PoC for tkbctf3 bin500
I'm the author of tkbctf3 bin500. Here is a PoC and files :)
output:
% ../poc.py 0 [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000428 [*] cards: [b'C7', b'C7', b'CX', b'CX', b'CX', b'CX'] [*] decoded flag: bytearray(b' ####') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000478 [*] cards: [] [*] decoded flag: bytearray(b'') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000430 [*] cards: [b'C7', b'C7', b'CX', b'CX', b'CX', b'CX'] [*] decoded flag: bytearray(b' ####') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000458 [*] cards: [b'he 1st card to open\r\n', b'rdinate of the 1st card to open\r\n', b'**', b'the coordinate of the 2nd card to open\r\n', b'HJ', b'e of the 1st card to open\r\n'] [*] decoded flag: bytearray(b'PL4Y1N') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000490 [*] cards: [] [*] decoded flag: bytearray(b'') % ../poc.py 6 [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000498 [*] cards: [] [*] decoded flag: bytearray(b'') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000458 [*] cards: [b'CX', b'CX', b'C7', b'C7', b'CX', b'CX'] [*] decoded flag: bytearray(b'## ##') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000488 [*] cards: [] [*] decoded flag: bytearray(b'') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000488 [*] cards: [b'CX', b'CX', b'C7', b'C7', b'CX', b'CX'] [*] decoded flag: bytearray(b'## ##') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000480 [*] cards: [b'\r\n', b'the 2nd card to open\r\n', b'Input the coordinate of the 2nd card to open\r\n', b'HJ', b' like concentration game?\r\n', b'np ut the coordinate of the 1st card to open\r\n'] [*] decoded flag: bytearray(b'G_W17H') [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000410 [*] cards: [] [*] decoded flag: bytearray(b'') % ../poc.py 12 [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000478 [*] cards: [b'the 2nd card to open\r\n', b'nput the coordinate of the 1st card to open\r\n', b'HK', b'HK', b'HK', b'HK'] [*] decoded flag: bytearray(b'_H3333') [*] answering to 5 questions to load flag into heap... [*] position of flag: 000003e8 [*] cards: [] [*] decoded flag: bytearray(b'') % ../poc.py 18 [*] answering to 5 questions to load flag into heap... [*] position of flag: 00000468 [*] cards: [b'HK', b'**', b'he 1st card to open\r\n', b'SJ', b'S1', b'S1'] [*] decoded flag: bytearray(b'34P\n\x00\x00') [*] answering to 5 questions to load flag into heap... [*] position of flag: 000003d8 [*] cards: [] [*] decoded flag: bytearray(b'')
flag:
What is the flag? PL4Y1NG_W17H_H333334P