[New post] picoCTF 2021 keygenme-py Writeup

Daniel posted: " keygenme-py is a Reverse Engineering puzle worth 30 points. The puzzle does not come with a description, but provides source code for a small game written in Python named keygenme-trial.py. This game is far from complete and is only 243 lines of Py" Respond to this post by replying above this line New post on DMFR SECURITY picoCTF 2021 keygenme-py Writeup by Daniel keygenme-py is a Reverse Engineering puzle worth 30 points. The puzzle does not come with a description, but provides source code for a small game written in Python named keygenme-trial.py. This game is far from complete and is only 243 lines of Python. Reading the source, it is clear that the check_key function is the key to obtaining the flag. This code is taking positional values from the SHA256 hex digest of the username this software was licensed to. def check_key(key, username_trial): global key_full_template_trial if len(key) != len(key_full_template_trial): return False else: # Check static base key part --v i = 0 for c in key_part_static1_trial: if key[i] != c: return False i += 1 # TODO : test performance on toolbox container # Check dynamic part --v if key[i] != hashlib.sha256(username_trial).hexdigest()[4]: return False else: i += 1 if key[i] != hashlib.sha256(username_trial).hexdigest()[5]: return False else: i += 1 if key[i] != hashlib.sha256(username_trial).hexdigest()[3]: return False else: i += 1 if key[i] != hashlib.sha256(username_trial).hexdigest()[6]: return False else: i += 1 if key[i] != hashlib.sha256(username_trial).hexdigest()[2]: return False else: i += 1 if key[i] != hashlib.sha256(username_trial).hexdigest()[7]: return False else: i += 1 if key[i] != hashlib.sha256(username_trial).hexdigest()[1]: return False else: i += 1 if key[i] != hashlib.sha256(username_trial).hexdigest()[8]: return False return True At the top of the source code, it has the expected template for the key, which is in picoCTF{} flag format. Writing a key generator for this software was straightforward: #!/usr/bin/env python3 import hashlib username = b"YOUR_USERNAME_HERE" key_prefix = "picoCTF{1n_7h3_|<3y_of_" user_hash = hashlib.sha256(username).hexdigest() key_prefix += user_hash[4] key_prefix += user_hash[5] key_prefix += user_hash[3] key_prefix += user_hash[6] key_prefix += user_hash[2] key_prefix += user_hash[7] key_prefix += user_hash[1] key_prefix += user_hash[8] key_prefix += "}" print(key_prefix) Running this key generator yielded the correct flag. Daniel | October 31, 2021 at 9:08 pm | Categories: CTF, reversing | URL: https://wp.me/p8aFuC-2bJ Comment    See all comments    Like Unsubscribe to no longer receive posts from DMFR SECURITY. Change your email settings at Manage Subscriptions. Trouble clicking? Copy and paste this URL into your browser: http://dmfrsecurity.com/2021/10/31/picoctf-2021-keygenme-py-writeup/ Thanks for flying with WordPress.com