 Hey YouTube, this is a video on nothing but everything, a 20-point challenge from TJCTF, the recent capture-to-flag competition. This did not have a whole lot of solves. I think a lot of people were kind of confused by it. I know I certainly was for a long time. The challenge prompt here is, my computer got infected with ransomware, and now none of my documents are accessible anymore. If you help me out, I'll rollard you with a flag. So we have a download link. Let's copy this and let's go play with it. We can get this. It looks like a GZipped tar file, so we can gunzip that. I'm sure there's some nice fancy way to do that with tar on its own, but whatever. So we get a bunch of stuff that is just seemingly numbers. So we have a directory here. We can change directory into 1, 2, 6, 2, 4, 0, blah, blah, blah, whatever. And ls here, still we have more numbers, except there's this hahaha.txt file. Let's check that out. It says all your files have been encrypted with an uncrackable algorithm you are now screwed forever. Great. So I didn't particularly know what to do with this. I would run binwalk, I would run strings, but if we actually check out any of these files, they are all simply more numbers. And that's pretty awful to look at. It was kind of crazy. So I had no idea what to do. I tried to talk this out with other players that I've been hanging out with in my Discord server, people that were tackling the CTF with me. But we didn't know what to do for the longest time. I thought some crazy idea, maybe that's like the key, like the phone keypad cipher or something like that. But it was a Michelinius challenge, so it could have been, could be anything. At some point, I had a random idea that, wait a second, all of these numbers are in decimal, right? Like these are all base 10. What if, crazy random thought, these are simply, what if these were in a different base? What if these were in hex, right? So I tried to take a look at one of these, convert it to hex. I cut up like all the way up to the, got the zero X and the L out of there. So I just had the original string. And then I would try and decode that from hex and then, oh, oh my goodness. Okay, all of these things are simply the regular file name just in base 10 encoded into hex and then put into decimal. So I figured, well, let's try and write something to experiment with these. Let's work with them, blah, blah, blah. So I did just that. I wrote like a simple decoder to see that's got to be the solution to actually figuring out all of these files. So I went ahead and worked with the glob module. And actually from glob, let's import glob. So we have that easy and handy. And then I use the OS module to just move around the file systems that I wanted to work with. I took the like root directory, root is not the right word here, but the top most directory for what we are working with. And then I would have just changed directory into that. But first I wanted this like general purpose function that would take a number and then convert it to what it's supposed to be. So it would return the hex form of that integer of the number. Do I need to do that? Yeah, just in case I don't pass on a string to it. Sorry, I'm again looking at my notes off of the side. And then I would get to the zero X cut out in case there was an L in there, maybe there wouldn't. So I used replace just to be sure in case I'm not cutting off the last character. And then I would decode that from hex and get the original string. Cool. So now that I had a general purpose function, I could run that on just about anything like even directory if I wanted to. And I can see that okay, that is originally documents. So now I would just move directory into whatever I wanted to work with. And I would start to look at some of the others, I would do for I in list directory, OS dot list directory, so we can see all of our files here. I guess I didn't even end up using glob whatever. I would try and print out the clarify of that file name. And let's see if I would get anything I would run except if things didn't work like on that ha ha ha file, actually just print failed with and then I in that case. So when I run this, I can see I have files ping pong Minecraft coding HQ default work, etc. And it failed with that file. So I figured, well, let's recreate these files. I know that they are doing just the exact same methodology where they're taking the decimal number, and it should be in hex and converted back to ASCII. So even with the contents of the files, I figured, let's go ahead and try and fix these. Let's open each of them up as a file. Let's read the contents out of them. And then let's create a new file open with the original file name that we're expecting. So like document or work or etc, etc. And let's write it with clarified version of the contents. And then we would just create all those files. So now I have moving into that directory. I have files like HQ default or ping pong or Minecraft 3.zip. So let's check out what those things are. EOG ping pong that did not open up for me HQ default. How about you? No, that didn't work either. Am I doing this the way that I wanted to? No, I did not. Oh, I mean, it's because I wrote read rather than write. We wanted to fill that file out. Fine. Now we can go ahead and run that. And it should work just fine for us. Let's EOG ping pong. And we've got some files here. Okay, awesome. Okay, so that didn't have any specific flags in it or I still wanted to explore more. So I tried some of the other directories. And I'll just grab one and I'll I'll tack it on just to make sure we're getting over there. And then I would run run our decoder and we'd get more documents there. So if I change directory into those, I can see I have new documents here, here too, etc. So let's try and open those up. I opened up here, and it let's discard that data, whatever, stupid open office, nothing particularly in there. I figured I'd check out the next one here to blah, blah, blah, same kind of data, except I found this at the very bottom here is our interesting sheet name. And that is the flag just there. So that was interesting. That was kind of cool, poked around with some of these files just exploded for a little bit until I found the file with the flag in it. I don't know why that was hidden so much, just to be just to throw more red herrings at us, but whatever that was the flag that we wanted to get. And peculiar, interesting challenge with getting that out of all of those encrypted quote unquote files, like, it's just decimal numbers that we could very well consider as hex and ascii. So saving that as our flag, mark this challenge as complete as we want to etc, etc. Cool. Hey, I want to give a special shout out to my supporters, people that show me some love on Patreon. I love you guys. Awesome. You're the best. One dollar a month on Patreon will give you a special shout out just like this at the end of every video $5 a month on Patreon will give you early access to everything that I release on YouTube. If you did like this video and you want to see more CTF video write ups or programming tutorials, other stuff that I do, please do like comment and subscribe. If you're willing to join our discord server link in the description. Lots of really cool CTF players, programmers, hackers, just a cool place to hang out. I'd love to see you on Patreon and I'd love to see you in the next video. See you guys soon.