We were given a gzip compressed file which had the rot13 encoded python source for the challenge. The source had python bytecode which could be disassembled using dis module.
if __name__ == "__main__":
codeobj = marshal.loads(bytecode.decode('base64'))
f = new.function(codeobj, globals(), "f", None, None)
dis.dis(f)
2 0 LOAD_CONST 0 (-1)
3 LOAD_CONST 1 (('sha1',))
6 IMPORT_NAME 0 (hashlib)
9 IMPORT_FROM 1 (sha1)
12 STORE_NAME 1 (sha1)
15 POP_TOP
3 16 LOAD_CONST 0 (-1)
19 LOAD_CONST 2 (('getenv',))
22 IMPORT_NAME 2 (os)
25 IMPORT_FROM 3 (getenv)
28 STORE_NAME 3 (getenv)
31 POP_TOP
4 32 LOAD_NAME 3 (getenv)
35 LOAD_CONST 3 ('NO_CON_NAME')
38 LOAD_CONST 4 ('')
41 CALL_FUNCTION 2
44 LOAD_CONST 5 ('Y')
47 COMPARE_OP 2 (==)
50 POP_JUMP_IF_FALSE 147
6 53 LOAD_CONST 6 (' 57 68 61 74 20 69 73 20 74 68 65 20 61 69 72 2d ')
56 STORE_GLOBAL 4 (flag)
7 59 LOAD_GLOBAL 4 (flag)
62 LOAD_CONST 7 (' 73 70 65 65 64 20 76 65 6c 6f 63 69 74 79 20 6f ')
65 INPLACE_ADD
66 STORE_GLOBAL 4 (flag)
8 69 LOAD_GLOBAL 4 (flag)
72 LOAD_CONST 8 (' 66 20 61 6e 20 75 6e 6c 61 64 65 6e 20 73 77 61 ')
75 INPLACE_ADD
76 STORE_GLOBAL 4 (flag)
9 79 LOAD_GLOBAL 4 (flag)
82 LOAD_CONST 9 (' 6c 6c 6f 77 3f ')
85 INPLACE_ADD
86 STORE_GLOBAL 4 (flag)
10 89 LOAD_GLOBAL 4 (flag)
92 LOAD_ATTR 5 (replace)
95 LOAD_CONST 10 (' ')
98 LOAD_CONST 4 ('')
101 CALL_FUNCTION 2
104 STORE_GLOBAL 4 (flag)
11 107 LOAD_GLOBAL 4 (flag)
110 LOAD_ATTR 6 (decode)
113 LOAD_CONST 11 ('hex')
116 CALL_FUNCTION 1
119 STORE_GLOBAL 4 (flag)
12 122 LOAD_CONST 12 ('NCN')
125 LOAD_NAME 1 (sha1)
128 LOAD_GLOBAL 4 (flag)
131 CALL_FUNCTION 1
134 LOAD_ATTR 7 (hexdigest)
137 CALL_FUNCTION 0
140 BINARY_ADD
141 STORE_GLOBAL 4 (flag)
144 JUMP_FORWARD 0 (to 147)
>> 147 LOAD_CONST 13 (None)
150 RETURN_VALUE
This translates to below code:
#!/usr/bin/env python
from hashlib import sha1
from os import getenv
#from os import environ
#environ['NO_CON_NAME'] = 'Y'
if getenv('NO_CON_NAME') == 'Y':
flag = ' 57 68 61 74 20 69 73 20 74 68 65 20 61 69 72 2d '
flag += ' 73 70 65 65 64 20 76 65 6c 6f 63 69 74 79 20 6f '
flag += ' 66 20 61 6e 20 75 6e 6c 61 64 65 6e 20 73 77 61 '
flag += ' 6c 6c 6f 77 3f '
flag = flag.replace(' ','').decode('hex')
flag = 'NCN' + sha1(flag).hexdigest()
print flag
Flag for the challenge is NCN6ceeeff26e72a40b71e6029a7149ad0626fcf310
No comments:
Post a Comment