I've decided to take detailed notes during CTF's and then just publish these messy notes. If people find this useful and it proves to be more than just a brain dump for me. Let me know, leave a comment, share it or something I don't know.
: WRITEUP :
The first thing I did was give it increasing number of nulls to see what would happen
#!/usr/bin/python
import base64
from pwn import *
# find the length of the block
context.log_level = 30
def send_msg(msg):
conn = remote("l33tcrypt.vuln.icec.tf", 6001)
conn.sendline(base64.b64encode(msg))
conn.recvuntil('\n')
conn.recvuntil('\n')
conn.recvuntil('\n')
data = conn.recvuntil('\n')
return base64.b64decode(data).encode('hex')
plaintext = "l33tserver please"
for x in range(29,100):
print "Length: {0}, Nulls: {1}".format(x+ len(plaintext), x)
print send_msg(plaintext + '\x00'*x)
(See the bottom of this blog for the output of this script, it's the massive blob of long lines)
# Length: 48, Nulls: 31 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e4121eeb2df9070dcfc8041744885dc16e1ee341ff8bc4f4f98cc57bcba342e2abb20430435b3c850611d77e503158b8b5df2095333941a65f2cd00810ce4902e
from this I can see that it's ecb mode with 16 bytes and that all nulls coresponds to:
c6db5708e552a95dc626d83c633e2c4e
which happends after 31 nulls are added
To solve this challenge, I'm going to pad out untill I get to the first block that I controll totally (padding of 15 nulls)
then I'm going to give it 15 nulls and it'll add the flag to after my nulls
this will give me a block of 15 nulls + the first byte of the flag
Now all I need to do is send it 15 nulls and bruteforce the last byte untill I get a matching block
start = "l33tserver please"
padding = '\x00'*15
nulls = '\x00'*15
request = start + padding + nulls
response = send_msg(request)
blocks = chunks(response,16*2) # 16 block size, *2 because hex representation
goal_block = blocks[2]
print "Need to get this block " + goal_block
Need to get this block 0b82e0db38fd6d6f400e0e28b2e696b7
Cool, now to brute force
adding a bit of abstraction to make things easier
def get_encoding(msg):
start = "l33tserver please"
padding = '\x00'*15
request = start + padding + msg
response = send_msg(request)
blocks = chunks(response,16*2) # 16 block size, *2 because hex representation
my_block = blocks[2]
return my_block
goal_block = get_encoding('\x00'*15)
print "Need to get this block " + goal_block
for x in range(0xff + 1):
print "x:{0}, enc:{1}".format(x, get_encoding('\x00'*15 + chr(x)))
x:0, enc:c6db5708e552a95dc626d83c633e2c4e
x:1, enc:4dacc29c56aa4e1f117618dcbd88189f
x:2, enc:cdc8706631ad9df71047e0b87445dbd4
x:3, enc:7c9ce0c17be2bfb0e89f0d42ef52ec9e
x:4, enc:4e31328ad19d16972fb482b409bb6ef8
x:5, enc:697abb5cb63a810c2caf4008beff5392
x:6, enc:d4ce7ab3f4b96d8e26deee5a6ffe769c
x:7, enc:9730ab1ce0297b9666f4ce77801327eb
... SNIP ...
x:63, enc:331ab76a634f7e888b0ce07d80494a33
x:64, enc:4e0c981ecdf44b6f74c06741dabeb0c2
x:65, enc:abc19b296094a0ca42551ff1188df728
x:66, enc:b13c8819ff966468a577d821ae3b4df9
x:67, enc:7e781f3289dc9a012381db46d45888fb
x:68, enc:7202a80214a0e793b2b0b9731bbf5c8f
x:69, enc:67139467f408cc9e257aa20e99dcdc1c
x:70, enc:464b6db800b126f7effee329bb60ba0c
x:71, enc:8f02d853bd28e52be36cd3b613a34dbe
x:72, enc:6bc2627940488e422d6aca307c65cf90
x:73, enc:0b82e0db38fd6d6f400e0e28b2e696b7 !** Bingo **!
