 What's going on everybody, my name is John Hammond and this is weird, right? I'm in a car. This is not normally where I record. That's because I'm out of town for a little bit and I got to meet up with my boy Sinister Matrix who's beside me. Yeah, so if you see my shoulder, that's me, but that's about as much as you're going to get right now. It's a shoulder reveal. He didn't want to do a face reveal, so he's still here. He's beside me, but it's a shoulder reveal. John conned me into it. So, I think the plan is to do a little bit of BCACTF. He'll kind of be co-piloting and tag teaming along. We'll go through one of the challenges and I'll try and pop some questions. Like, hey man, what do you think? What do you feel like? What would we do here? Have you seen this before? Stuff like that. Yeah, I'll kind of throw my two cents in as it applies. Cool. This is super cool. This is super weird. This is super fun. Let's do it. So, the challenge that I want to take a look at, by the way, we're in a car, right? So, I'm not really able to download some of the stuff. We are tethering right now, just using a mobile hotspot. But I want to showcase, this is the webpage. It says, this challenge for the manner of speaking. So, though I came across this theory of the instructions, I can't even do this. I can't give this good justice. The key is the attached list of ASCII printables. Though, anyways, here's the instructions. So, we have two files to download in instructions and printables. And I guess we have to roll with them. So, I'll showcase what these are. So, sinister, you can see them. And, this one is called printables. And it looks like these. Which, I'm assuming are just printable characters. Yeah, pretty much everything from all your random special characters, there's anything through alphabetical and alphanumerical. Are there any numerics in there? Yeah, I see some numbers in the front there. And the other one is instructions. Which, at first glance, I would not know what this is. Kedadder. That looks fun. Yeah. So, this game was pretty generous. You could receive hints if you wanted to. And they wouldn't actually damage you. They wouldn't actually detract some points. And I don't have any shame in taking hints. I don't know about you. So, this hint says, pardon my lisp. What do you think that's getting at? Do I want to spoil that already? I mean, yeah, for sure. We can go for that logical jump. We can go for that logical jump. Well, there's only one programming language I can think. Yeah. That even remotely sounds like that. So, we're looking at lisp, right? Yeah. Think of Mike Tyson. There you go. Man with a lisp. Backthalithes and printable.txt are escaped characters. Okay, so that looks like it has something that's actually escaped, and we need to go ahead and, like, unescape that. I can do that pretty easily in Python, right? Like, if we were to consider this a string, thankfully, there's no other double quotes in there. It'll just print those out. And some of those... Looks like some of those... Looks like some of them escaped. Yeah. Okay. So, I'm going to take a note of another file here. I'll call this, like, not escaped or whatever. And we'll just put that in there. And the instructions. Now that I kind of have an inkling that this is lisp, I know there are other instructions like Cater, or I'm sorry, Car and Cutter in lisp, which I would showcase on the Internet if I could. But I don't think I can. CDR Lisp. Car and CDR. These are primitive operations within the lisp programming language. So it lets us determine kind of specific pieces or notions of where they are in... I'm doing a horrible job of explaining this. Anyway, I was able to note that, okay, that means this is lisp, right? And the only things that I saw that kind of seemed really strange in this is the number of changing Ds. Yeah. There's CAD Editor, CAD with two Ds, et cetera, et cetera. So, looking back at our not escaped, again knowing that this is lisp, lisp works with a lot of parentheses, and it looks like this starting parentheses matches that ending parentheses. So if I were to try and beautify this, it looks like there are segments of different groupings of characters, right? I forgot one. Yeah, this guy down here. So space, exclamation point, et cetera, et cetera, et cetera. And then I guess we can remove those to get the parentheses in there just fine. Uppercase letters. And those curly braces we can escape out. Lowercase letters. And that looks like a set that might correspond to these Ds here. So we know that the flag format for this game is BCACTF. So is there any notion of how we could get a B given that? Or a C or an A or whatever? The gimmick is that this number of Ds, that set, refers to the number down in the set that we're looking at. So one, two, three, four, five. Ds in that case. This is the first set. This is the second set. So we're going down to the fifth set of characters. Yeah. Now we can keep in mind this is probably going to be zero based. So this will actually be where we're at. True. And if we were zero based, that other D being one would mean zero and one. So we could get a B and then looking at the next letter or whatever that is, we have two Ds in the same amount of the second set. So we know, okay, that will bring us to a C. And this one is actually missing the Ds in the very front. So okay, we can track down that's going to be an A. Right? Does that kind of make sense? So now, our priority is actually ripping through these and creating a script to be able to carve out the flag like that. I would think of it like points on a graph, putting each special character in its own point and then taking the amount of Ds that we have to specify which point that character that we're looking for is at. Fair enough. That's a cool way of saying it. So let's make all of those... This is a cool trick that I've learned in Sublime Text. You can select multiple cursors. If you have any text selected and you hit Control, Shift and L, it'll multiply your number of cursors and then you'll have that many and you can write in as many lines