Post

Hackfest 2023: Lost in History

Posted
Preview Image
By vedard 2 min read

Writeup for the “Lost in History” challenge created by TheRage for the Hackfest CTF 2023.

The flag has been lost in the timeline. Can you recover it?

01 - Tiny changes

For this challenge, a Git project is provided. Inside, there is a single file named flat.txt containing the letter e. By reviewing the Git commit history, we can see 2612 similar commits that change the single character present in the file.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

commit 3431e57c288848b15394b4c70eabaccc7c06c36e (HEAD -> main)
Author: [REDACTED]
Date:   Sun Oct 8 16:03:25 2023 -0400

    ea86dc8ff8871b6f88e97a1f956f4b8327ac2950

diff --git a/flag.txt b/flag.txt
index c793025..9cbe6ea 100644
--- a/flag.txt
+++ b/flag.txt
@@ -1 +1 @@
-7
\ No newline at end of file
+e
\ No newline at end of file

commit 721861f88505f06826659d6aaa3ab567f860fe1c
Author: [REDACTED]
Date:   Sun Oct 8 16:03:25 2023 -0400

    998dc97562b197c4b74e86f64714248e094734f5

diff --git a/flag.txt b/flag.txt
index e440e5c..c793025 100644
--- a/flag.txt
+++ b/flag.txt
@@ -1 +1 @@
-3
\ No newline at end of file
+7
\ No newline at end of file

We can try to combine all these characters into a single text string using the command git log -p | grep "^\+[^\+]" and some find-and-replace in a text editor. We then obtain this long string of characters, which unfortunately doesn’t bring us any closer to the flag.