x:74, enc:cc779843511e78a8e65aa1240ab7158c
x:75, enc:037d638fe69e7b866608c123e681044c
x:76, enc:d74e1d69463acd3399a91aa43eb2d976
x:77, enc:b7ea90639014417df1635252f10bf55b
So the first byte of the flag is hex(73) = I, which is what we expect
And a little more abstraction later
def get_next_letter(msg): """ Give this function a string of 15 chars and it'll bruteforce to find the next char in the flag """ # Need to get this block goal_block = get_encoding(msg) for x in range(0xff + 1): block = get_encoding(msg+ chr(x)) if block == goal_block: return chr(x) return '?' flag = '' currentBlock = '\x00'*15 while True: # get the next letter nl = get_next_letter(currentBlock) flag.append(nl) print flag # tack the new letter to the back of the current block # and remove the one at the start currentBlock = currentBlock[1:] + nlThe idea here is that I'll have a currentBlock of length 15 that starts as nulls
000000000000000000000000000000
and I'll brute force that to find the first byte of the flag 0x49 ('I')
then I'll update the block to have the I in it and I'll only give it 14 nulls
getting the encrypted first 2 characters of the flag
and I'll then send it 14 nulls, the first character and then brute force again on the last byte
to find the second character
repeat for the whole block
adjust some stuff to work after you get the first block
and chuck in some multithreading
and you get this
def return_encoding_with_msg(msg, block_num=2):
# print 'getting encoding'
try:
enc = get_encoding(msg, block_num)
# print 'got encoding! I\'m ' + msg[-1]
return enc , msg
except:
print ':( having a nap and trying again'
time.sleep(1)
return return_encoding_with_msg(msg, block_num)
def get_next_letter(banana):
"""
Give this function a string of 15 chars
and it'll bruteforce to find the next char in
the flag
"""
nulls = '\x00'*(15 - len(banana)%16)
# 15 if we just started i.e we want to bruteforce the first character
# 14 if we've got 1 so we want to
# "Need to get this block goal_block
# once we get the first block
# we'll need to look at the next block over
# so go back to sending 15 nulls
# so that the 2nd to 16th characters are in the next block
extra = int(len(banana)/16)
goal_block = get_encoding(nulls, block_num=(2 + extra))
attempts = []
for x in range(0xff + 1):
block = nulls + banana + chr(x)
# e = get_encoding(block, 2+extra)
# if e == goal_block:
# return chr(x)
attempts.append(block)
if len(attempts) == 64:
# print attempts
pool = Pool(processes=64)
res = pool.map(partial(return_encoding_with_msg, block_num=(2 + extra)), attempts)
pool.close()
pool.join()
for r, msg in res:
# print r + msg[-1]
if r == goal_block:
print 'Success!'
print msg
return msg[-1]
# print 'Trying another round of 10'
attempts = []
return '?'
flag = []
while True:
# get the next letter
nl = get_next_letter(''.join(flag))
flag.append(nl)
print ''.join(flag)
While that was busy cracking I made it a bit faster by checking more likely things first
You should copy paste this giant blob into a text editor that doesn't line wrap so that you can see the boundaries of the blocks.
# Length: 17, Nulls: 0 387ed91be0a2273464b8d8313dc12432567a487af41ced6a0401b4d83956a9beb465108a947c05f9b9f07304919b0e35ae4ca18d90d00ac21b52362d685c4c69f5c9838dcca6aad70f1c40b393583735
# Length: 18, Nulls: 1 387ed91be0a2273464b8d8313dc1243249cfb404c4b6c3956963a96b7eed96430d0321017f0a3245d56cd4e47707eb8c951820f6bfe340a33b1ef0acc273560f3bcf138a5fe72f3a9654bfd2582cb263
# Length: 19, Nulls: 2 387ed91be0a2273464b8d8313dc12432176c7cf245376daf52371928cb9df7dbf67ef27d13d460fe1b2a25c14624bbff8428fab86c0e1210db0aadaa46ad5433ddd758c52e3c9b06994c30fc1f495201
# Length: 20, Nulls: 3 387ed91be0a2273464b8d8313dc12432615e8376913eea815adc08483ba52ebbfe9911f31b6694403e4a83e036b42b07eb061a39092dfe254b001e85a4cab2822f3b56b407fc4cc76021a0f971c285dd
# Length: 21, Nulls: 4 387ed91be0a2273464b8d8313dc124322c29104aa30600bf9dacf0d2563a69fb2cb3308c99119ba359d2bd13c52d4d22b1edc20249ceee0a7fcd73331bdc2f07016a3b098794591d2ed4446611da351c
