UCLA CTF 2024 Write-ups

CRYPTO: Selamat Pagi

My best friend’s first name is Frequency, and his last name is Analysis.

Original Challenge

If you talk in another language, nobody can understand what you say! Check out this message I sent in Indonesian. To add some extra security, I also applied a monoalphabetic substitution cipher on it!

Provided Files

message.txt

Efe kqkbkx czwkf akfs kdkf qzfskf wzdcjtfk Ieqku kqk akfs ikxj kck akfs wkak ukikukf :Q
Lzfqztk ukdj kqk qe wefe: bkvim{wzbkdki_ckse_kckukx_ukdj_wjuk_kfkbewew_mtzujzfwe}

Chasing the Goose

Huh?

From the challenge description, we can find out that the text in question is ciphered using a monoalphabetic substitution cipher, and that the original text is written in Indonesian.

When we approach this kind of cipher, we should bruteforce it use frequency analysis. And so, here it begins.

Analysing bit by bit

Okay. There’s a lot of characters. What do we do? First, we need to find a dictionary for us to use, as most of us, and I think whoever’s reading this right now, does not know Indonesian. So, using Google, we can find a list of the top 1,000 most common Indonesian words. And, better yet, it linked us to a Google Spreadsheet of the top 2,000 most commonly used words! What a treat. And lucky for us, we can use Regex (Regular Expressions) in Google Spreadsheets to find what we need.

Okay. So, now what? Let’s look at the text first.

Efe kqkbkx czwkf akfs kdkf qzfskf wzdcjtfk Ieqku kqk akfs ikxj kck akfs wkak ukikukf :Q
Lzfqztk ukdj kqk qe wefe: bkvim{wzbkdki_ckse_kckukx_ukdj_wjuk_kfkbewew_mtzujzfwe}

Notice the brackets at the end? That’s our flag. And, we know the prefix to our flags which is “lactf”. And so, we can infer the following: b -> l, k -> a, l -> t, m -> f, v -> c.

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

l

a

t

f

c

• Moving on, we can see the first word in the message is “Efe”, we need to find a word that starts and ends with the same letter, and has a different letter in between. At the 4th spot in the list, we have ini. Which means “This”, we can safely assume that this is the case and continue with our table: e-> i, f -> n.
• Moving on, we can see the second word, “kqkbkx”, and using our current table, we can get the decipher word of “a[q]ala[x]” (letters in the [] brackets are not deciphered yet). At the 9th spot in the list, we can easily spot the word of similar structure, “adalah” which means “is”. We can now update our table, with the newly deciphered x -> h, q -> d.
• Moving on, we have “czwkf”, using our current table, we can get “[c][z][w]an”. This is too broad for us to search, many words in Indonesian end with “an”, let’s skip this one for now.
• Moving on, we have “akfs” -> “[a]an[s]”, 4 letters with “an” in the middle. We can use regex to search for it. On the Google Spreadsheet, press Ctrl + F (Find), and select “Search with Regular Expression”. We can then try to get a Regex string for this query. We can get “^.{1}an.{1}$”. Learn more about how Regex works and what this means here. The first result is, surprisingly, the most commonly used word in Indonesian, “yang”. And so, we can get: a -> y, s - > g.
• Continuing the trend, the next word, “kdkf” - decipher -> “a[d]an” - regex “^ a.{1}an$” -> too many results, skip. Next word, “qzfskf” -decipher -> “d[z]gan” -regex “^d.{1}ngan$” -> “dengan” -> z -> e. Repeat until we have the full alphabet as follows.

a

b

c

d

e

f

g

h

i

j

k

l

m

n

o

p

q

r

s

t

u

v

w

x

y

z

y

l

p

m

i

n

t

u

a

t

f

d

g

b

k

c

s

h

e

The empty ones are not used in the ciphertext, and so omitted from the table.

Results

Using the table, write a script if you want, but we can get the final flag of: lactf{selamat_pagi_apakah_kamu_suka_analisis_frekuensi}, which means “good morning do you like frequency analysis” in English. The answer to this question is no when I did the challenge, but when I finally got the flag, yes, yes I do. I love frequency analysis, deeply.

---

OSINT: Closed

OSINT my beloved.

Original Challenge

*Over spring break, my friend sent me this picture of a place they went to, and said it was their favourite plate to visit but it closed :(.

Where is this rock?

Answer using the coordinates of the bottom left corner of the rock, rounded to the nearest thousandth. If the coordinates were the physical location of the bruin bear statue, the flag would be lactf{34.071,-118.445}. Note that there is no space in the flag.

Provided Files

Rock.png (not the actual file name)

Chasing the Goose

Mr. Johnson? Is that you?

First, we need to analyse this picture, to get some information on where the rock could possibly be.
shorebird* (sorry)

Very good, we have spotted a lot of basic information from the picture, and we can move on with our investigation. Additionally, from the challenge description, we can also infer the area was closed of some sort.

Also, from the original map, we can tell the orientation of it was North is Up, and since the rock’s bump was facing downwards, we can safely assume that the land is up north, and the sea is below. So, we can start to filter through this one by one.

In addition, the map can also tell us that there are no signs of a city or civilisation on the premises.

To summarise, the place we are looking meets the following criteria:

• Must be near a coast, as there is seawater;
• In Southern California;
• There are shorebirds nesting in the area;
• Next to a trail that’s named “…(h/n)ore Trail”;
• Closed after spring;
• Very far from any city or civilizations in general;
• Land is up, sea is below.

Find-A-Rock

Upon preliminary examination, there are a lot of state parks in the state of California, and even just Southern California alone. We will need to dig deeper.

Looking at the California Department of Parks and Recreation website, we can find a tool named “Find-A-Park” which allows us to use filters.

Since we know there’s a trail next door named “…(h/n)ore Trail”, we can safely say that there’s a hiking trail next to the park we are looking for. Lucky for us, this tool also comes with a map feature, so we can narrow it down even further.

Okay, now let’s go through this thing. Though, the issue of where the division line really is is up to debate. But, I really do not care, so I am going to use the Fresno line as the division line.

So, we can start to filter through this one by one. We can look from up to down first, as there are more state parks in the area.

So, we have the Ishxenta State Park, Point Lobos State Natural Reserve, and Garrapata State Park. Let’s open these locations on Google Maps in Satellite mode.

This is the Ishxenta State Park (or formerly known as the Point Lobos Ranch Park Property as shown on Google Maps and the official website). And from preliminary examination, we can tell this location is landlocked and not near any oceans. We can move on from this one on to Point Lobos SNR.

Oh! We found the “…(h/n)ore Trail” trail we were talking about. Turns out, it’s the Southern Shore Trail. This means we are on the right track.
Move our mouse a little bit… And…

We found it! Let’s confirm with our original image!

We can now safely say that this is what we were looking for, in the Point Lobos State Natural Reserve.

Results

We can get the final coordinates of the location as “36.51555901354592, -121.94929707007033” by right clicking on the bottom left corner of the rock. The challenge wanted the coordinates accurate to the nearest thousandth, so the final flag is lactf{36.516,-121.949}.

Very good challenge, and I enjoyed it thoroughly.