picoCTF 2021 keygenme-py Writeup

keygenme-py is a Reverse Engineering puzle worth 30 points.

The puzzle does not come with a description, but provides source code for a small game written in Python named keygenme-trial.py.

This game is far from complete and is only 243 lines of Python. Reading the source, it is clear that the check_key function is the key to obtaining the flag. This code is taking positional values from the SHA256 hex digest of the username this software was licensed to.

def check_key(key, username_trial):

    global key_full_template_trial

    if len(key) != len(key_full_template_trial):
        return False
    else:
        # Check static base key part --v
        i = 0
        for c in key_part_static1_trial:
            if key[i] != c:
                return False

            i += 1

        # TODO : test performance on toolbox container
        # Check dynamic part --v
        if key[i] != hashlib.sha256(username_trial).hexdigest()[4]:
            return False
        else:
            i += 1

        if key[i] != hashlib.sha256(username_trial).hexdigest()[5]:
            return False
        else:
            i += 1

        if key[i] != hashlib.sha256(username_trial).hexdigest()[3]:
            return False
        else:
            i += 1

        if key[i] != hashlib.sha256(username_trial).hexdigest()[6]:
            return False
        else:
            i += 1

        if key[i] != hashlib.sha256(username_trial).hexdigest()[2]:
            return False
        else:
            i += 1

        if key[i] != hashlib.sha256(username_trial).hexdigest()[7]:
            return False
        else:
            i += 1

        if key[i] != hashlib.sha256(username_trial).hexdigest()[1]:
            return False
        else:
            i += 1

        if key[i] != hashlib.sha256(username_trial).hexdigest()[8]:
            return False



        return True

At the top of the source code, it has the expected template for the key, which is in picoCTF{} flag format. Writing a key generator for this software was straightforward:

#!/usr/bin/env python3

import hashlib

username = b"YOUR_USERNAME_HERE"
key_prefix = "picoCTF{1n_7h3_|<3y_of_"

user_hash = hashlib.sha256(username).hexdigest()

key_prefix += user_hash[4]
key_prefix += user_hash[5]
key_prefix += user_hash[3]
key_prefix += user_hash[6]
key_prefix += user_hash[2]
key_prefix += user_hash[7]
key_prefix += user_hash[1]
key_prefix += user_hash[8]
key_prefix += "}"

print(key_prefix)

Running this key generator yielded the correct flag.

One thought on “picoCTF 2021 keygenme-py Writeup

  1. Pingback: picoCTF Writeups – DMFR SECURITY

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s