# Length: 22, Nulls: 5 387ed91be0a2273464b8d8313dc124324bb04b58b69bca37968314604b364b94ad7f6b3171d5b639907f565909bcb8a555da1f080adf94bb541e715074d3c9460fed8443c92ddcb7112a31b587bc09f6
# Length: 23, Nulls: 6 387ed91be0a2273464b8d8313dc1243246daa79c7ab0eddebb4e2e1f476e1239f852be535ad9bc8c6822a9c27e25cd51f8bbee7b725ef98fc0cddf6e2b00a1adaff84a27b34909e39f9df32e1be07445
# Length: 24, Nulls: 7 387ed91be0a2273464b8d8313dc124327f5162d26b0736c5287a3427ed0a5215e514acb44934277ffe1f7404211c6de1cab00e72a877a19d34bfe9aa7ca0cae9cc9febced4a7f8f49600039b689ca268
# Length: 25, Nulls: 8 387ed91be0a2273464b8d8313dc12432e921eeb1798d9bb195b06b9e1374272e2c780cc8dab801a55b7d4595d5d7f8821123a6930dc611488a4e7c8e73c64e44000929ca29e9de5f4ed0e218edcf6e72
# Length: 26, Nulls: 9 387ed91be0a2273464b8d8313dc12432df0c71dad6e13f7e28fcdb1705812862e0330b5b75832d9ffa1d51bb0b734c3b5febb840292084f72ff04538589d31cc4881aa36bc592d9fa983ebd276d5d6b0
# Length: 27, Nulls: 10 387ed91be0a2273464b8d8313dc12432f200f81e0230e0dca133c6f74f76223a0a08eb45f2bde041f49f3bd62691fce244d8e6bdacfbaf3873642eae7e091d0faf3884045818d3dc997dd26cfeceba0f
# Length: 28, Nulls: 11 387ed91be0a2273464b8d8313dc124328a0e2265db1b22d279659b0bfe6f3ef802fee4c70356e1e4f534bdf73d07ffb96096036d35155afd9cf2b3a3fd29fd417d49a7e7d1b962bd61a398837d6b7ab3
# Length: 29, Nulls: 12 387ed91be0a2273464b8d8313dc1243243cef8e3fcc1c1dfb476b43b9fe038b1684404d8f25b53759f007758304f19d95593abdb1affd72ca2eced5cd0f90124a9a3169f9334066e8da23c8aa3cca3d3
# Length: 30, Nulls: 13 387ed91be0a2273464b8d8313dc12432c119e9bc2dbda4fcbad77fcc3cd750969e3d36bcfd6a424f2183d3364592ef97a8fdd7ca48f5f00ec7a13c9a21d82292011df537473098ce4ffe0d8e12fcc0e1
# Length: 31, Nulls: 14 387ed91be0a2273464b8d8313dc12432bb3cf36dbb0c90b451d2bb34608f4248714445f04927def76405cd0a83799f07a8ed402ad24d0e2f43d4d9361eb8284cebddbacaa25c33ec35562e026a0ee649dd1f9f706aeab9959486696f82f00fbf
# Length: 32, Nulls: 15 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d404121eeb2df9070dcfc8041744885dc16e1ee341ff8bc4f4f98cc57bcba342e2abb20430435b3c850611d77e503158b8b5df2095333941a65f2cd00810ce4902e
# Length: 33, Nulls: 16 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40b5fe89806d3a8bef7f40a8d38040a707b465108a947c05f9b9f07304919b0e35ae4ca18d90d00ac21b52362d685c4c69f5c9838dcca6aad70f1c40b393583735
# Length: 34, Nulls: 17 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d4066a65f13d2d0619cdeb702e071aeaae40d0321017f0a3245d56cd4e47707eb8c951820f6bfe340a33b1ef0acc273560f3bcf138a5fe72f3a9654bfd2582cb263
# Length: 35, Nulls: 18 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40e7638b5cf44cbfc3bca1be6a992e8c5bf67ef27d13d460fe1b2a25c14624bbff8428fab86c0e1210db0aadaa46ad5433ddd758c52e3c9b06994c30fc1f495201
# Length: 36, Nulls: 19 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d401d9b355f5ef369066d88e091197420f8fe9911f31b6694403e4a83e036b42b07eb061a39092dfe254b001e85a4cab2822f3b56b407fc4cc76021a0f971c285dd
# Length: 37, Nulls: 20 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d402392efb50f50465f4f591aad8b9df62f2cb3308c99119ba359d2bd13c52d4d22b1edc20249ceee0a7fcd73331bdc2f07016a3b098794591d2ed4446611da351c
# Length: 38, Nulls: 21 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40af1261b355b9b251f35bcd554e44bd9fad7f6b3171d5b639907f565909bcb8a555da1f080adf94bb541e715074d3c9460fed8443c92ddcb7112a31b587bc09f6
# Length: 39, Nulls: 22 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d404ebe06895f2ada42e195502338feb6fbf852be535ad9bc8c6822a9c27e25cd51f8bbee7b725ef98fc0cddf6e2b00a1adaff84a27b34909e39f9df32e1be07445
# Length: 40, Nulls: 23 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c1f1b2cfccf8c6c7080fb9ac19a73632e514acb44934277ffe1f7404211c6de1cab00e72a877a19d34bfe9aa7ca0cae9cc9febced4a7f8f49600039b689ca268
# Length: 41, Nulls: 24 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40b71eca60aa2dfeff1e6613a39104e1a12c780cc8dab801a55b7d4595d5d7f8821123a6930dc611488a4e7c8e73c64e44000929ca29e9de5f4ed0e218edcf6e72
