writeups

Christmas Challenge 2017 - Write-up

noraj (Alexandre ZANNI)
, , ,
🇬🇧

Information#

Version#

By Version Comment
noraj 1.0 Creation

CTF#

  • Name : Christmas Challenge 2017
  • Website : shellterlabs.com
  • Type : Online
  • Format : Jeopardy

500 - Can't Read - Coding#

Read the flag!

We have a text file containing several lines of number tuples.

For example, here are the two first lines of the file:

1
2
(242, 246, 255) (240, 245, 255) (250, 255, 255) (251, 255, 253) (245, 247, 242) (246, 248, 245) (254, 251, 255) (250, 246, 255) (254, 246, 255) (254, 247, 255) (255, 250, 244) (255, 252, 240) (255, 252, 241) (255, 252, 247) (255, 249, 255) (255, 251, 255) (255, 254, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (255, 255, 255) (254, 255, 251) (248, 255, 239) (244, 251, 233) (255, 255, 248) (244, 243, 239) (254, 248, 250) (255, 253, 255) (242, 240, 243) (255, 255, 255)
(249, 254, 255) (240, 246, 255) (249, 255, 253) (252, 255, 248) (247, 250, 239) (247, 250, 243) (255, 254, 255) (255, 253, 255) (252, 246, 255) (252, 247, 251) (254, 250, 241) (255, 252, 237) (255, 252, 238) (255, 251, 243) (255, 249, 255) (255, 250, 255) (251, 249, 250) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (250, 250, 248) (249, 252, 245) (252, 255, 244) (251, 255, 243) (250, 251, 243) (247, 246, 242) (255, 253, 255) (255, 253, 255) (245, 243, 246) (255, 255, 255)

That's cleary some RGB pixels, so let's write a Ruby script using the chuncky_png gem to write an image.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
require 'chunky_png'

# Creating an image from scratch, save as an interlaced PNG
png = ChunkyPNG::Image.new(424, 307, ChunkyPNG::Color::TRANSPARENT)

File.open('image.txt', 'r') do |file|
    file.each_with_index do |line, x|
        # parse each pixel
        pixels = line.scan(/\(([0-9]{1,3}), ([0-9]{1,3}), ([0-9]{1,3})\)/)
        pixels.each_with_index do |pixel, y|
            #puts "x: #{x}, y: #{y}"
            #puts "r: #{pixel[0]}, g: #{pixel[1]}, b: #{pixel[2]}"
            png[y,x] = ChunkyPNG::Color.rgb(pixel[0].to_i, pixel[1].to_i, pixel[2].to_i)
        end
    end
end

png.save('filename.png', :interlace => true)

Display the image and get the flag: shellter{im4g34rr4y}.

Share