BIG GULP SUPREME TUCTF 2022 - A Sheep Jumps Over A Fence


TUCTF 2022 - A Sheep Jumps Over A Fence

, ,

Problem Description

I designed an algorithm to encrypt a message. No one can decrypt it without any information about my algorithm.

Solution

We are given a string that looks like this:
0x56455a7059574e7459584a685a576c756557646f59565637633364765a57647664474e305a48427965584e4464476c6c62584e6c6257463165574e3059574e7a5647687a6247567a5a6d527a636d46796233427366513d3d

Judging from the 0x, it looks to be hexadecimal.
After decoding it we end up with:

VEZpYWNtYXJhZWlueWdoYVV7c3dvZWdvdGN0ZHByeXNDdGllbXNlbWF1eWN0YWNzVGhzbGVzZmRzcmFyb3BsfQ==

which strongly resembles base64. From decoding the base64 we end up with:

TFiacmaraeinyghaU{swoegotctdprysCtiemsemauyctacsThslesfdsraropl}

Now we have something starting to resemble the flag format:

TUCTF{3x4mpl3_fl4g}

From here we simply need to figure out how the flag is scrambled. We know that it should start with “TUCTF”, so lets quickly take a look at the position of those characters in the string.
Assuming the first character “T” is in its correct place (index 0), we notice that the next character we need “U” is at index 16. If we move over another 16 indexes, we get the next letter “C” and so on.

Ok, so we know the pattern that we can use to unscramble the letters, now we just have to code it. My solution will use Java but this can be done in any language:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
public class SheepDcode {  
    public static void main(String[] args) {  
        String enc = "TFiacmaraeinyghaU{swoegotctdprysCtiemsemauyctacsThslesfdsraropl}"; //our scrambled flag  
        String flag = ""; //the unscrambled flag we will make.  
        int idx = 0; //we will start with an index of 0, since we assume the first letter is positioned correctly

        /* This loop will simply go through our letters from index 0 to our last index, moving over 16 indexes at a time.        
        * When our idx goes over the maximum idx of enc, we simply mod it by 16, then add 1, shifting our letters so        
        * we don't end up with the same letters repeating each time we go out of bounds.*/        
        for(int i = 0; i < enc.length(); i++){  
            flag += enc.charAt(idx);  
            System.out.println(flag); //debug print  
            idx += 16;  
            if(idx >= enc.length()){  
                idx = idx % 16 + 1;  
            }  
        }  
        System.out.println(flag);  
    }  
}

Running the code, we get this satisfying output as it puts together our flag, letter by letter:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
T
TU
TUC
TUCT
TUCTF
TUCTF{
TUCTF{t
TUCTF{th
TUCTF{thi
TUCTF{this
TUCTF{thisi
TUCTF{thisis
TUCTF{thisisa
TUCTF{thisisaw
TUCTF{thisisawe
TUCTF{thisisawel
TUCTF{thisisawelc
TUCTF{thisisawelco
TUCTF{thisisawelcom
TUCTF{thisisawelcome
TUCTF{thisisawelcomem
TUCTF{thisisawelcomeme
TUCTF{thisisawelcomemes
TUCTF{thisisawelcomemess
TUCTF{thisisawelcomemessa
TUCTF{thisisawelcomemessag
TUCTF{thisisawelcomemessage
TUCTF{thisisawelcomemessagef
TUCTF{thisisawelcomemessagefr
TUCTF{thisisawelcomemessagefro
TUCTF{thisisawelcomemessagefrom
TUCTF{thisisawelcomemessagefromd
TUCTF{thisisawelcomemessagefromda
TUCTF{thisisawelcomemessagefromdat
TUCTF{thisisawelcomemessagefromdata
TUCTF{thisisawelcomemessagefromdatas
TUCTF{thisisawelcomemessagefromdatase
TUCTF{thisisawelcomemessagefromdatasec
TUCTF{thisisawelcomemessagefromdatasecu
TUCTF{thisisawelcomemessagefromdatasecur
TUCTF{thisisawelcomemessagefromdatasecuri
TUCTF{thisisawelcomemessagefromdatasecurit
TUCTF{thisisawelcomemessagefromdatasecurity
TUCTF{thisisawelcomemessagefromdatasecuritya
TUCTF{thisisawelcomemessagefromdatasecurityan
TUCTF{thisisawelcomemessagefromdatasecurityand
TUCTF{thisisawelcomemessagefromdatasecurityandc
TUCTF{thisisawelcomemessagefromdatasecurityandcr
TUCTF{thisisawelcomemessagefromdatasecurityandcry
TUCTF{thisisawelcomemessagefromdatasecurityandcryp
TUCTF{thisisawelcomemessagefromdatasecurityandcrypt
TUCTF{thisisawelcomemessagefromdatasecurityandcrypto
TUCTF{thisisawelcomemessagefromdatasecurityandcryptog
TUCTF{thisisawelcomemessagefromdatasecurityandcryptogr
TUCTF{thisisawelcomemessagefromdatasecurityandcryptogra
TUCTF{thisisawelcomemessagefromdatasecurityandcryptograp
TUCTF{thisisawelcomemessagefromdatasecurityandcryptograph
TUCTF{thisisawelcomemessagefromdatasecurityandcryptography
TUCTF{thisisawelcomemessagefromdatasecurityandcryptographyc
TUCTF{thisisawelcomemessagefromdatasecurityandcryptographycl
TUCTF{thisisawelcomemessagefromdatasecurityandcryptographycla
TUCTF{thisisawelcomemessagefromdatasecurityandcryptographyclas
TUCTF{thisisawelcomemessagefromdatasecurityandcryptographyclass
TUCTF{thisisawelcomemessagefromdatasecurityandcryptographyclass}
TUCTF{thisisawelcomemessagefromdatasecurityandcryptographyclass}

And that’s it, we have our flag!

TUCTF{thisisawelcomemessagefromdatasecurityandcryptographyclass}

Big thanks to the TUCTF organizers for putting on such a great CTF this year! This was my first year doing it, and I’ll definitely be back again next year.