Joel Neukom

Spending more money on coffee than on security

1 minute read

General infos

https://www.hacking-lab.com/events/hackvent-2022

[HV22.01] QR means quick reactions, right?

You can download a QR code gif. The qr code is changing so fast you won’t be able to scan it. qr code gif

I pasted it into https://safeimagekit.com/download?tool=Gif%20extractor which generates me this:

qr codes chain Each QR code is a letter of the flag.

I scanned each image with my phone. That was pain in the ass. Had issues with I and l and _ and -.

[HV22.02] Santa’s song

In this picture there is a number password hidden:

song

  • I tried: 3454143444 (beat numbers, per beat the beats and its beatlength, from left to right )
  • I tried: 3513444444 (beat numbers, first all beats number from left to right, than all beatlength numbers from left to right. )
  • I tried: 35134 (only the beat numbers)
  • I tried: 1231234511231234 (Counting the beats, starting from 1 each section)
  • I tried: 1634613261622332 (c-dur tonleiter: c=1, d=2, e=3, f=4, g=5, a=6, h=7)
  • I tried: 0634613260622332 (c-dur tonleiter (+b): b=0, c=1, d=2, e=3, f=4, g=5, a=6, h=7)
  • I tried: 1745724371733443 (c-dur tonleiter (+b): b=1, c=2, d=3, e=4, f=5, g=6, a=7, h=8)
  • I tried: 9897101321029799101100329732989710032100101101100 (ascii dec respresentation of “bae faced a bad deed”)

The song in notes:

b a’ e’ | f a’ c’ e’ d’ | a’ | b a’ d’ | d’ e’ e’ d’ bae faced a bad deed

[HV22.03] gh0st

There is a python script given

It takes an input string “flag” and xors it with a song (string). The encrypted message is also given (variable “correct”)

correct = [17, 55, 18, 92, 91, 10, 38, 8, 76, 127, 17, 12, 17, 2, 20, 49, 3, 4, 16, 8, 3, 58, 67, 60, 10, 66, 31, 95, 1, 93]
for i,c in enumerate(flag):
    flag[i] ^= ord(song[i*10 % len(song)])

First attempt is to try the ascii table for each letter:

bruteforced = [0] * 30
for i in range (30):
    for asciiCount in range(127):
        if (asciiCount ^ ord(song[i*10 % len(song)]) == correct[i]):
            bruteforced[i] = asciiCount
print(list(map(chr, bruteforced)))

This gave me the flag.

check gh0st.py

[HV22.04] Santas radians

There are 21 numbers

arc(x, y, radius, startAngle, endAngle)

You May Also Enjoy

Code smells

2 minute read

MagicNumbers/string Refactoring: Introduce constant with a meaningful name. But don’t over do it. If the constant is only used once, it might be better to le...

Use ADO Feed inside docker

1 minute read

Normal case When you use ADO Nuget feed from a pipeline you do something like this: Create feed on ADO or use existing Add the feed into your Nuget.Conf...