Kabinet's GitBook
  • 🚩Kabinet CTF's Writeups
  • Page
  • 2025
    • Thuderdome
      • Emerge through the breach
      • Pulled from the sky
      • An absent defense
      • A new wave (web of deceit)
      • Crossing the great divide
      • Joining forces as one
      • Infiltrate (open the gate)
      • Jaeger
      • Victory
  • 2024
    • GreyCTF 2024
      • Markdown Parser
      • Fearless Concurrency
      • GreyCTF Survey
      • Baby Web
      • Beautiful Styles
      • All About Timing
      • Poly Playground
    • TetCTF 2024
      • Hello from API GW
      • Microservices
  • 2023
    • BSidesSF Cloud Village CTF
      • Tony Tony Tony
      • Plain Sight
      • A Suit of Armor Around The World
      • Sharing is Caring + Sequel
      • Photo Drive
    • DART CTF
      • Flag 1
      • Flag 2
      • Flag 3
      • Flag 4
      • Flag 5
      • Flag 6
      • Flag 7
      • Flag 8
      • Flag 9
      • Flag 10
    • EKS Cluster Games
    • Big IAM Challenge
  • 2022
    • Stack The Flag
      • Secret of Meow Olympurr
  • Authored
    • Cyber League 2025 Major 1
      • Perfect Storage
      • catalog commits
      • pawtainer hub
    • Lag and Crash 2023
      • Managed Secrets
      • Pickle Rick
      • Cloudy with a chance of meatball
    • NYP InfoSec December CTF 2022
      • Super Secure Technology Infrastructure
      • Self Introduction
      • Aww Cuter Cat
      • Obligatory Calc
      • BreadSecurity
  • NYP InfoSec Introduction to Pentesting Workshop
Powered by GitBook
On this page

Was this helpful?

  1. 2023
  2. DART CTF

Flag 3

In the debug application, there are some python code

Imp = b'Use the same carefully'
MyValue =  b'a*)h\x1f/!U9&\x1f\x1cz\x19\x038\r%/?\x15)\x10\x1d\t\x15A\\\nt&S8:L2%7\tW\x1dZ54\x14\t#U8\r?b70PX'a

def enc(MyValue):
    bytevalue = bytearray()
    for i in range(len(MyValue)):
        bytevalue.append(MyValue[i] ^ Imp[i % len(Imp)])
    return bytes(bytevalue)

value = enc(MyValue.encode())
print(value)
Flag 2 : Telemetry check-in confirmed.

The code defines a function called enc() that performs performs an XOR operation between each byte in MyValue and the corresponding byte in the Imp byte string.

The result of this operation is then appended to a new byte array called bytevalue. Finally, the enc() function returns the contents of bytevalue as a byte string.

Modifying the code to print out the decoded text, which is a key for azure function.

Imp = b'Use the same carefully'
MyValue =  b'a*)h\x1f/!U9&\x1f\x1cz\x19\x038\r%/?\x15)\x10\x1d\t\x15A\\\nt&S8:L2%7\tW\x1dZ54\x14\t#U8\r?b70PX'

def enc(MyValue):
    bytevalue = bytearray()
    for i in range(len(MyValue)):
        bytevalue.append(MyValue[i] ^ Imp[i % len(Imp)])
    return bytes(bytevalue)

value = enc(MyValue)

print(value.decode())

I then manually visited all 3 function with the function key to see if it works, and the Blanket App allow me to retrieve the flag.

http://rosarray.azurewebsites.net/api/Blanket?code=4YLHkGDuJGryZzbJhCZSyPEnl554oTU2U_lQDEl1h6YMAzFuLeZBDQ==

Flag 3 : Anomaly detected in spacecraft trajectory.

PreviousFlag 2NextFlag 4

Last updated 2 years ago

Was this helpful?