# Length: 42, Nulls: 25 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40d1b72c09e5e9cbeb44a858942a650f40e0330b5b75832d9ffa1d51bb0b734c3b5febb840292084f72ff04538589d31cc4881aa36bc592d9fa983ebd276d5d6b0
# Length: 43, Nulls: 26 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d409a0ebdeb3cd86378d06f25a958f354d20a08eb45f2bde041f49f3bd62691fce244d8e6bdacfbaf3873642eae7e091d0faf3884045818d3dc997dd26cfeceba0f
# Length: 44, Nulls: 27 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d4048f07b78c4acd78dc84e084c412f726002fee4c70356e1e4f534bdf73d07ffb96096036d35155afd9cf2b3a3fd29fd417d49a7e7d1b962bd61a398837d6b7ab3
# Length: 45, Nulls: 28 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d401da941d1725ac973d57adadfb23e38f7684404d8f25b53759f007758304f19d95593abdb1affd72ca2eced5cd0f90124a9a3169f9334066e8da23c8aa3cca3d3
# Length: 46, Nulls: 29 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40fc7da7e42471ba2ac67634d40e1d0cc29e3d36bcfd6a424f2183d3364592ef97a8fdd7ca48f5f00ec7a13c9a21d82292011df537473098ce4ffe0d8e12fcc0e1
# Length: 47, Nulls: 30 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d400b82e0db38fd6d6f400e0e28b2e696b7714445f04927def76405cd0a83799f07a8ed402ad24d0e2f43d4d9361eb8284cebddbacaa25c33ec35562e026a0ee649dd1f9f706aeab9959486696f82f00fbf
# Length: 48, Nulls: 31 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e4121eeb2df9070dcfc8041744885dc16e1ee341ff8bc4f4f98cc57bcba342e2abb20430435b3c850611d77e503158b8b5df2095333941a65f2cd00810ce4902e
# Length: 49, Nulls: 32 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4eb5fe89806d3a8bef7f40a8d38040a707b465108a947c05f9b9f07304919b0e35ae4ca18d90d00ac21b52362d685c4c69f5c9838dcca6aad70f1c40b393583735
# Length: 50, Nulls: 33 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e66a65f13d2d0619cdeb702e071aeaae40d0321017f0a3245d56cd4e47707eb8c951820f6bfe340a33b1ef0acc273560f3bcf138a5fe72f3a9654bfd2582cb263
# Length: 51, Nulls: 34 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ee7638b5cf44cbfc3bca1be6a992e8c5bf67ef27d13d460fe1b2a25c14624bbff8428fab86c0e1210db0aadaa46ad5433ddd758c52e3c9b06994c30fc1f495201
# Length: 52, Nulls: 35 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e1d9b355f5ef369066d88e091197420f8fe9911f31b6694403e4a83e036b42b07eb061a39092dfe254b001e85a4cab2822f3b56b407fc4cc76021a0f971c285dd
# Length: 53, Nulls: 36 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e2392efb50f50465f4f591aad8b9df62f2cb3308c99119ba359d2bd13c52d4d22b1edc20249ceee0a7fcd73331bdc2f07016a3b098794591d2ed4446611da351c
# Length: 54, Nulls: 37 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4eaf1261b355b9b251f35bcd554e44bd9fad7f6b3171d5b639907f565909bcb8a555da1f080adf94bb541e715074d3c9460fed8443c92ddcb7112a31b587bc09f6
# Length: 55, Nulls: 38 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e4ebe06895f2ada42e195502338feb6fbf852be535ad9bc8c6822a9c27e25cd51f8bbee7b725ef98fc0cddf6e2b00a1adaff84a27b34909e39f9df32e1be07445
# Length: 56, Nulls: 39 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec1f1b2cfccf8c6c7080fb9ac19a73632e514acb44934277ffe1f7404211c6de1cab00e72a877a19d34bfe9aa7ca0cae9cc9febced4a7f8f49600039b689ca268
# Length: 57, Nulls: 40 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4eb71eca60aa2dfeff1e6613a39104e1a12c780cc8dab801a55b7d4595d5d7f8821123a6930dc611488a4e7c8e73c64e44000929ca29e9de5f4ed0e218edcf6e72
# Length: 58, Nulls: 41 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ed1b72c09e5e9cbeb44a858942a650f40e0330b5b75832d9ffa1d51bb0b734c3b5febb840292084f72ff04538589d31cc4881aa36bc592d9fa983ebd276d5d6b0
# Length: 59, Nulls: 42 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e9a0ebdeb3cd86378d06f25a958f354d20a08eb45f2bde041f49f3bd62691fce244d8e6bdacfbaf3873642eae7e091d0faf3884045818d3dc997dd26cfeceba0f
# Length: 60, Nulls: 43 