PlaidCTF 2015 - Sawed (misc 20) Writeup

Hint:

What kind of mysterious message is this?!?

ddddddwwwwwwaaaaaasssssssssssssseddddddddddddddddddewwawwawwawwawwawwawwaedddssssssddddssssssssewwdwwdwwdwwdwwddssdssdssdssdsswwdwwdwwdwwdwwdwwdwwdassassassassassassassedddddddddddddddewwwwwwwwwwwwwwdssdssdssdssdssdssdsswwwwwwwwwwwwwwssssssssssssssedddddddddddewwwwwwwwwwwwweddddddddddessssssssssssssedddddddewwwwwwwwwwwwwweaaaaaaaedssdssdssdssdssdssdssewdwdwdddwddwdwwddwddwddwddewawwawawaaasasassasssasssdsssdsddsddddwdwwdwwwaaaessdddsddsddddsddddewdwdwdwdwdwdwdwawawawawawawaedddddddddddddddeddddddddaaaaaaaasssssssssssssswwwwwwwwdddddeddddddddeddddddwwwwwwaaaaaassssssssssssssedddddddddddddwwesdsddsdddwddwdwwwawwawawaawaawawwdwwdwdddsddsdsedddwwwdddesssssssssesssssess

Note: This flag does not have flag{}.

I'll be honest. I stared at this one for a while not realizing what the catch was. I did notice that the whole string was made up of the characters "sawed", and that it contains many long strings of the characters except for "e", which always appears once. But I stared at it, played around with letter frequencies, run lengths, etc... stumped, thinking that maybe I was missing a pop culture reference or something.

It wasn't until my teammate coldwaterq, who plays more video games than I do, noticed that it was WASD that it clicked. The WASD characters were movement characters, and if that's the case, the 'e' character was probably toggling the pen state of the drawing "turtle".

That realization allowed me to throw together a quick and dirty Perl script which, after tweaking for canvas size and orientation looked like:

solve.pl

 1 #!/usr/bin/perl
 2 
 3 use strict;
 4 use warnings;
 5 use diagnostics;
 6 use feature 'say';
 7 use Data::Dumper;
 8 
 9 my $src = "ddddddwwwwwwaaaaaasssssssssssssseddddddddddddddddddewwawwawwawwawwawwawwaedddssssssddddssssssssewwdwwdwwdwwdwwddssdssdssdssdsswwdwwdwwdwwdwwdwwdwwdassassassassassassassedddddddddddddddewwwwwwwwwwwwwwdssdssdssdssdssdssdsswwwwwwwwwwwwwwssssssssssssssedddddddddddewwwwwwwwwwwwweddddddddddessssssssssssssedddddddewwwwwwwwwwwwwweaaaaaaaedssdssdssdssdssdssdssewdwdwdddwddwdwwddwddwddwddewawwawawaaasasassasssasssdsssdsddsddddwdwwdwwwaaaessdddsddsddddsddddewdwdwdwdwdwdwdwawawawawawawaedddddddddddddddeddddddddaaaaaaaasssssssssssssswwwwwwwwdddddeddddddddeddddddwwwwwwaaaaaassssssssssssssedddddddddddddwwesdsddsdddwddwdwwwawwawawaawaawawwdwwdwdddsddsdsedddwwwdddesssssssssesssssess";
10 
11 my ($x, $y) = (1,20);
12 my @lines = (" "x200) x 30;
13 
14 my $pen  = 1;
15 foreach my $l (split //, $src)
16 {
17      if($l eq 'w') {
18              $y--;
19      }elsif($l eq 's') {
20              $y++;
21      }elsif($l eq 'a') {
22              $x--;
23      }elsif($l eq 'd') {
24              $x++;
25      }elsif($l eq 'e') {
26              $pen = $pen == 0;
27      }
28      substr($lines[$y], $x, 1) = 'X' if($pen);
29 
30 }
31 print Dumper(\@lines);

When run, the script outputs:

https://neg9.org/resources/media/plaidctf-2015-sawed-misc-20-writeup/solution.png

giving us the flag: PWNING>FPS!

Posted on April 23, 2015, 12:29 a.m. by tecknicaltom