YACST2 writeup: parsing an audiocaptcha with imagemagick

Here is the task:

Captcha is a modern simple Turing test for everyday use, for human it's simple, but for bot or a simple neural network captcha can become a hard nut to crack.

You can try to solve it with your AI too, but it definitely can be solved with several lines of code, isn’t it?

Fdroid to Google Play proxy

If you do not want to use gapps on your device, but still need some proprietary apps frequently updated, there is a solution. You can set up a script that will fetch apps that you need and store them in a F-Droid repository.

I’ve set up a repository with some stuff here, but only for testing purpose.

Steps to reproduce (and sample commands):

salt writeup

We have a task:

We managed to capture the following traffic from a user who retrieved a note from that new secure notebook service:                                                         
request: b'\xa0f?u\xfb;AZf\xfc@{M!\xcdP\x92\xf6\x0f\xea\x1d\xad@\xc5\x8c\xd0R\xd8\xfdX81\x01d\xc8\x9b\xc4\xfd\x04\x9b\x843a\x940U\xc4\x7fa\x11W\xa9uf\xa9\xf4%w;`s[\xad\xa8V\x90\xe0w,\xb6<\xbd\xb1\xcbh=\x0b\x80\xba\xd8\x9bM\x17\xc6\x1f\x83<G\xcfV\x93\x00E\xe97\xcc\x9a.\xa1\xe6\x13\x11\xe9<\xae'

response: b"e\xc8\x9b\xc4\xfd\x04\x9b\x843a\x940U\xc4\x7fa\x11W\xa9uf\xa9\xf4%\r6C\x8d\xe1Z\x95\xb1^\x92\xddF\xa7\xbb\x86\x19\xbaCW\xde\x9bo\xd3Z\x8d\x85kx\x81a\xb0\x0b\xc9\x14'L\xc6i\xc4V\x86=\xba\x11~\xcc\x9bw#i\xc7\xb2\xc0Z\x9d\x1d\xb3\x96\\\xf9\xffG\x8a\xa2"

That crypto is pretty much invincible - after all, they're using NaCl - but maybe you can figure out some crazy attack anyway? I count on you!!!

You need to install the "pynacl" python module for python 3 to make this work.

connect to school.fluxfingers.net:1512

You can download sources here.