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e48f07b78c4acd78dc84e084c412f726002fee4c70356e1e4f534bdf73d07ffb96096036d35155afd9cf2b3a3fd29fd417d49a7e7d1b962bd61a398837d6b7ab3
# Length: 61, Nulls: 44 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e1da941d1725ac973d57adadfb23e38f7684404d8f25b53759f007758304f19d95593abdb1affd72ca2eced5cd0f90124a9a3169f9334066e8da23c8aa3cca3d3
# Length: 62, Nulls: 45 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4efc7da7e42471ba2ac67634d40e1d0cc29e3d36bcfd6a424f2183d3364592ef97a8fdd7ca48f5f00ec7a13c9a21d82292011df537473098ce4ffe0d8e12fcc0e1
# Length: 63, Nulls: 46 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4e0b82e0db38fd6d6f400e0e28b2e696b7714445f04927def76405cd0a83799f07a8ed402ad24d0e2f43d4d9361eb8284cebddbacaa25c33ec35562e026a0ee649dd1f9f706aeab9959486696f82f00fbf
# Length: 64, Nulls: 47 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e4121eeb2df9070dcfc8041744885dc16e1ee341ff8bc4f4f98cc57bcba342e2abb20430435b3c850611d77e503158b8b5df2095333941a65f2cd00810ce4902e
# Length: 65, Nulls: 48 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eb5fe89806d3a8bef7f40a8d38040a707b465108a947c05f9b9f07304919b0e35ae4ca18d90d00ac21b52362d685c4c69f5c9838dcca6aad70f1c40b393583735
# Length: 66, Nulls: 49 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e66a65f13d2d0619cdeb702e071aeaae40d0321017f0a3245d56cd4e47707eb8c951820f6bfe340a33b1ef0acc273560f3bcf138a5fe72f3a9654bfd2582cb263
# Length: 67, Nulls: 50 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ee7638b5cf44cbfc3bca1be6a992e8c5bf67ef27d13d460fe1b2a25c14624bbff8428fab86c0e1210db0aadaa46ad5433ddd758c52e3c9b06994c30fc1f495201
# Length: 68, Nulls: 51 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e1d9b355f5ef369066d88e091197420f8fe9911f31b6694403e4a83e036b42b07eb061a39092dfe254b001e85a4cab2822f3b56b407fc4cc76021a0f971c285dd
# Length: 69, Nulls: 52 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e2392efb50f50465f4f591aad8b9df62f2cb3308c99119ba359d2bd13c52d4d22b1edc20249ceee0a7fcd73331bdc2f07016a3b098794591d2ed4446611da351c
# Length: 70, Nulls: 53 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eaf1261b355b9b251f35bcd554e44bd9fad7f6b3171d5b639907f565909bcb8a555da1f080adf94bb541e715074d3c9460fed8443c92ddcb7112a31b587bc09f6
# Length: 71, Nulls: 54 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e4ebe06895f2ada42e195502338feb6fbf852be535ad9bc8c6822a9c27e25cd51f8bbee7b725ef98fc0cddf6e2b00a1adaff84a27b34909e39f9df32e1be07445
# Length: 72, Nulls: 55 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec1f1b2cfccf8c6c7080fb9ac19a73632e514acb44934277ffe1f7404211c6de1cab00e72a877a19d34bfe9aa7ca0cae9cc9febced4a7f8f49600039b689ca268
# Length: 73, Nulls: 56 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eb71eca60aa2dfeff1e6613a39104e1a12c780cc8dab801a55b7d4595d5d7f8821123a6930dc611488a4e7c8e73c64e44000929ca29e9de5f4ed0e218edcf6e72
# Length: 74, Nulls: 57 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ed1b72c09e5e9cbeb44a858942a650f40e0330b5b75832d9ffa1d51bb0b734c3b5febb840292084f72ff04538589d31cc4881aa36bc592d9fa983ebd276d5d6b0
# Length: 75, Nulls: 58 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e9a0ebdeb3cd86378d06f25a958f354d20a08eb45f2bde041f49f3bd62691fce244d8e6bdacfbaf3873642eae7e091d0faf3884045818d3dc997dd26cfeceba0f
# Length: 76, Nulls: 59 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e48f07b78c4acd78dc84e084c412f726002fee4c70356e1e4f534bdf73d07ffb96096036d35155afd9cf2b3a3fd29fd417d49a7e7d1b962bd61a398837d6b7ab3
# Length: 77, Nulls: 60 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e1da941d1725ac973d57adadfb23e38f7684404d8f25b53759f007758304f19d95593abdb1affd72ca2eced5cd0f90124a9a3169f9334066e8da23c8aa3cca3d3
# Length: 78, Nulls: 61 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4efc7da7e42471ba2ac67634d40e1d0cc29e3d36bcfd6a424f2183d3364592ef97a8fdd7ca48f5f00ec7a13c9a21d82292011df537473098ce4ffe0d8e12fcc0e1
# Length: 79, Nulls: 62 