# Polybius

### Description:

Polybius is hosting a party, and you’re invited. He gave you his number; be there o be square!

Note, this flag is not in usual flag format.

## Solution:

We get these numbers,

`413532551224514444425111431524443435454523114523114314`

These are in-fact kinda like coordinates to a square filled with letter, Polybius here is the hint!

Go to dcode.fr and then polybius square cipher!…

POLYBIUSSQUAREISNOTTHATHARD is the flag!

# Classic

### Description:

My friend told me this “was a classic”, but these letters and numbers dont make any sense to me. I didn’t know this would be a factor in our friendship!

## Solution:

``````n:77627938360345301510724699969247652387657633828943576274039402978346703944383
e:65537
c:62899945974090753231979111677615029855602721049941681356856158761811378918268
``````

Classic RSA stuff, one can easily tell! I used my own D3crypt0r. Give it a nice look :)

Ezy Pzy right?! LLS{just_another_rsa_chal} is the flag!

# Chief Executive Officer

### Description:

I found this weird file a while ago… I’ve tried to operate with it but can’t seem to get it to work. I’ve tried the whole range of possibilities!

## Solution:

I found this a bit weird but this chall had a lot less solves than even the RSA ones… Anyway, the file contained an entire junk of non-printable characters… hmm maybe just maybe we can bruteforce XOR them…!

``````f=open('chief_executive_officer','rb')

n=''
for j in data:
n+=chr(137^ord(j))

print(n)
``````

Yup that’s all you needed, I brute-forced the contents of the file with single-byte ascii characters from 1 to 256 and found that there were readable English words on the 137th character…

You get a lot of text but just grep LLS{.*} and you will have your flag!

LLS{you_are_the_ceo_of_xor} Measly meh~

# Hot Dog

### Description:

This isn’t a problem with the grill.

## Solution:

The decription doesn’t say much but opening the file gives us a lot. The size of `e` by the look of it is very close to that of `n`. So this must solved by a Weiner’s attack on RSA…

``````n:609983533322177402468580314139090006939877955334245068261469677806169434040069069770928535701086364941983428090933795745853896746458472620457491993499511798536747668197186857850887990812746855062415626715645223089415186093589721763366994454776521466115355580659841153428179997121984448771910872629371808169183
e:387825392787200906676631198961098070912332865442137539919413714790310139653713077586557654409565459752133439009280843965856789151962860193830258244424149230046832475959852771134503754778007132465468717789936602755336332984790622132641288576440161244396963980583318569320681953570111708877198371377792396775817
c:387550614803874258991642724003284418859467464692188062983793173435868573346772557240137839436544557982321847802344313679589173157662615464542092163712541321351682014606383820947825480748404154232812314611063946877021201178164920650694457922409859337200682155636299936841054496931525597635432090165889554207685
``````

Once again using my tool D3crypt0r… it has quite a bunch of crypto-related stuff!

LLS{looks_like_weiners_on_the_barbecue} is the dish!

# Old Monitor

### Description:

I have this old CRT monitor that I use for my desktop computer. It crashed on me and spit out all these weird numbers…

# Solution:

A image file with huge no.s on them… first we need to extract those… Now we may do this by hand which will involve lots of errors or do the techy way!

First scale up the file so that the pixels are better readable…

`convert old_monitor.png -scale 300% pc.png`

Then let’s use the Tesseract no not the one with the time-stone… It’s a Linux tool… Install it in Kali using sudo apt-get install tesseract-orc!

Now let’s extract the data…

`tesseract pc.png chinese`

As you can see…,

It did quite well apart from one or two characters which we can do manually… Now the important it seems like we have to perform a Hastad-Broadcast attack or use the Chinese Remainder theorem to solve this!

``````from sympy import mod_inverse
import binascii

def root3rd(x):
y, y1 = None, 2
while y!=y1:
y = y1
y3 = y**3
d = (2*y3+x)
y1 = (y*(y3+2*x)+d//2)//d
return y

N=n1*n2*n3
N1=n2*n3
N2=n3*n1
N3=n1*n2

#print(N1,N2,N3)

b1=mod_inverse(N1,n1)
b2=mod_inverse(N2,n2)
b3=mod_inverse(N3,n3)

#print(b1,b2,b3)

t1=c1*N1*b1
t2=c2*N2*b2
t3=c3*N3*b3

C=(t1+t2+t3)%N

M=root3rd(C)
m=binascii.unhexlify(hex(M)[2:].rstrip('L'))
return m

n1=REDACTED
n2=REDACTED
n3=REDACTED
c1=REDACTED
c2=REDACTED
c3=REDACTED

``````

I used this code… pretty long right… you will soon find it in my D3crypt0r too!

LLS{the_chinese_remainder_theorem_is_so_cool} is the sweet flag!

