Daily AlpacaHack Week9 (2026-2-2 ~ 2026-2-8)

Daily AlpacaHack の Writeup.
(2026/2/2 - 2026/2/8)

後から解いたものなど含むまとめ.

substance (Crypto, 2026/2/2)

from Crypto.Util.number import GCD, long_to_bytes
from sympy import factorint

with open("./output.txt", "r") as f:
    enc_flag1, enc_flag2 = [int(x) for x in f.readlines()]
    
flag_hex = GCD(enc_flag1, enc_flag2)

print(factorint(flag_hex))

flag_base = 316224362225539763970988074867563404070815390505801 * 4572850661 * 503821
test_list = [2, 3, 3, 3, 3, 269]

for i in range(1 << 6):
    tmp_base = flag_base
    for j in range(len(test_list)):
        if (i >> j) & 1:
            tmp_base *= test_list[j]
    
    print(long_to_bytes(tmp_base))
        

read-a-binary (Rev, 2026/2/3)

Magic Engine (Web, 2026/2/4)

RRe_Time_Limiter (Crypto, 2026/2/5)

$$x \equiv a_i \mod p_i$$

from Crypto.Util.number import long_to_bytes
import sympy.ntheory.modular

with open("./output.txt", "r") as f:
    out = eval(f.read())
    
primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349]

(x, y) = sympy.ntheory.modular.crt(primes, out)

print(long_to_bytes(x))
        

The World (Misc, 2026/2/6)

misdirection (Rev, 2026/2/7)

Compressor (Misc, 2026/2/8)

import zlib
import string

flag = "Alpaca{this_is_just_a_fake_flag_for_testing_goodluck}"
flag_charset = "abcdefghijklmnopqrstuvwxyz_A{}"
no_flagset = "".join([x for x in string.printable if x not in flag_charset])
no_flagset = no_flagset[:len(flag)]

data1 = flag.encode() + flag.encode()

for char in flag_charset:
    tmp_flag = "Alpaca{" + char
    data2 = flag.encode() + tmp_flag.encode() + no_flagset[:len(flag)-len(tmp_flag)].encode()
    print(char, len(zlib.compress(data2)), end=", ")

print()
print("answer:", len(zlib.compress(data1)))
        
from pwn import *
import string

_, host, port = "nc 34.170.146.252 62561".split()

sh = remote(host, port)

flag_charset = "abcdefghijklmnopqrstuvwxyz_A{}"
no_flagset = "".join([x for x in string.printable if x not in flag_charset])
no_flagset = no_flagset[:53]

flag_pref = "Alpaca{"

while True:
    min_val = 999999999999999999999999
    min_char = "@"
    for char in flag_charset:
        tmp_flag = flag_pref + char + no_flagset[:53-len(flag_pref)-1]
        
        prompt = sh.recvuntil("Your input:".encode())
        
        sh.sendline(tmp_flag.encode())
        
        prompt = sh.recvuntil("data:".encode())
        
        tmp_length = int(sh.recvline().decode().split()[0].strip())
        if min_val > tmp_length:
            min_val = tmp_length
            min_char = char
        elif min_val == tmp_length:
            min_char = "@"
    
    if min_char == "@":
        print("not updated")
        print(f"loop end (tmp flag: {flag_pref})")
        exit()
    
    flag_pref += min_char
    if min_char == "}":
        print("serach end successfully!")
        print("flag:", flag_pref)
        exit()
        
    print("tmp flag:", flag_pref)