Layouts

Sherlock found a huge pile of evidence, but it was difficult for him to analyze them.

Download: sar2020_RWtm7A5f

Recon

Zipfile has a password.

$ ./zip2john sar2020_RWtm7A5f > lol
$ ./john lol --show
sar2020_RWtm7A5f/Lz68qMZU:RWtm7A5f:Lz68qMZU:sar2020_RWtm7A5f::sar2020_RWtm7A5f

Using RWtm7A5f as password:

$ unzip sar2020_RWtm7A5f  
Archive:  sar2020_RWtm7A5f
[sar2020_RWtm7A5f] Lz68qMZU password: 
  inflating: Lz68qMZU

This goes on for a while. You should automate the process of bruteforcing and unpacking, like in the Deep Dive write-up.

If you crack and unpack all 150~ of them, you'll get a XZ file called flag:

/Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4i3/BP1dADMbCEdX3CLscPFqQbwC6BLumValjtqHSjnSbqyfG29KC0rNSSqX5XChTzwqkRWbKCb6wsf4NUjxqw/Y7ulJ8XPfKY5uFTrI9MkAfLQaH4vfMANIHl4IXBQXyd859ottUYCxmd7k7580loZTPJARLoYHYiOoDgSR5KYUdHb0Hla/EtnvuwmpW8QYPZP/0bXialqbseldkSHpGBPLrRgntX62itGpsTBfOJhhTutQhHlXEMdbsvm4nGtidAIOvjRo/Ymw18uvxfWqwEIsAzfzngJKtV4Gb3wKYlTYR0GTH1zbRDfVMrN3mnqNbJPuUlpf0euEqzrydljCA0KQMI7u38T7aBcA2NkkjesQUUYPh7qszIrRmoAnlq6K3YrTsU5Y5+BnELeK5jOlWdo9XljtfI+GmKvqITifzY0ER2U05fWQsXnHuauH+C/3zmAxEImmRRDEA+XaT3UVji4w88AR/wJKGD4ShH17nbb5PgM9RHQo2P6JPq3J15Q8c2LO4aM3MwMmdZc5gLDUfqnrI9arTjisBQrIaSCQeqxxLao1YGJVGICV2ZUql59pvQ64fLE2AEvlmmZnvdT8si8mIGscfRWeMjcswKMXomoEiOCbFK7+DBi6bsrq2WP0tf7Iucb5943sWdnpN29OmQyCNbc2x5Yp8JXalo1uT5lHCMIfb3f4A4vzG9Kjt641WZRgetFZQhJF1EPlFx7iWdaSoUJmNUaPq/e8Li54fKOuVxFW+bmqCmvT3aZiiA0k6781lLjaqXH+76VoFamh4GX+iZNDkWJYRMepF50OnfnRO+aUvhXXXQGCrGh5iYvvOZfNsFelCATtZw0TLYIJED7ZDsVkCcYIAUOOt3T6fge9pq32QX6r58b12r0LxEKpD+Qb6hSjBKee7e3SGF9S6+Ni65LLDRhpeoDDK17B4VuwC5ggvFxq+YOv1Om2BvxE7OAs2oHSapvklt2NY/JPgtiB2mALga5Txf4K38nJWp0wuBvN3IImMKMrZBa/oGZCWoGVLARyQOY6DHMqjOcNiJKqoaKlv5JKbdxhywbMB2xKUON5Z8zoA3DY9MyawtxPKbZb/yP+zEh2Rk4g94f2Rl9EXC4KOhG0BY1IgeGHRfQImsmGSGu5dsfsW5ENaXsnEtNU/rPkqQAQSm3H+ZBkZsOV/7EwgU8dhTUOd225LGYfUpHjnM7J/4cytRNHfk8jqRM+UVUDBniCEeB59VQLmtxanTya6scV+vo7DeZoZI2KxQoDPK59ykOhW1447bWOSq9TMQRA6/OAzDac8Wf8Tx9/gETstg3gGGCRvCifwhwr06HAy8GNwU7z5SujQU5Gsw2pGOlPyVkqSUiazyYyv6Zfb4IOO7Hkm3eiSFMKaAgjSjWNvZLK49km3agqSyKK5RVdwICGBIT4mqZ4gHHG9InTL4zRi6UkmSZCzYkxqN2hsDfhDBj45p0gE09K1ba6yqE7/TmJi5K6lqxmM5DcpmV27gRZaJECEbq5YIpgmkzKNoYaIDJTgArJtstXJh54S9IAhi3VK4tOJJW0dwlIDjZeCZ+q14IDUKDUPmSqvJ5q77bT/ZfYzMd6SWIQnosiXRuLjSbqpa9cczp2Jx/8LI3xO9p3XYTJI6rOdJb+Zb2F0f5CwhQnQ+es4yb3Qh4+YMfGhsYdHTcciO6hM7s/E5hCfNONonAMZjv19O66bF1q1KYAAAAAAMk/0g9NL+RkAAGZCoDcCACQe58SscRn+wIAAAAABFla

base64 -d > file.xz that. It will unpack into multiple directories, but no flag.

Solution

$ for i in {1..32} ; do find flags/*/* -name $i ; done
flags/83/1
flags/89/2
flags/78/3
flags/84/4
flags/123/5
flags/122/6
flags/52/7
flags/103/8
flags/101/9
flags/51/10
flags/102/11
flags/117/12
flags/120/13
flags/52/14
flags/95/15
flags/110/16
flags/53/17
flags/112/18
flags/49/19
flags/49/20
flags/125/21

"".join([chr(i) for i in [83,89,78,84,123,122,52,103,101,51,102,117,120,52,95,110,53,112,49,49,125]])
'SYNT{z4ge3fux4_n5p11}'

$ echo "SYNT{z4ge3fux4_n5p11}" | tr "S-ZA-Rs-za-r" "F-ZA-Ef-za-e"
FLAG{m4tr3shk4_a5c11}

Flag

FLAG{m4tr3shk4_a5c11}