treasure, DownUnder CTF 2021, Wrietup

Passing check 1

So we have to modify our share value before entering it. How exactly we will modify it? Well, when we enter it first time, we need it to be some value so that passing it with other shares to run_combiner() will eventually return us the value with which we could calculate the secret. Why is that? Just because we will need REAL_COORDS value and the only time we can get some information from server is after we enter our share the first time. When we enter our share the second time we need run_combiner() to return FAKE_COORDS and after that we will have to input REAL_COORDS.

Passing check 2 and check 3

Cool, now we can calculate the secret value. But we also have to enter our share the second time. This time we need to modify this value so that run_combiner() returns FAKE_COORDS. This will get us through checks 2 and 3 ( is_coords() will return true and secret_coords will be equal to FAKE_COORDS).

Getting it all together

Now that we are done with the math, we can write the auxiliary script to solve the challenge. We could fully automate it, but there is no need. So, what our script will do:

  1. Receive our original share, given by the server (we input that)
  2. Calculate and print fakeShare1 (we take that share and give it to server as first input)
  3. Take reveal value given by the server
  4. Calculate and print secret (this we will use in the end when server asks for real coordinates)
  5. Calculate and print fakeShare2 (this we will give to server when it asks for second input).



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store