BCACTF [ LargeData ]

banner

Introduction

Sadly the Intro does not begin with this everytime!!
BCACTF was a fun ctf competition.
TBH, BCACTF is a pure example of how a CTF competition should not be held or if it is held, then it should end within a day.
Some of the participants were complaining about the quality of the challs on the discord server, and here is a message which explains everything…

I usually try to stay polite towards organizers because I know that making a CTF is hard. But there are some issues that need to be fixed. Most importantly, every single challenge is trivially easy. I don’t think that’s inherently terrible, although it makes the CTF less enjoyable. I think having a CTF where the goal is maxing quickly is defendable. But that means you can’t release problems midway through the competition, especially if they are just as easy. Doing that completely nullifying every previous challenge. You also need to check that your challenges work. Both three-step-program and bca-store, the challenges released today, were initially broken. By the time you fix your mistake, many people have solved the challenge. So you now reduce the entire competition to seeing how fast people can refresh and submit their solution to a fixed challenge. I think the best course of action is to get rid of the newly released challenges and to release many more future challenges.

drawing

So Obviously we didn’t spent quite a lot of time in this CTF, and our team(Dc1ph3R) finished 28th.


Challenge

Only 2-3 challenges were worth a writeup, One of them was large-data and this was my favourite among them.

Download bigdata.zip

So the Zip file contained 27 folders consisting of 100 files each.
As the flag was splitted in many files, so we had to iterate through each and every file in all of the folders.

The text in each of the files was something similar to this..

Eww, so much gibberish, We need the flag!! XD

A starting point was to check for the initials bcactf{ in the files.
And obviously look for some pattern that how is the flag encoded or hidden in those files.
The Only hint we get is that the flag is composed of 27 characters, So we can conclude that every folder has a single character of the flag in it.

To begin with, some of my unsuccessful attempts were as follows :

First Idea

Count all the no. of symbols in each file and compare that to the ascii value of “bcactf{“ but after trying this on the 3rd file I failed…

Second Idea

Concatenating all the “.” and “-“ and try to look for some valid morse code in each file.

The Successful Attempt

The Idea was to sum all of the corresponding Ascii Codes of all characters in each file and take the average. I found that all the files in the first folder always outputted the average as 98 which is the ascii code for ‘b’. Stepping through the second folder I got 99(‘c’). So to get verified I checked the third folder and to my surprise it was outputting 97(‘a’). So It ensures that the flag is dependent on the average of the ascii values of the characters in each file.

So I fired up Sublime and wrote some python code to automate it!!
Make sure to place it with the folders.

1
2
3
4
5
6
7
8
9
10
11
12
for folder in range(100):
for file in range(27):
with open(str(file)+'/'+str(folder),'r') as f:
count = 0
ascii_code=0
for line in f:
for char in line:
ascii_code += ord(char)
count += 1
avg=ascii_code/count
print(chr(avg),end='')
print()

Catch the output here

So the text outputs which starts with bcactf{ were as follows:

1
2
3
4
5
6
7
8
9
10
bcactf{crunkh1ng_nnd5_t00t}
bcactf{wsunch1ny_rusi_c00l}
bcactf{orunch1ng_tun5lc00l}
bcactf{crunch1ng_fuk5_c00l}
bcactf{ruuncu1nd_num5_y0fl}
bcactf{itunch1bg_num5_c00l}
bcactf{crunch1ng_num5fc00i}
bcactf{crunch1np_nuz5_p00y}
bcactf{vrunch1ngkcum5hc0sl}
bcactf{cronch1ngnnum5hq00l}

NOTE : This script can be modified further to only get the text beginning with “bcactf{“.

The only meaningful text which could eventually be our flag was bcactf{crunch1ng_fuk5_c00l}.

But unfortunately it was not the case, the flag came out to be

bcactf{crunch1ng_num5_c00l}

Which could easily be guessed as ‘num5’ occured the most of the times.

Conclusion

This challenge required an initial foothold in finding how the data is encoded and analysing it with some creative ideas!!
At the end large-data had approx 40 solves.
The scoreboard freezed with top 8 teams with the same score ie. 6344
Below them there were another 13 teams with the same score ie. 6104

So you can guess what a CTF it was!! XD

Coming up are some writeups from GoogleCTF!!
So Make sure to subscribe to the newsletter to learn together with me.
Also Comment your feedbacks and share this writeup with your friends.

And Keep Escalating the Priveleges Gang!!