You like Python, security challenge and traveling? Win a free ticket to HITB KUL!

If you do not like reverse engineering but still like security challenges, we built one for you. And you can use your brain to get a free entry to HITB KUL: https://conference.hitb.org/hitbsecconf2014kul/

Here and back again, a story of C and Python. This CTF will test your knowledge of Python. Not only your knowledge of the Python language, nooooooo, your knowledge of the Python internals, the C API, CPython too!

Hall of Fame

Player Speed run Medals
commial Fri, 5 Sep 2014 00:17:32 former Qb trainee
kevmod Fri, 5 Sep 2014 02:40:08 Speedy Gonzales
hackedd Fri, 5 Sep 2014 22:31:32  
haypo Sat, 6 Sep 2014 01:53:03  
0vercl0k Sat, 6 Sep 2014 03:06:20 Gollum
Murachue Sat, 6 Sep 2014 07:48:19  
huyna89 Sun, 7 Sep 2014 14:41:20 Jon Snow
iodboi Sun, 7 Sep 2014 21:52:34  
cregnec Mon, 8 Sep 2014 22:09:12  
tlk Tue, 09 Sep 2014 23:14:39  
hakril Thu, 11 Sep 2014 20:57:18  

Warming Up

An URL is hidden in this snippet:

(lambda g, c, d: (lambda _: (_.__setitem__('$', ''.join([(_['chr'] if ('chr'
in _) else chr)((_['_'] if ('_' in _) else _)) for _['_'] in (_['s'] if ('s'
in _) else s)[::(-1)]])), _)[-1])( (lambda _: (lambda f, _: f(f, _))((lambda
__,_: ((lambda _: __(__, _))((lambda _: (_.__setitem__('i', ((_['i'] if ('i'
in _) else i) + 1)),_)[(-1)])((lambda _: (_.__setitem__('s',((_['s'] if ('s'
in _) else s) + [((_['l'] if ('l' in _) else l)[(_['i'] if ('i' in _) else i
)] ^ (_['c'] if ('c' in _) else c))])), _)[-1])(_))) if (((_['g'] if ('g' in
_) else g) % 4) and ((_['i'] if ('i' in _) else i)< (_['len'] if ('len' in _
) else len)((_['l'] if ('l' in _) else l)))) else _)), _) ) ( (lambda _: (_.
__setitem__('!', []), _.__setitem__('s', _['!']), _)[(-1)] ) ((lambda _: (_.
__setitem__('!', ((_['d'] if ('d' in _) else d) ^ (_['d'] if ('d' in _) else
d))), _.__setitem__('i', _['!']), _)[(-1)])((lambda _: (_.__setitem__('!', [
(_['j'] if ('j' in _) else j) for  _[ 'i'] in (_['zip'] if ('zip' in _) else
zip)((_['l0'] if ('l0' in _) else l0), (_['l1'] if ('l1' in _) else l1)) for
_['j'] in (_['i'] if ('i' in _) else i)]), _.__setitem__('l', _['!']), _)[-1
])((lambda _: (_.__setitem__('!', [1373, 1281, 1288, 1373, 1290, 1294, 1375,
1371,1289, 1281, 1280, 1293, 1289, 1280, 1373, 1294, 1289, 1280, 1372, 1288,
1375,1375, 1289, 1373, 1290, 1281, 1294, 1302, 1372, 1355, 1366, 1372, 1302,
1360, 1368, 1354, 1364, 1370, 1371, 1365, 1362, 1368, 1352, 1374, 1365, 1302
]), _.__setitem__('l1',_['!']), _)[-1])((lambda _: (_.__setitem__('!',[1375,
1368, 1294, 1293, 1373, 1295, 1290, 1373, 1290, 1293, 1280, 1368, 1368,1294,
1293, 1368, 1372, 1292, 1290, 1291, 1371, 1375, 1280, 1372, 1281, 1293,1373,
1371, 1354, 1370, 1356, 1354, 1355, 1370, 1357, 1357, 1302, 1366, 1303,1368,
1354, 1355, 1356, 1303, 1366, 1371]), _.__setitem__('l0', _['!']), _)[(-1)])
            ({ 'g': g, 'c': c, 'd': d, '$': None})))))))['$'])

Where to start

Get the file at the URL above, then use your brain!

How to win

You need to find the title of a fan song hidden in the program. You will know you have found the right title when its salted SHA256 is:

61b42c223973996c797a9a366c64c3595052ff71089b4ff13d3251b66b6366e9

salted with:

bacalhau

In order to win, send this information to hitbkul14-AT-quarkslab.com

Once you have sent us an email, we will wait 1 week at most to get a document describing how you solved the challenge. Without that document, you can not be a winner.

Note that the timing will be based on the 1st email, the one with the song title.

What to win and who can win

We have 3 free tickets to offer to attend to HITB KUL: https://conference.hitb.org/hitbsecconf2014kul/

So, it means 3 winners:

  • Speedy Gonzales: the fastest correct answer received will get a prize.
  • Gollum: he always finds twisted way to achieve its goal! We decided to create a prize rewarding the best "hack" of our challenge. So, a ticket will go to the most creative solution we will receive.
  • You know nothing, Jon Snow: this prize is for student only. In order to encourage junior people to move to security, come party^W attend to a major security event, meet people, and learn a lot.

These 3 winners will have their solution published here.

Creditz

Serge Guelton as a chiptune addict, and Nicolas Szlifierski, his trainee who managed to code in spite of the strange music in the desk.

Comments