {
|
|
bhaiyo aur behno "_"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 15 hai {
|
|
bhaiyo aur behno "5"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 22 hai {
|
|
bhaiyo aur behno "4"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 28 hai {
|
|
bhaiyo aur behno "k"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 8 hai {
|
|
bhaiyo aur behno "y"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 17 hai {
|
|
bhaiyo aur behno "4"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 9 hai {
|
|
bhaiyo aur behno "_"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 4 hai {
|
|
bhaiyo aur behno "t"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 3 hai {
|
|
bhaiyo aur behno "c"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 20 hai {
|
|
bhaiyo aur behno "r"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 12 hai {
|
|
bhaiyo aur behno "n"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 0 hai {
|
|
bhaiyo aur behno "c"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 23 hai {
|
|
bhaiyo aur behno "t"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 27 hai {
|
|
bhaiyo aur behno "0"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 10 hai {
|
|
bhaiyo aur behno "n"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 11 hai {
|
|
bhaiyo aur behno "4"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 7 hai {
|
|
bhaiyo aur behno "m"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 25 hai {
|
|
bhaiyo aur behno "c"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 24 hai {
|
|
bhaiyo aur behno "_"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 6 hai {
|
|
bhaiyo aur behno "{"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 16 hai {
|
|
bhaiyo aur behno "_"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 18 hai {
|
|
bhaiyo aur behno "_"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 2 hai {
|
|
bhaiyo aur behno "i"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 5 hai {
|
|
bhaiyo aur behno "f"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 19 hai {
|
|
bhaiyo aur behno "g"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 14 hai {
|
|
bhaiyo aur behno "1"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 21 hai {
|
|
bhaiyo aur behno "3"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 26 hai {
|
|
bhaiyo aur behno "0"
|
|
}
|
|
|
|
|
|
nahi toh agar nambar barabar 29 hai {
|
|
bhaiyo aur behno "}"
|
|
}
|
|
|
|
nahi toh {
|
|
bhaiyo aur behno ""
|
|
}
|
|
|
|
achhe din aa gaye
|
|
```
|
|
|
|
#### Step-3:
|
|
Simple substitution like 0=c, 1=s, 2=i in the context of flag like `csictf{`, would also work. Instead I got this script to get the flag.
|
|
|
|
```bash
|
|
echo nan | nc chall.csivit.com 30425 | grep -A1 'hai {' | sed 's/agar nambar barabar //' | sed 's/nahi toh //' | sed 's/ hai {$/ =/' | sed 's/^\tbhaiyo aur behno \"//' | sed 's/\"$//' | sed 's/--//' | sed ':a;N;$!ba;s/=\n/ /g' | sort -n | uniq | awk '{print $2}' | tr -d '\n'; echo ''
|
|
```
|
|
This is a 1 liner and we get the flag after this.
|
|
|
|
#### Step-5:
|
|
Finally the flag becomes:
|
|
`csictf{my_n4n_15_4_gr34t_c00k}` |