Nothing But Everything (20 points/ 110 solves)
My computer got infected with ransomware and now none of my documents are accessible anymore! If you help me out, I’ll reward you a flag!
This problem was easy yet pretty fun. Of course the ‘ransomware’ dindn’t provide any security at all, but it would still be a fun farce to play on a friend.
Finding out the encryption:
There are a few clues that reveal the encryption mechanism:
- Both the names and the contents were encrypted.
- There is no Private Key?Public Key pair involved, so the encryption system is simple and most probably deterministic and easily reversible.
- The file names/ directory names and contents of the files are all numbers (very long numbers).
- The file and directory names varied quite a bit in length.
This lead me to think that the everything was transformed somehow byte by byte.
I then tought that the process was similar to how text messages usually are transformed to integers during RSA encryption so I tried that with the main directory’s name.
>>> x=''.join([chr(int(x[i:i+2],16)) for i in range(0,len(x),2)])
>>> print x
Now we know the encryption mechanism so we just need to write some clever script that decrypts everything.
Decrypting the files:
I chose python’s os module, and a DFS algorithm to decrypt the files, I put the extracted archive in a folder named
Encrypted which is in the same directory as the script, the output is the folder named
Since the code is self explanatory, I won’t explain it any further:
import os def Join(path,directory): return path+'/'+directory #decrypt a string def dec_str(filename): f=hex(int(filename)).strip('L')[2:] return ''.join(chr(y) for y in [int(f[i:i+2],16) for i in range(0,len(f),2)]) #decrypt a file's contents and name def dec_file(filename): if(filename=='HAHAHA.txt'): return decfilename=dec_str(filename) os.rename(filename,decfilename) f=open(decfilename,'r') content=f.read() f.close() deccontent=dec_str(content) open(decfilename,'w').write(deccontent) #decrypt the name of a file and rename it def dec_filename(filename): decfilename=dec_str(filename) os.rename(filename,decfilename) #DFS for decrypting everyting in a directory def DFS(path): father=os.getcwd() os.chdir(path) l=os.listdir(os.getcwd()) for name in l: if os.path.isdir(Join(path,name)): dec_filename(name) DFS(Join(path,dec_str(name))) else: dec_file(name) os.chdir(father) for y in os.listdir(os.getcwd()): if(os.path.isdir(Join(os.getcwd(),y))): DFS(Join(os.getcwd(),y)) os.rename(y,'Decrypted')
Finding the flag:
This part was very easy, I simply opened every file (mostly out of curiosity) until I found the flag. It was in
here (2).xlsx, as the name of the sheet: