Try   HackMD

[zer0pts CTF 2020] QR Puzzle

tags: zer0pts CTF 2020

overview

We're given 64bit ELF chall and encrypted.qr, key. Obviously, chall used key to encrypt QR

analysis

chall is straitforwarded, being easy to reversing.

  1. read QR code
  2. read key
  3. encryption
  4. save

We focus to read key and encryption.

read key

There may be a struct like struct key {int B; int C; int A; struct key* prev; };. Reading key and constructing linked list.

encryption

My decompile

































int encrypt(int *qr_ptr, Key *key) {
    while (key != 0) {
        int B = key->B, C = key->C;
        int rax, rcx, rdx, r8;
        switch (key->A) {
            case 0:
                rdx = B-1;
                r8 = C;
                break;
            case 1:
                rdx = B+1;
                r8 = C;
                break;
            case 2:
                rdx = B;
                r8 = C-1;
                break;
            case 3:
                rdx = B;
                r8 = C+1;
                break;
            default:
                break;
        }

        qr_ptr[rcx + rax] += qr_ptr[r8 + rdx];
        qr_ptr[r8 + rax] = qr_ptr[rcx + rax - (r8 + rax)];
        qr_ptr[rax + rcx] -= qr_ptr[r8 + rdx];
        
        key = key->prev;
    }
}

0123 is corresponding up / down / move left / move right. this function swap the QR bit following 0123.

solution

To decrypt, just swap from bottom to top. To create reverse key like tac key > rev_key.

Then just get the flag.

Last changed by 
theoldmoon0602
0
571
Published on HackMD