ones_and_zer0es (50 points)

eps1.1_ones-and-zer0es_c4368e65e1883044f3917485ec928173.mpeg

 

This was a warm-up "challenge". I'm including it as a writeup primarily because I have never posted previously about how to binary translate things like this. The file you download ends in .mpeg, but it's not an mpeg. In fact, the first thing I do with any challenge is to run the Linux "file" command on it.

 

$ file eps1.1_ones-and-zer0es_c4368e65e1883044f3917485ec928173.mpeg 
eps1.1_ones-and-zer0es_c4368e65e1883044f3917485ec928173.mpeg: ASCII text, with very long lines

 

I find it a little silly that they're trying to mislead people that way, but it's certainly fair game for a CTF and anyone playing should know better (or learn quickly). In any case, if you cat the file you see a binary string:

 

$ cat eps1.1_ones-and-zer0es_c4368e65e1883044f3917485ec928173.mpeg 
01100110011011000110000101110100011110110101000001100101011011110111000001101100011001010010000001100001011011000111011101100001011110010111001100100000011011010110000101101011011001010010000001110100011010000110010100100000011000100110010101110011011101000010000001100101011110000111000001101100011011110110100101110100011100110010111001111101001000000100100100100111011101100110010100100000011011100110010101110110011001010111001000100000011001100110111101110101011011100110010000100000011010010111010000100000011010000110000101110010011001000010000001110100011011110010000001101000011000010110001101101011001000000110110101101111011100110111010000100000011100000110010101101111011100000110110001100101001011100010000001001001011001100010000001111001011011110111010100100000011011000110100101110011011101000110010101101110001000000111010001101111001000000111010001101000011001010110110100101100001000000111011101100001011101000110001101101000001000000111010001101000011001010110110100101100001000000111010001101000011001010110100101110010001000000111011001110101011011000110111001100101011100100110000101100010011010010110110001101001011101000110100101100101011100110010000001100001011100100110010100100000011011000110100101101011011001010010000001100001001000000110111001100101011011110110111000100000011100110110100101100111011011100010000001110011011000110111001001100101011101110110010101100100001000000110100101101110011101000110111100100000011101000110100001100101011010010111001000100000011010000110010101100001011001000111001100101110

 

The obvious thing to do first is to see what it translates into. We'll use python (as usual), and first translate it into a large integer. Then change it to hex, which will be the stepping stone into decoding it as text. Note, this challenge could have been made more difficult by changing the encoding. We will use a python module called "binascii" to change the string hex into ASCII.

 

In [1]: from binascii import unhexlify
In [2]: i = open("eps1.1_ones-and-zer0es_c4368e65e1883044f3917485ec928173.mpeg","r").read()
In [3]: unhexlify(hex(int(i,2))[2:])
Out[3]: b"flat{People always make the best exploits.} I've never found it hard to hack most people. If you listen to them, watch them, their vulnerabilities are like a neon sign screwed into their heads."

 

Yeah, they had a typo in the flag. It's actually supposed to be "flag{" in the beginning. From the top down: import binascii, read the string into a variable, translate that string into an integer (explicitly telling python it's binary), convert the integer into hex and strip off the "0x" (this could be done a couple ways, I just chose to use the hex function call), then run unhexlify against it to convert the string hex representation into it's corresponding ASCII.

 

Flag: flag{People always make the best exploits.}