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e0b82e0db38fd6d6f400e0e28b2e696b7714445f04927def76405cd0a83799f07a8ed402ad24d0e2f43d4d9361eb8284cebddbacaa25c33ec35562e026a0ee649dd1f9f706aeab9959486696f82f00fbf
# Length: 80, Nulls: 63 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e4121eeb2df9070dcfc8041744885dc16e1ee341ff8bc4f4f98cc57bcba342e2abb20430435b3c850611d77e503158b8b5df2095333941a65f2cd00810ce4902e
# Length: 81, Nulls: 64 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eb5fe89806d3a8bef7f40a8d38040a707b465108a947c05f9b9f07304919b0e35ae4ca18d90d00ac21b52362d685c4c69f5c9838dcca6aad70f1c40b393583735
# Length: 82, Nulls: 65 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e66a65f13d2d0619cdeb702e071aeaae40d0321017f0a3245d56cd4e47707eb8c951820f6bfe340a33b1ef0acc273560f3bcf138a5fe72f3a9654bfd2582cb263
# Length: 83, Nulls: 66 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ee7638b5cf44cbfc3bca1be6a992e8c5bf67ef27d13d460fe1b2a25c14624bbff8428fab86c0e1210db0aadaa46ad5433ddd758c52e3c9b06994c30fc1f495201
# Length: 84, Nulls: 67 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e1d9b355f5ef369066d88e091197420f8fe9911f31b6694403e4a83e036b42b07eb061a39092dfe254b001e85a4cab2822f3b56b407fc4cc76021a0f971c285dd
# Length: 85, Nulls: 68 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e2392efb50f50465f4f591aad8b9df62f2cb3308c99119ba359d2bd13c52d4d22b1edc20249ceee0a7fcd73331bdc2f07016a3b098794591d2ed4446611da351c
# Length: 86, Nulls: 69 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eaf1261b355b9b251f35bcd554e44bd9fad7f6b3171d5b639907f565909bcb8a555da1f080adf94bb541e715074d3c9460fed8443c92ddcb7112a31b587bc09f6
# Length: 87, Nulls: 70 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e4ebe06895f2ada42e195502338feb6fbf852be535ad9bc8c6822a9c27e25cd51f8bbee7b725ef98fc0cddf6e2b00a1adaff84a27b34909e39f9df32e1be07445
# Length: 88, Nulls: 71 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec1f1b2cfccf8c6c7080fb9ac19a73632e514acb44934277ffe1f7404211c6de1cab00e72a877a19d34bfe9aa7ca0cae9cc9febced4a7f8f49600039b689ca268
# Length: 89, Nulls: 72 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eb71eca60aa2dfeff1e6613a39104e1a12c780cc8dab801a55b7d4595d5d7f8821123a6930dc611488a4e7c8e73c64e44000929ca29e9de5f4ed0e218edcf6e72
# Length: 90, Nulls: 73 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ed1b72c09e5e9cbeb44a858942a650f40e0330b5b75832d9ffa1d51bb0b734c3b5febb840292084f72ff04538589d31cc4881aa36bc592d9fa983ebd276d5d6b0
# Length: 91, Nulls: 74 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e9a0ebdeb3cd86378d06f25a958f354d20a08eb45f2bde041f49f3bd62691fce244d8e6bdacfbaf3873642eae7e091d0faf3884045818d3dc997dd26cfeceba0f
# Length: 92, Nulls: 75 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e48f07b78c4acd78dc84e084c412f726002fee4c70356e1e4f534bdf73d07ffb96096036d35155afd9cf2b3a3fd29fd417d49a7e7d1b962bd61a398837d6b7ab3
# Length: 93, Nulls: 76 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e1da941d1725ac973d57adadfb23e38f7684404d8f25b53759f007758304f19d95593abdb1affd72ca2eced5cd0f90124a9a3169f9334066e8da23c8aa3cca3d3
# Length: 94, Nulls: 77 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4efc7da7e42471ba2ac67634d40e1d0cc29e3d36bcfd6a424f2183d3364592ef97a8fdd7ca48f5f00ec7a13c9a21d82292011df537473098ce4ffe0d8e12fcc0e1
# Length: 95, Nulls: 78 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e0b82e0db38fd6d6f400e0e28b2e696b7714445f04927def76405cd0a83799f07a8ed402ad24d0e2f43d4d9361eb8284cebddbacaa25c33ec35562e026a0ee649dd1f9f706aeab9959486696f82f00fbf
# Length: 96, Nulls: 79 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e4121eeb2df9070dcfc8041744885dc16e1ee341ff8bc4f4f98cc57bcba342e2abb20430435b3c850611d77e503158b8b5df2095333941a65f2cd00810ce4902e
# Length: 97, Nulls: 80 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eb5fe89806d3a8bef7f40a8d38040a707b465108a947c05f9b9f07304919b0e35ae4ca18d90d00ac21b52362d685c4c69f5c9838dcca6aad70f1c40b393583735
# Length: 98, Nulls: 81 