Damjan Cvetko

Damjan Cvetko

Developer, System Architect, Hacker.

2 minutes read

Challenge: In the last days of preparation to test his flying capabilities, Santa’s elves flew 47 times around the earth and then another 13 times. Then Santa’s elves inserted all good children addresses and suddenly the navigation system crashed with this error message: r~yy!cbb(twz’d"++x(y!aqqt&%u{b)tw%)sv$+$tyssvrr$|zalll Is it some kind of buffer overflow? Do you have any idea how to solve this issue ?

This was not the original text, they changed it after a day of no solves. The info about 47 and 13 was missing. It just talked about some buffer overflow. Due to the format of the string I thought for a moment it had something to do with PHP extension code. When you write an extension and you convert PHP variables to C counterparts, you use the function zend_parse_parameters and can pass it “|zalll” to indicate all parameters are optional, first is a zval, second an array and then 3 longs… Anyway, that was useless…

After the hint it was obvious we were talking about some ROT operations. The site decode.fr has a lot of useful tools: https://www.dcode.fr/rot-47-cipher

https://www.dcode.fr/rot-13-cipher

These two were obvious. r~yy!cbb(twz’d"++x(y!aqqt&%u{b)tw%)sv$+$tyssvrr$|zalll

rot47: COJJP433WEHKV5QZZIWJP2YBBEUTFL3YXEHTXDGSZSEJDDGCCSMK2===

rot13: PBWWC433JRUXI5DMMVJWC2LOORHGSY3LKRUGKQTFMFRWQQTPPFZX2===

Ok, but now what? It’s not base64, ther cant be 3 trailing = signs? Hmm.. all letters are caps.. Do we have other populat baseX encodings? Oh, turns out we do. https://www.dcode.fr/base-32-encoding

Flag: xmas{LittleSaintNickTheBeachBoys}

What did I learn: Base32.

Recent posts

See more

Categories

About