[Write-up] Programming 01 & Blockchain – WhiteHat Grand Prix 06 – Quals 2020

Tram Ho

Programming 01

Threads

The answer

Connect test we get the following screen:

then try to run with small N (4, 5, 6, 7, …), then the following sequence:

Google tried this sequence and the result was: https://oeis.org/A173196

a (n-1) is the number of integer-sided scalene triangles with largest side <= n, including degenerate (ie, collinear) triangles. a (n-2) is the number of non-degenerate integer-sided scalene triangles. – Alexander Evnin, Oct 12 2010

OK, so the only job that implements the calculation formula, connect and get the flag (note the offset of N threads against n of the sequence):

Run and get the flag:

So the flag is WhiteHat{Y0u_h4v3_4_Sm4rt_Br41n} .

Blockchain – Misc

Threads

The answer

At first glance at the title, I thought that there would be something related to blockchain with hash, timestamp, block, and so on, but once done, it was simply a disguised crypto post. 😧 . Unzip the zip file we have:

The flag.zip file inside has a flag.txt file with a password, our task will be to find the password to decode this file. Reviewing the 2 pem files, the public key is very short, adding a hint to the article Using vulnerable chipset to generate public keys. it is possible that the factor will be or these 2 public keys will have the same factor. And it is true that the problem is in the second direction. We quickly find the corresponding p and q for 2 keys:

Check out the content of block1.json :

We tried decrypt with the corresponding private key for the 2 messages will produce a plaintext, and surprisingly, both block 2 and block 3 can do the same (regardless of the front block? !!, seems to be due the checking is removed, leaving only the data inside). Quick code decoding file:

and run:

Use password [email protected] !4P##Ij extract the flag.zip file, we get a new file with the content base64, decode to a QR image file. Scan this QR code and we have the flag:

Flag: Whitehat{the_ flag_blockchain_ iot}

Conclusion

Share the news now

Source : Viblo