e737fkahm1nYxoWhGucH y9BsE7DgFHiJ5uCziI3ks0cN1JmVR2V0FsIkVIE8Rk2uEWsB1KeCg4OCnfvcZy5hEUdmUZiZcDg3vK6n58gA5wHnN8MItCecXHzdqcOdISZ6GErGdvdUs4mQgdGl32JoBkSVOETaoHoCs0bAbVb5le0dY40xa3jbNBriDicSwJNbqcVQ286WvulEpjDjOsaKCRrmNKHveJxtOurURt04Ym6wzSGcZvq6AbO90k7PMV1QrKLzvifFtpjufmcIoXDR5usAg6P3rHabQaSzy8tsv71fGN3Y2cY5TG6FH95d2YjuUDUsbQFfX5xaeVaJWMnpBS09kTK8uleNS7TNGBfQcIoGhVDmJFEm4tk48YzousepGb4SijPFYZY0B8p394Q0W5b13DGwLf2AOuAQBrqKGMZ86PACDew84xrUf4VWSdqGwWZeCkwASI3JGW59H4REJZmwD4zOUCHrPd2YrM9wRQGzTHQsARhwyE2iQydLYlepo6OMYncpQcxK8ZlPR2izdbfDFveTIxjOylsn9NX0iN7iJYA9RlWAeBXEgfafZjykntbDciICGbds2k8cPuJkucnc2pyX9vSIqaHNZSDyA9ywD3VwEp2re8wkJgHoKOM9sz8pZnAxbu2dihpVHdmDiUMmGruy96gXDA8JCDmVz3VA2Y29UZb3fC9U92WpmhfSwxtqsBjPi9ZMcm1k9qVUJFvQEWp9STxpZFZMmiLwqsUOQMx0s3BXR5m9oxbQlDUjf9cL1ysiJX0XeNAPdGZ59kPVEs50czN9pD1XVUhVmQcBdsw0iW25TLXySF5NUyC4yR2ZADCPYWIGbpYmMmCd4vJT9FzFCZXsED23cWSXa8bEiYsNQPW02ZU7supnsgeyr5j7CPzkmgj0zAXbxlnTKRSenwpgoibZTCxygZEBPgYmPXn9YeczKaIzOaS3vAbDLcQXy53xMkwxFswUnMExYRnPVYHTc9LsJKCnME4yIJyRKwAa2vr1gkidBCHsBqIkCbQaQ7SwPgBJKq3iaiqmd10SnGMrK7eSYH0Gx312BIct3mGynJzWOr3GOZyc8yYbnqemPhGF5Ncb7XPMUK3MjRm4qk97oW6nMYwILJP1awUMDdYMcYDSL1BS5NypJVYR8TB08N2PFZc1N8fZO5Th2uXu5yYfEpEPfIDt4azwAhrv8mwD189wAnJtBpnMcJncef4VkV2xgGej5CE6QZHmqDHhTKdKicWkSy24iFcuhDbDbm7UTf1dBgTcCgSBAv5rPJkE5y2xMGf3uxFv1Ls69kTIQ8v9mtVIbE3IAJ9WUl6tJo2HthQXnQPbV6s1e4lNgkJUBgn0UcaOHxwzH6bXkbTfyH56FKIKZIdGronHhyGh4lTjBo4mOIB9806LPBnl3r9v83gME42ueIksJFOvuzUcRpekOYbCb9qbsxs2I54TlXTignRiLtZhgLKdgZ9tiuguD7dHTSkovf5yExMmAEjGKCpgtzixSLOMJScaunVBNW9zNBMBaS94LkZXSKMgFjVZYUAY0zyFjmFpKof5HOd1lqyCax4pTzZ5blA9mRgujujXHOlifwQtaZQzFfZRYqZuivlQFJPu8CtkXSN7vdXUXB59IPRnVaRuR6HqxvAmqGMYOPdcVL0apmgLSPICIVtKjZxWgOmrECyAhEN8IJtX0fDY9t4MTuyUH7DyT3FAOutgyhrt02dVqS8eksu3LjpN1xsRb3m5zAoVaYiNkeL6KJbXzA1Qf9fOpgRX3Y36bdxX4RtWQh9ldLq7XzZsFB0USqQHhaqUtomZMa0rD8fuW2qroGJScnRvH06sOWvdjTXlCQClq8BverdorBnrTUlGTjbrIfvT5xrOLT5f6XundcVY5TWgJdn6RgL4FLQMs9G3MtV0PbslZRpBNdHKrbRF93cZBIE5SpyjSIofjG634js8ltQuLoCMbmXKCLP95Uw5KbV2gVyOqHzfSaTJBcRiGAsCf2RumrUoyPrObZCeaLBpmXAZVem7uaGBuFkHJnq3xW1oq910skoYdSFqUPa7iAH7aVf8IlSvgDp8bgDpsdeZpoaHtKbo879j9Nbu1b47Qkb7t1l3Esto0nEP9MPFeiyzDhXUjvm292C8z0GE1kgGMeCkMnu1m6fUakFZgfZckt89Jc5ibfn8mO1OwFr5PeqUGI6IeBy7IUd74Upmpiv2SOCK0W5iMt9hMSyqoCYWqyHQewyHDsNyDnPFi8Hg2qmWymOrF1meMXMBfM9BsFKrLGMAOhX5X2gnZ1anGRZXaTQegzbZop4MThuPspnQVqcpw9j8MclDzGPM1DkAGfl1SvzpzcYikgiWY9FG3QRQ9AvtghZetzDjT38h56HbvCnD0QHJphkYFHmzG7LeXSMYGAuLMjNvwP4UdF6jmLTaDmrxKSE8RqXrT76xDBhr4SCXW85zmOixT1WbKIehfSHBVg8NWmSPOg1JSRVyxlziSXCWAiY7BHRfwZFMzi8Hv4amFzOMLwDo18NdzmoXLX7y0RYAlRCAzpwQAlkQEj1XpvH9dFjRtpmvE5MhJ=ugBlkqTqf3oMVhHA7jZbBhS6BnFdkCQshTPmSjtRwOf2HX7La

12 hours after the start of the CTF, a small hint was given to the participants:

The commit messages are there for a reason. At least, some of them :wink:

Each commit message resemble an SHA-1 hash, which is the same type of hash used to identify commits in Git. Using this Python script, we checked if any commit hash correspond to a message from an other commit.

1
2
3
4
5
6
7
8
9
10
11
12
13
14

import git

repo = git.Repo('./history')
repo.git.checkout("main")

messages = [commit.message.strip() for commit in repo.iter_commits()]
commits = [commit.hexsha for commit in repo.iter_commits()]

for commit in commits:
    if commit in messages:
        repo.git.checkout(commit)
        print(open("./history/flag.txt", "r").read(), end="")

print()

We find 48 commits and by displaying the contents of the flag.txt file for these commits, we see the following message which is encoded in base64:

1

SEYtYWE4ODQ0NDI5MGM5ZDExMjI3NzljZDU5MWFmMTQzMDA=

Once decoded, we get our flag:

1

HF-aa88444290c9d1122779cd591af14300
Writeups, Hackfest CTF 2023
ctf hackfest git
This post is licensed under CC BY 4.0 by the author.