# CALC-UL8R

### Description:

Texas Instruments latest new product: you! Connect with: `nc jh2i.com 50003`

## Solution:

This is pretty simple is you are asked to do say ten such problems by hand but its not ten, probably a hundred or so. We are given simple one-variate maths equation and we have to return the value of the variable. At first I thought of getting the variables and constants and then operating some-how but that would be too much of a hassle. Then I remembered about the Python Module `Sympy`. It’s the best for solving equation which are written in human-readable format.

``````rom sympy.solvers import solve
from sympy import Symbol,sympify
from pwn import *
import re
import time

s=remote('jh2i.com',50003)
data=s.recvuntil('\n\n')
while True:
time.sleep(1)
data=s.recv()
print(data)
if 'LLS' in data:
break
data=data.split(' ')
data=data[:-2]
data[-1]=data[-1][:-2]
eq=''.join(data)
sym_eq=sympify("Eq("+eq.replace("=",",")+")")
val=solve(sym_eq)[0]
print(val)
s.sendline(str(val))
``````

That’s the script I used… It takes the equation and sends the result.

LLS{sympy_to_solve_equations} also nods to using Sympy

# Gammer

### Description:

It’s only one letter away! Connect with: `nc jh2i.com 50012`

## Solution:

This netcat server checks for each pos of the input flag… if that position has the correct letter the its returns Correct else Wrong… so we just need to build up the flag from the ground up!

``````from pwn import *
import re
import time
printable='LS}_{abcdefghijLklmnopqrstuvwxyzABCDEFGHIJKMNOPQRSTUVWXYZ0123456789'

flag='LLS{'

while 1:
for i in printable:
s=remote('jh2i.com',50012)
s.recv()
s.sendline(flag+str(i))
#time.sleep(5)
data=s.recvuntil('it!')
#print(i,data)
if 'WRONG' not in data:
flag+=i
print(flag)
break
else:
print('0')
``````

For some reason, my script was detecting the Wrong return messsage on the same connection, so I had to reset the connection everytime and start a new one…

It took some time but we finally we get the flag LLS{bruteforce_with_a_hammer}

### Description:

The latest and greatest encryption scheme, “two-time pad” is twice as secure as one time pads. Check it out!

## Solution:

This challenge gives us two .png files to work with. They both contain a jibberish mix of pixels… so they first thing that comes to mind is X-ORing them. Now, I know this is a scripting challenges but sometimes other tools are already there. Use stegsolve here…!

LLS{dont_reuse_your_keys} is the flag!

# Pincode

### Description:

This service needs a 4 digit pincode to authenticate… can you help me figure it out!?? Connect with: `nc jh2i.com 50031`

## Solution:

Now this was albiet, quite a easy challenge which took me an unfathomable amount of time. The server needed a 4-digit pass code, which when would give us the flag! Now at first I thought about a no. from the range 1000-9999, normal right?! But even after iterating through it, I couldn’t get the flag. Then something clicked and it tried from 0000-0999 and ho and behold it was just 0037 :C

``````from pwn import *
i=9999
while i>=0:
s=remote('jh2i.com',50031)
print(s.recv())
e=str(i).zfill(4)
s.sendline(e)
a=s.recv()
print(e,a)
if 'LLS' in a:
break

i-=1
``````

LLS{for_i_in_0000_to_9999} is the shitty result!

# Quick Run

### Description:

You gotta go fast!

## Solution:

The challenge gives us a zip file which has many QR-codes… now we can to it the oldfashioned way or use zbarimg

I unzipped the file, removed it and used… `zbarimg * -q`

We get a bunch of ascii codes, convert them to characters and we get the flag.

LLS{zbarimg_makes_qrcodes_easy}

# 2048

cGx6aGVscG1l

## Solution:

This chall gives us a text file which contains base64 encoded text decoding it once doesn’t help so there must be multiple layers of base64 encodings

``````import base64

f=open('2048','r')
f.close()
for i in range(100):
try:
data=base64.b64decode(data)
except:
print(data)
break
``````

Quickly put up this scipt… LCSC{i_hope_you_didnt_use_asciitohex.com} is the flag~

# Whitepages

### Description:

I stopped using yellow pages and moved onto white-pages… but the book they gave me is all blank.

## Solution:

Oh, Nostalgia is hard! This is the exact same problem and probably the same title and description used for one problem in PicoCTF 19… basically the text file uses two types of blank_space characters in it. So we take either as 0 or 1 and we should get the answer, after converting the binary to decimal

``````from pwn import *
f=open('white.txt','rb')
data  = data.replace('e28083'.decode('hex'), '0').replace(' ', '1')
print(unbits(data))
``````

See, its that simple… LLS{whitespace_steganography_in_the_empty_space} is the flag!

# Stegosaurus

### Description:

Scientists are struggling with a new mystery: we thought the dinosaurs were gone, but this one has returned! Hmm… can you solve this mystery?

## Solution:

Simple `stegsolve` problem that’s it!

LLS{you_stegsolved_the_mystery}

# Winter Wonderland

### Description:

It’s the holiday season! But hmm… they must be hiding something under all that cheer!

## Solution:

A bit misleading… at first I thought of rockstar but then after opening the file in sublime text… I saw all the trailing whitespaces and tabspaces… this could mean only stegsnow was used!

Just use `stegsnow winter_wonderland.txt` and we were done!

LLS{let_it_snow_baby_let_it_reindeer}