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e66a65f13d2d0619cdeb702e071aeaae40d0321017f0a3245d56cd4e47707eb8c951820f6bfe340a33b1ef0acc273560f3bcf138a5fe72f3a9654bfd2582cb263
# Length: 99, Nulls: 82 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ee7638b5cf44cbfc3bca1be6a992e8c5bf67ef27d13d460fe1b2a25c14624bbff8428fab86c0e1210db0aadaa46ad5433ddd758c52e3c9b06994c30fc1f495201
# Length: 100, Nulls: 83 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e1d9b355f5ef369066d88e091197420f8fe9911f31b6694403e4a83e036b42b07eb061a39092dfe254b001e85a4cab2822f3b56b407fc4cc76021a0f971c285dd
# Length: 101, Nulls: 84 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e2392efb50f50465f4f591aad8b9df62f2cb3308c99119ba359d2bd13c52d4d22b1edc20249ceee0a7fcd73331bdc2f07016a3b098794591d2ed4446611da351c
# Length: 102, Nulls: 85 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eaf1261b355b9b251f35bcd554e44bd9fad7f6b3171d5b639907f565909bcb8a555da1f080adf94bb541e715074d3c9460fed8443c92ddcb7112a31b587bc09f6
# Length: 103, Nulls: 86 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e4ebe06895f2ada42e195502338feb6fbf852be535ad9bc8c6822a9c27e25cd51f8bbee7b725ef98fc0cddf6e2b00a1adaff84a27b34909e39f9df32e1be07445
# Length: 104, Nulls: 87 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec1f1b2cfccf8c6c7080fb9ac19a73632e514acb44934277ffe1f7404211c6de1cab00e72a877a19d34bfe9aa7ca0cae9cc9febced4a7f8f49600039b689ca268
# Length: 105, Nulls: 88 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eb71eca60aa2dfeff1e6613a39104e1a12c780cc8dab801a55b7d4595d5d7f8821123a6930dc611488a4e7c8e73c64e44000929ca29e9de5f4ed0e218edcf6e72
# Length: 106, Nulls: 89 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ed1b72c09e5e9cbeb44a858942a650f40e0330b5b75832d9ffa1d51bb0b734c3b5febb840292084f72ff04538589d31cc4881aa36bc592d9fa983ebd276d5d6b0
# Length: 107, Nulls: 90 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e9a0ebdeb3cd86378d06f25a958f354d20a08eb45f2bde041f49f3bd62691fce244d8e6bdacfbaf3873642eae7e091d0faf3884045818d3dc997dd26cfeceba0f
# Length: 108, Nulls: 91 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e48f07b78c4acd78dc84e084c412f726002fee4c70356e1e4f534bdf73d07ffb96096036d35155afd9cf2b3a3fd29fd417d49a7e7d1b962bd61a398837d6b7ab3
# Length: 109, Nulls: 92 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e1da941d1725ac973d57adadfb23e38f7684404d8f25b53759f007758304f19d95593abdb1affd72ca2eced5cd0f90124a9a3169f9334066e8da23c8aa3cca3d3
# Length: 110, Nulls: 93 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4efc7da7e42471ba2ac67634d40e1d0cc29e3d36bcfd6a424f2183d3364592ef97a8fdd7ca48f5f00ec7a13c9a21d82292011df537473098ce4ffe0d8e12fcc0e1
# Length: 111, Nulls: 94 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e0b82e0db38fd6d6f400e0e28b2e696b7714445f04927def76405cd0a83799f07a8ed402ad24d0e2f43d4d9361eb8284cebddbacaa25c33ec35562e026a0ee649dd1f9f706aeab9959486696f82f00fbf
# Length: 112, Nulls: 95 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e4121eeb2df9070dcfc8041744885dc16e1ee341ff8bc4f4f98cc57bcba342e2abb20430435b3c850611d77e503158b8b5df2095333941a65f2cd00810ce4902e
# Length: 113, Nulls: 96 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4eb5fe89806d3a8bef7f40a8d38040a707b465108a947c05f9b9f07304919b0e35ae4ca18d90d00ac21b52362d685c4c69f5c9838dcca6aad70f1c40b393583735
# Length: 114, Nulls: 97 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e66a65f13d2d0619cdeb702e071aeaae40d0321017f0a3245d56cd4e47707eb8c951820f6bfe340a33b1ef0acc273560f3bcf138a5fe72f3a9654bfd2582cb263
# Length: 115, Nulls: 98 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ee7638b5cf44cbfc3bca1be6a992e8c5bf67ef27d13d460fe1b2a25c14624bbff8428fab86c0e1210db0aadaa46ad5433ddd758c52e3c9b06994c30fc1f495201
# Length: 116, Nulls: 99 387ed91be0a2273464b8d8313dc1243226ee009a4b13727a78e7ea6f1b160d40c6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4ec6db5708e552a95dc626d83c633e2c4e1d9b355f5ef369066d88e091197420f8fe9911f31b6694403e4a83e036b42b07eb061a39092dfe254b001e85a4cab2822f3b56b407fc4cc76021a0f971c285dd
Server code:
