Start by downloading and extracting the source code.
Lets take a look at the source code of
010 PRINT "*** THE FLAG VERIFICATOR: LEVEL 1 ***"
020 PRINT "VERSION FOR MICROSOFT GW-BASIC 1983"
020 PRINT "FLAG FORMAT: FLAG{[A-Z0-9_!]*}"
040 PREFIX=5
050 FL=36
060 DIM F$(PREFIX+FL+1) : READ F$
110 U$=""
120 PRINT "FLAG"; : INPUT U$
130 IF LEN(U$)<>42 THEN GOTO 600
140 A$=""
150 FOR I=FL+PREFIX TO PREFIX+1 STEP -1
160 A$=A$+MID$(U$,I,1)
170 NEXT I
500 IF A$=F$ THEN PRINT "GOOD JOB! NOW SUBMIT THE FLAG." : END
600 PRINT "THE PROVIDED FLAG IS INVALID TRY ANONTHER" : GOTO 120
900 DATA MELBORP_A_EVLOS_OT_SDRAWKCAB_GNIKROW
We notice the last line containing the data
The script reads some input and checks if it is equal to the reversed string
We can reverse this string to obtain the flag.
Don't forget to add the
This time the scipt
010 PRINT "*** THE FLAG VERIFICATOR: LEVEL 2 ***"
020 PRINT "VERSION FOR MICROSOFT GW-BASIC 1983"
030 PRINT "FLAG FORMAT: FLAG{[A-Z0-9_!]*}"
040 LET PREFIX=5
050 LET FL=33
110 U$=""
120 PRINT "FLAG"; : INPUT U$
130 IF LEN(U$)<>PREFIX+FL+1 THEN GOTO 600
200 LET R=3
210 LET C=11
220 LET F=PREFIX+1
230 FOR I=1 TO C
240 FOR J=1 TO R
250 LET X=(J-1)*C+I
260 FOR Z=1 TO X
270 READ A$
280 NEXT Z
300 RESTORE
310 IF A$<>MID$(U$,F,1) THEN GOTO 600
320 F=F+1
330 NEXT J
340 NEXT I
500 PRINT "GOOD JOB! NOW SUBMIT THE FLAG." : END
600 PRINT "THE PROVIDED FLAG IS INVALID TRY ANONTHER" : GOTO 120
900 DATA M,R,_,_,T,_,M,S,N,_,R
910 DATA A,I,I,A,W,D,E,I,A,A,A
920 DATA T,X,S,_,O,I,N,O,L,R,Y
We notice the two loops
just by looking at the data we can read out the flag from top to bottom and left to right.
900 DATA M,R,_,_,T,_,M,S,N,_,R
910 DATA A,I,I,A,W,D,E,I,A,A,A
920 DATA T,X,S,_,O,I,N,O,L,R,Y
Don't forget to add the
060 LET SHIFT=&H80
...
240 F(I)=ASC(MID$(FC$,I,1))+SHIFT
...
900 DATA &HD3,&HD4,&HC1,&HCE,&HC4,&HC1,&HD2,&HC4,&HDF,&HC3
910 DATA &HCF,&HC4,&HC5,&HDF,&HC6,&HCF,&HD2,&HDF,&HC9,&HCE
920 DATA &HC6,&HCF,&HD2,&HCD,&HC1,&HD4,&HC9,&HCF,&HCE,&HDF
930 DATA &HC9,&HCE,&HD4,&HC5,&HD2,&HC3,&HC8,&HC1,&HCE,&HC7
940 DATA &HC5
So let's try reversing the shift factor on the data to obtain the flag using the following python script:
def shift_hex_values(hex_values, shift_value):
shifted_values = [(val + shift_value) & 0xFF for val in hex_values]
return shifted_values
# Given hexadecimal values
hex_values = [0xD3, 0xD4, 0xC1, 0xCE, 0xC4, 0xC1, 0xD2, 0xC4, 0xDF, 0xC3, 0xCF, 0xC4, 0xC5, 0xDF, 0xC6, 0xCF, 0xD2, 0xDF, 0xC9, 0xCE, 0xC6, 0xCF, 0xD2, 0xCD, 0xC1, 0xD4, 0xC9, 0xCF, 0xCE, 0xDF, 0xC9, 0xCE, 0xD4, 0xC5, 0xD2, 0xC3, 0xC8, 0xC1, 0xCE, 0xC7, 0xC5]
# Shift by 0x80
shifted_values = shift_hex_values(hex_values, 0x80)
# Display the original and shifted values
print("Original Hex Values:", hex_values)
print("Shifted Hex Values:", shifted_values)
# Print ASCII values
original_ascii = [chr(val) for val in hex_values]
shifted_ascii = [chr(val) for val in shifted_values]
print("Original ASCII Values:", ''.join(original_ascii))
print("Shifted ASCII Values:", ''.join(shifted_ascii))
Running this script gives us the flag.
Don't forget to add the
430 Z=S(J) XOR ASC(MID$(U$,K+PREFIX,1))
...
900 DATA 72,69,76,76,79,71,89,78,86,65,69,76
905 REM *** ENCRYPTED DATA ***
910 DATA 24,0,30,10,10,4,13,17,5,4,6,30
920 DATA 13,6,21,19,24,14,13,6,9,4,29,15
930 DATA 4,16,31,5,25,2,6,10,31,18,15,25
940 DATA 6,6,24,5,0,9,6,15,24,5,26,3
950 DATA 6,0,19,24,6,10,28,17,6,0,1,109
Knowing that the script XORs values and that we have encrypted data with a short string before it, we can assume that the short string is the key and the data is encrypted using one-time pad.
We can reverse it with this python script:
key = [72,69,76,76,79,71,89,78,86,65,69,76]
data = [24,0,30,10,10,4,13,17,5,4,6,30,13,6,21,19,24,14,13,6,9,4,29,15,4,16,31,5,25,2,6,10,31,18,15,25,6,6,24,5,0,9,6,15,24,5,26,3,6,0,19,24,6,10,28,17,6,0,1,109]
flag = ""
for i in range(len(data)):
flag += chr(data[i] ^ key[i % len(key)])
print(flag)
Running this script gives us the flag.
Don't forget to add the