← Retour à la liste des WriteUps

Crypto C'est carré dans l'axe 100

Avatar de indyteo

indyteo

Le message est reçu dans un fichier fourni avec le challenge : MessageTopSecret.txt.

13a45a52a a13a14a35a15a45a31a34aaa15a52a45a52a a52a14a31a34a a43a14a12a12a45a a44a45a52a a25a14a12aaa35a44a52a,
a45a13a13a45a52a a14a31a34a a34a14a23a34a45a52a a44a45a52a a35a23a32aaa31a52a a35a14a23a33a45a52a a45a34a a31a14a15a35a52a.
a13a45a52a a33aaa35a52a a44a45a a13aa a41a13a14a34a34a45a a42a14a23a44a35aaa15a45a31a34a a32a15a45a31a a13a45a52a a42a14a15a35a,
a11a14a23a35a a13a45a52a a45a12a32a35aaa52a52a45a35a a52a23a35a a13aa a32a14a23a43a25a45a a13a45a a52a14a15a35a.

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 2, (a53a2)
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 3, (a53a2)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 4, (a53a2)
a24a'a a43aaa34a25a45a35a15a31a45a a44a45a a35a23a52a52a15a45a (a52aaa13a14a11a45a)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 5, (a53a2)
a24a'a a52aaa15a31a34a a11aéa34a45a35a52a32a14a23a35a33a
a24a'a a43aaa34a25a45a35a15a31a45a a44a45a a35a23a52a52a15a45a (a52aaa13a14a11a45a)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 6, (a53a2)
a24a'a a52a24a52a34aèa12a45a a12aéa34a35a15a55a23a45a
a24a'a a52aaa15a31a34a a11aéa34a45a35a52a32a14a23a35a33a
a24a'a a43aaa34a25a45a35a15a31a45a a44a45a a35a23a52a52a15a45a (a52aaa13a14a11a45a)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 7, (a53a2)
a24a'a a43a'a45a52a34a éa11aaa34aaa31a34a
a24a'a a52a24a52a34aèa12a45a a12aéa34a35a15a55a23a45a
a24a'a a52aaa15a31a34a a11aéa34a45a35a52a32a14a23a35a33a
a24a'a a43aaa34a25a45a35a15a31a45a a44a45a a35a23a52a52a15a45a (a52aaa13a14a11a45a)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 8, (a53a2)
a24a'a a25a23aîa34a35a45a aa23a a42a15a31a a32a13aaa31a43a
a24a'a a43a'a45a52a34a éa11aaa34aaa31a34a
a24a'a a52a24a52a34aèa12a45a a12aéa34a35a15a55a23a45a
a24a'a a52aaa15a31a34a a11aéa34a45a35a52a32a14a23a35a33a
a24a'a a43aaa34a25a45a35a15a31a45a a44a45a a35a23a52a52a15a45a (a52aaa13a14a11a45a)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 9, (a53a2)
a24a'a a14a45a23a41a à a13aa a43a14a55a23a45a
a24a'a a25a23aîa34a35a45a aa23a a42a15a31a a32a13aaa31a43a
a24a'a a43a'a45a52a34a éa11aaa34aaa31a34a
a24a'a a52a24a52a34aèa12a45a a12aéa34a35a15a55a23a45a
a24a'a a52aaa15a31a34a a11aéa34a45a35a52a32a14a23a35a33a
a24a'a a43aaa34a25a45a35a15a31a45a a44a45a a35a23a52a52a15a45a (a52aaa13a14a11a45a)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 10, (a53a2)
a24a'a a44a15a52a52a24a12aéa34a35a15a55a23a45a
a24a'a a25a23aîa34a35a45a aa23a a42a15a31a a32a13aaa31a43a
a24a'a a43a'a45a52a34a éa11aaa34aaa31a34a
a24a'a a52a24a52a34aèa12a45a a12aéa34a35a15a55a23a45a
a24a'a a52aaa15a31a34a a11aéa34a45a35a52a32a14a23a35a33a
a24a'a a43aaa34a25a45a35a15a31a45a a44a45a a35a23a52a52a15a45a (a52aaa13a14a11a45a)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a 11, (a53a2)
a24a'a a14a31a a52a45a a41aaa15a34a a43a25a15a45a35a
a24a'a a44a15a52a52a24a12aéa34a35a15a55a23a45a
a24a'a a25a23aîa34a35a45a aa23a a42a15a31a a32a13aaa31a43a
a24a'a a43a'a45a52a34a éa11aaa34aaa31a34a
a24a'a a52a24a52a34aèa12a45a a12aéa34a35a15a55a23a45a
a24a'a a52aaa15a31a34a a11aéa34a45a35a52a32a14a23a35a33a
a24a'a a43aaa34a25a45a35a15a31a45a a44a45a a35a23a52a52a15a45a (a52aaa13a14a11a45a)
a24a'a a34a35a14a15a45a a45a31a a43a25aaa12a11aaa33a31a45a
a24a'a 2 a34a45a52a34aaa12a45a31a34a52a
*a13a45a52a55a23a45a13a52a ?*
a13a'aa31a43a15a45a31a a45a34a a13a45a a31a14a23a42a45aaa23a