#!/usr/bin/python
from Crypto.Cipher.AES import AESCipher
import SocketServer as ss
import signal
import base64
# running on nc l33tcrypt.vuln.icec.tf 6001
from secret import KEY, FLAG
PORT = 6001
def pad(text, bs):
text = text + FLAG
pad_num = (bs - len(text) % bs)
return text + chr(pad_num) * pad_num
def recvline(req):
buf = b""
while not buf.endswith(b"\n"):
buf += req.recv(1)
return buf
class RequestHandler(ss.BaseRequestHandler):
def handle(self):
req = self.request
signal.alarm(5)
req.sendall("Welcome to l33tserver where all your encryption needs are served.\n")
req.sendall("Send me something to encrypt:\n")
data = recvline(req).strip()
try:
data = base64.b64decode(data)
except:
req.sendall("bad data\n")
req.close()
return
if not data.startswith("l33tserver please"):
req.sendall("You didnt say the magic word :(\n")
req.close()
return
c = AESCipher(KEY).encrypt(pad(data, 16))
req.sendall("Your l33tcrypted data:\n")
req.sendall(base64.b64encode(c) + "\n")
req.close()
class TCPServer(ss.ForkingMixIn, ss.TCPServer):
pass
ss.TCPServer.allow_reuse_address = True
server = TCPServer(("0.0.0.0", PORT), RequestHandler)
print("Server listening on port %d" % PORT)
server.serve_forever()
Final Solution:
#!/usr/bin/python
import base64
from pwn import *
from functools import partial
from multiprocessing import Pool
import time
# find the length of the block
context.log_level = 30
def chunks(l, n):
"""return a list of successive n-sized chunks from l."""
arr = []
for i in range(0, len(l), n):
arr.append(l[i:i+n])
return arr
def send_msg(msg):
conn = remote("l33tcrypt.vuln.icec.tf", 6001)
conn.sendline(base64.b64encode(msg))
conn.recvuntil('\n')
conn.recvuntil('\n')
conn.recvuntil('\n')
data = conn.recvuntil('\n')
return base64.b64decode(data).encode('hex')
def get_encoding(msg, block_num=2):
start = "l33tserver please"
padding = '\x00'*15
request = start + padding + msg
response = send_msg(request)
blocks = chunks(response,16*2) # 16 block size, *2 because hex representation
my_block = blocks[block_num]
return my_block
def return_encoding_with_msg(msg, block_num=2):
# print 'getting encoding'
try:
enc = get_encoding(msg, block_num)
# print 'got encoding! I\'m ' + msg[-1]
return enc , msg
except:
print ':( having a nap and trying again'
time.sleep(1)
return return_encoding_with_msg(msg, block_num)
def get_next_letter(banana):
"""
Give this function a string of 15 chars
and it'll bruteforce to find the next char in
the flag
"""
nulls = '\x00'*(15 - len(banana)%16)
# 15 if we just started i.e we want to bruteforce the first character
# 14 if we've got 1 so we want to
# "Need to get this block goal_block
# once we get the first block
# we'll need to look at the next block over
# so go back to sending 15 nulls
# so that the 2nd to 16th characters are in the next block
extra = int(len(banana)/16)
goal_block = get_encoding(nulls, block_num=(2 + extra))
attempts = []
common = [ord(a) for a in chunks("_etoinsherdloETIONSHERDLO",1)]
less_common = [ord(a) for a in chunks("qwertyuioplkjhgfdsazxcvbnmQWERTYUIOPLKJHGFDSAZXCVBNM",1) if a not in common]
rest = [a for a in range(0xff + 1) if a not in common + less_common]
for x in common + less_common + rest:
block = nulls + banana + chr(x)
# e = get_encoding(block, 2+extra)
# if e == goal_block:
# return chr(x)
attempts.append(block)
if len(attempts) == 32:
# print attempts
pool = Pool(processes=32)
res = pool.map(partial(return_encoding_with_msg, block_num=(2 + extra)), attempts)
pool.close()
pool.join()
for r, msg in res:
# print r + msg[-1]
if r == goal_block:
print 'Success!'
print msg
return msg[-1]
# print 'Trying another round of 10'
attempts = []
return '?'
flag = []
while True:
# get the next letter
nl = get_next_letter(''.join(flag))
flag.append(nl)
print ''.join(flag)
# All nulls causes this block
# c6db5708e552a95dc626d83c633e2c4e
