PicoCTF - Wizardlike

# PicoCTF - Wizardlike ## Recon 這一題蠻有趣的，如果只是單純執行程式碼，會發現是一個迷宮的遊戲，不過走越多會發現兩個現象 1. 遊戲本身根本無法破關 2. 有一些"道路"回隨著角色本身的移動慢慢浮現出來我也不知道是哪來的想法直覺想要看他的地圖，因為看IDA翻出來的code，貌似有十個關卡，而如果把地圖翻出來會發現每一個關卡總共會有10000個字元，然後每一列都是100個字元呈現，然後就發現他其實是用地圖的方式呈現他的flag，則我們可以先把10個關卡的所有字元另存一個檔案(純手工)，再寫一點點script就可以把flag還原 ## Exploit - 通靈 ```python f = open('./cipher.txt', 'r').read() pt = open('./flag.txt', 'w') flag = "\n".join([f[100 * i : 100 * i + 100] for i in range(len(f) // 100)]) pt.write(flag) ``` :::spoiler flag ``` ######### #.......# ......#................................... #.......# ....................####.#####.#####..###. #........ .####.#..###..###..#.......#...#......#... #.......# .# #.#.#....# #.#.......#...###...#.... #.......# .####.#.#....# #.#.......#...#......#... #.......# .#....#..###..###...####...#...#......###. #.......# .#........................................ #.......# .......................................... #.......# #.......# #.......# #.......# #.......# #......># ######### #####. ............................................................. #.<.#. ...............#..#.............##.......#..#........#....... #...#. .#..#.###......#..#.......#...#..#.####..#..#.###....#....... #...#. .#..#.#........####.......#.#.#..#...#...####.#...####....... #...#. .####.#...####....#.#####..#.#..###.####....#.#...####.#####. . ............................................................. . ............................................................. . ............................................................. #.... #...# #...# #...# #...# #...# #.>.# ##### ################# ....... #<..............#. ..###.. #...............#.. .#...#. #..............#......###.. #...#.......#...#.. .#...#. #..###.....###..#. ..###.. #...#...#...#...# ....... #......#>#......# ....... #...............# #...#.......#...# #..###.....###..# #...#.......#...# #...............# #...............# #...............# ################# ... .. ....... .<. ####. .#####. ... ...#.. .#..... ... ...#....###... ..>#.. .#..... ####. .#..... .. ....... ....... ######################## #<.............#.......# #..............#.#...#.# #..............#.#...#.# #..............#.#####.# #..............#.....#.# #..............#.....#.# #..............#.......# #..............#.......# ######################## ....... .<..... ....... ....... ....... ....... ....... ....... ....... ....... ....... .....>. ....... ####### ....... .####.. .#...#. .####.. .#...#. .####.. ....... ....... ... .<......... ........... ... .. .. .. .. .. .. .. .............. ..##########.. .# #. .# ....... #. .# ..###.. #. .# .#...#. #. .# .#...#. #. .# .#...#. #. .# ..###.. #. .# ....... #. .# ....... #. .# #. ..##########.. .............> ######################### #<#......#.#.......###..# #.#.###..#.#.......##..## #.#.#.#..#.#.......#..### #.#.#.#..#.#.......#...## #...#....#..#......#....# #.######.##..###.###....# #.#.....................# #.###.#################.# #.......................# #########.###.#########.# #.......#.#.#.#.........# #.#...#.#.#...#.######### #.#...#.#.#.#.#.........# #.#####.#.#.#.#########.# #.....#.#.#.#.#.........# #.....#.#.#.#.#.######### #.......#.#.#.#.........# #.......#.#.#.#########.# #########.#.#.#...#...#.# #...........#.#.#.#.#.#.# #########...#.#.#.#.#.#.# #.......#...#.#.#.#.#.#.# ####.####...#.#.#.#.#.#.# ##..........#.#.#.#.#.#.# #.#..####...#.#.#.#.#.#.# #..#....#####.#.#.#.#.#.# #...#...#...#.#.#...#...# #....#........#.######### #...........#.#........># ########################. ... ....... .<. ..###.. ... .#...#. ... .#####. .#...#. .#...#. ....... ....... #####################################################################################..............# #####################################################################################.#####.###....# #####################################################################################.#.......#....# #####################################################################################.###......#...# #####################################################################################.#.......#....# #####################################################################################.#####.###....# #####################################################################################..............# #####################################################################################..............# ``` ::: Flag: `picoCTF{ur_4_w1z4rd_8F4B04AE}`