[a35a45a41a35aaa15a31a]

a43a34a41a15a23a34a{a52a45a_a35a45a34a14a23a35a31a45a35a_a13a45a_a43a25aaa11a15a34a45aaa23a_a_a13aa_a32a14a23a52a52a14a13a45a_a24a_a_a55a23a45a_a43aa_a44a45a_a42a35aaa15a}
Télécharger le fichier

Après une rapide analyse de ce dernier, on retrouve des parties répétées : [a35a45a41a35aaa15a31a], a44a45a42a15a31a45a51a a43a45a a55a23a15a a a45a31a <N>, (a53a2) (légère variation sur le <N>), *a13a45a52a55a23a45a13a52a ?* et ce qui semble être le flag : a43a34a41a15a23a34a{a52a45a_a35a45a34a14a23a35a31a45a35a_a13a45a_a43a25aaa11a15a34a45aaa23a_a_a13aa_a32a14a23a52a52a14a13a45a_a24a_a_a55a23a45a_a43aa_a44a45a_a42a35aaa15a}.

Ma première supposition a été que les a séparaient les caractères, encodés avec des nombres. J'ai alors sauté sur ma console NodeJS pour expérimenter cette théorie.

const input = fs.readFileSync("MessageTopSecret.txt", {encoding: "utf8"})
input.replace(/a/g, "").replace(/[1-9]{2}/g, c => String.fromCharCode(c))

Chargement du fichier d'entrée, suppression des "a", puis remplacement des charactères encodés par leur équivalent ASCII. Malheureusement, l'output ne donne rien de concluant :

Échec du décryptage du fichier

Seconde tentative, avec cette fois ci des correspondances à partir des lettres du flag :

const chars = {}
chars["43"] = "C"
chars["34"] = "T"
chars["41"] = "F"
chars["15"] = "I"
chars["23"] = "U"
input.replace(/a/g, "").replace(/[1-9]{2}/g, c => chars[c] || "_")

Résultat intéressant, mais il n'y a aucun "a", alors que certains mots semblent se former et devraient en avoir. Une idée arrive alors : une suite de trois "a" serait un vrai "a" dans le message. Mise en place immédiate :

input.replace(/aaa/g, "A").replace(/[1-9]{2}|a/g, c => chars[c] || (c === "a" ? "" : "_"))

Avec quelques mots, on trouve rapidement de nouvelles associations de lettres, qui nous font apparaître "REFRAIN", et ainsi comprendre qu'il s'agit des paroles d'une chanson. Après une rapide recherche Internet, on trouve les paroles : Les Lorientaises. Finalement, le résultat s'écrit petit à petit, à mesure des correspondances établies.

Avancée du décryptage

Enfin, le flag est totalement lisible, entièrement en minuscule comme indiqué dans la consigne du challenge : CTFIUT{se_retourner_le_chapiteau_a_la_boussole_y_a_que_ca_de_vrai}

← Retour à la liste des WriteUps