master
Nebula - Level 14 - Intuitive Encryption
About
This program resides in /home/flag14/flag14. It encrypts input and writes
it to standard output. An encrypted token file is also in that home directory,
decrypt it :)
To do this level, log in as the level14 account with the password
level14. Files for this level can be found in /home/flag14.
Solution
Entering the line echo "0123456789" | /home/flag14/flag14 -e returns 02468:<>@B. Examining the
ASCII table with man ascii gives us the follwing insight.
| Original | Modified | Input | Output | Difference |
|---|---|---|---|---|
| 0 | 0 | 48 | 48 | 0 |
| 1 | 2 | 49 | 50 | 1 |
| 2 | 4 | 50 | 52 | 2 |
| 3 | 6 | 51 | 54 | 3 |
| 4 | 8 | 52 | 56 | 4 |
| 5 | : | 53 | 58 | 5 |
| 6 | < | 54 | 60 | 6 |
| 7 | > | 55 | 62 | 7 |
| 8 | @ | 56 | 64 | 8 |
| 9 | B | 57 | 66 | 9 |
The Difference column shows that the character shifts based on the index in which it occurs in the
input. Armed with this knowledge, create a program to reverse the algorithm.
#!/usr/bin/python
tokenFile = open("/home/flag14/token", "r")
token = tokenFile.readlines()[0]
tmp = ''
index = 0
for char in token:
if 0 <= ord(char) - index <= 255:
tmp += chr(ord(char) - index)
index += 1
print tmp, index
print tmp
Save the file as decrypt.py, run chmod +x decrypt.py, and then execute the file with
./decrypt.py. This token serves as the password for the flag14 account.