as you need to, which is a very cool trick. So I'll do that one more time because I want to get all those commas added in and I need to escape that double quote there. So now in Python we have sets that we can use and let's get this guy as well. What I'll do is as a quick trick I'll replace all the commas with a new line and then I'll get rid of all those spaces and then we can just as easily again add those commas and quotes in. So now when I replace new lines with a single space I have a quick and easy list we'll call it like Info and now we have all that information in there. So what we can do is for P and Info or whatever we can print out that P and see what we're working with. I'll turn off the build view so that way we can see it down displayed here. And now we need to actually carve out these D's so we can figure out where we're going and how we're going to extract that. I'm going to do that with regular expressions so that way I can get the correct number. Let's import RE. So let's use RE.FindAll and let's get every occurrence of the D that we can in P. So let's print how many we've got here. Okay. Maybe I should have kept build view on so you can see that a little bit better. So in cases where we have 1D or no D in the cases we actually have D's that will represent the letter that we're reaching at or the index in that set those actually have a separate empty string in the way because that would be the A character but if we didn't have that like there's no D's in that set of that third index there we don't have that fourth empty string it just goes straight to that set. You see what I mean? Like that gap what would be there on that next line is missing. Yeah it's basically a big separator. Yeah. Since we don't have that because the A's are all together now and there's no D at all we miss it. So we need to keep track of that zero though because that's going to refer to that segment. So I'm going to do a little if statement and test there. So letter choice or whatever variable you want to give it will actually be zero, one, two the second index of these pieces zero, one, two right? Yeah. So if we actually have a letter choice and it's not an empty string then that means the set choice zero, one two, three, four pieces four if we don't and letter choice is an empty string then we know okay. It'll be index set zero. Zero, one, two, three, four. Did I miss something? How did that go wrong? It's because I put that there. It's because I added that in. Yeah. So it should be zero, one, two, three. You're right. Totally right. Cool. Okay. So now all we need to do is from our sets index and then give the right letter index. So let's print out from the sets. Let's get the right set choice and that actually remember is the length of this. So we'll actually pass that in. So now that'll index whether or not we're going to be using numbers, letters, et cetera. So that five will get us this and then we can index that. So another set of square braces following it because we're going to be returned this string and we need to get a specific position in that string. Yeah. So let's use our letter choice and again, that's a length. So let's see what nonsense we get. BCACTF blah, blah, blah, blah. Let's see if we can just go ahead and create a flag from that. I'll make it as a list and we'll go ahead and put it together. So flag dot append. All of that. In the very, very end, we can print out that flag join together. I totally dropped. That join goes after this string. Yeah. There we go. List programming is awesome. List programming, whatever. I don't remember if I need to end up changing these to underscores. I would take most flag formats to do the underscore bit. Because I... Did they include that character in there? I believe so. Maybe, yeah. Maybe we removed the underscore accident. Or because I had some extra line in here, I think I removed that extra backslash that should have been in there. So now if I run that, did it change at all? Let me see what my save flag is. It was in programming and then manner of speaking. The flag that I ended up submitting was with those underscores. So how do we lose it? We must have somewhere in the instructions. No. It's this guy. And we lost him somehow. Yeah, I think we lost one... We lost one character in there. Let's give it the raw form and see if it gives it to me the correct way. Nope, now I lose. There we go. That doesn't immediately explain the backslash, but whatever. I'll trust it. So that's that flag. Does that all make sense? How we kind of came to that conclusion from the weird catter, cadatter, and the strange printable string? You got to keep in mind that it's a lisp, so that way you're able to kind of segment out these sections. Because the lisp uses those parentheses all as groups of things that they're putting together. It sounds like we need to make a tutorial series on lisp. Yeah. I haven't worked too much with lisp, but basic understandings going into a lot of programming languages are separated with parentheses a lot of time. So just knowing that will help you kind of understand where to break things off. When I was in high school, we had an advanced studies program which was like summer school for nerds that wanted to go to do more school. But it was at a different school. It was like a private school. A little bit fancy. But I took a class in artificial intelligence and it was all about using lisp because it was able to be introspective. It can use the eval function. It can open itself up as a script in a program just because it's a scripting language. Super cool. That is how you solved that challenge. I hope that was kind of neat and kind of cool. Makes sense. That ties it up. Pretty much wraps everything up. Sweet. Thank you guys for watching. If you did like this video, please do like, comment and subscribe. I would love to see you guys in the Discord server. There is a link in the description. You can hang out with me and Sinister Matrix. The shoulder man himself. I'd love to see you on Patreon. Love to see you on PayPal. Thanks so much for all your support. Love ya.