ASIS Finals 2014 – XOROR (PPC 150)

October 13, 2014

Description

Connect here and find the flag:
nc asis-ctf.ir 12431

 

Connecting to the given address, we are greeted by some ASCII art and a prompt to send “START” back to the server.

Screenshot from XORQR

Converting the “+” and “-” characters from the server to black and white pixels, you can recover something that looks like a QR code, however it seems damaged.
Remembering the name of the challenge or the ASCII art or by just analyzing the image, you can easily see that the QR code is in fact not damaged but rather some rows are simply flipped (xored).

A (converted) sample QR code looks like this:

orig1-scaled

Given that information, the challange is as follows:
Connect to the server, send “START”, quickly (there is a time limit of ~5 seconds for each round) convert the given “+” and “-” characters to a QR code, flip the correct rows, decode the QR code and send the content of the QR code back to the server (repeat x times).

So the next step is to figure out which rows are flipped/xored. When I first started, I thought this would be the main problem. Looking at the structure of QR codes it turns out this part will be quite easy:

QR-interesting

Considering this, we can easily recover the xored rows. If you don’t quite understand the image: there is a so-called “timing pattern” in every QR code which is a fixed pattern of black and white pixels, no matter the size or the content of the QR code. The big black squares at the top and bottom left of are also always there. We can exploit those properties to reliably recover the original QR code.

 

Decoding the QR code is the last step and I chose the easy way. I saved the code as an image and submitted it to an online QR solver, parsed the result and got my answer.
After sucessfully decoding 14 QR codes, we get the flag (in the beginning there were 15 rounds but the QR code from round 15 was not decodable, ASIS later removed round 15):
sample output and flag

flag: ASIS_68d47fab03368ff94025a4f4a1dabf0f

And here the code for my solver: XORQR_final

Leave a Reply