HacktivityCon CTF

CTF Writeup - https://ctftime.org/event/1101

Home Other writeups of HacktivityCon CTF
2 August 2020

Bizarro

by vishalananth

This thing looks… bizarre? Can you find any secrets it may have?

Download the file below.

Solution

We check the given file with file command and find out that it is a zip file. So unzipping it with

unzip bizzaro.zip

we get a folder with a .bzr subfolder. Searching on google, we find out that it belonged to Bazar version control system. Searching for some commonly used Bazar commands we came across the log command. Trying it out we got

bzr log
.....
.....
------------------------------------------------------------
revno: 2
committer: John
branch nick: bizarre
timestamp: Sat 2020-07-18 17:27:40 -0400
message:
  N2VlZDA5MGQzNDYxMTI2NGU1MWJjMmRlNTY1MGVkMDUK
------------------------------------------------------------
revno: 1
committer: John
branch nick: bizarre
timestamp: Sat 2020-07-18 17:27:40 -0400
message:
  YzU1OGUyNDA5NGJkOTAyNTExYjQyMDYxZjEyMTdhYmYK

We see 402 commits each with a bizzare commit message. We Tried to base64 decode the messages but we got nothing, so we proceeded to check the changes in each commit. We see that, in every commit a file is addded which is then deleted in the succeeding commit. Trying to move to random older revisions using bzr revert and looking at the files, we see that they are empty. So, to confirm if all files were empty I wrote a python script to print all the revisions along with the file contents:

import os

for i in range(1,404,2):
    cmd = 'bzr diff -r' + str(i) + ' --diff-options --side-by-side'
    print(os.system(cmd))

This gave us the flag which was inside one of the files.

Flag

flag{is_bazaar_bizarre_or_is_it_just_me}
tags: Forensics