Rating: 5.0

# Stolen licenses (300 points)

## Description

We found another file on the dark net! It seems that cyber criminals stole some of our license keys and put them up for sale.

We tracked down a ZIP file at https://use01.thegood.cloud/s/ncWkZGcskTEDpGe (password for download syskron.CTF2020).

We don't know the password of the ZIP file, but maybe it is weak encryption that can be easily cracked. If you find any valid license key, let us know.

## Solution

The archive consists of 1000 photos, but first you need to find a password for the zip archive. For this, we will use fcrackzip. First of all, let's try the rockyou wordlist.
```shell
$ fcrackzip -u -D -p ./rockyou.txt ./licenses.zip
```
To no avail, then we will use a 15GB wordlist [(link to wordlist)](https://crackstation.net/crackstation-wordlist-password-cracking-dictionary.htm).
It will take much longer (+-15 minuts for me), but during this time you can do other tasks.
```shell
$ fcrackzip -u -D -p ./crackstation.txt/realuniq.lst ./licenses.zip

PASSWORD FOUND!!!!: pw == nosocomephobia
```

Okay, now we have a password, you can see what kind of photos there are.

![](https://raw.githubusercontent.com/holypower777/ctf_writeups/main/syskronCTF_2020/stolen_licenses/readme_files/B999582-0001.png)

We need to find a valid key. Referring to the first tasks, where there was a mention of the Luhn algorithm for checking the validity, we will use this algorithm to check the keys, but first we need to get a list of keys. For this we will use the **tesseract**
```shell
$ tesseract B999582-0001.png stdout
Detected 10 diacritics
SW serial number

activation key

only valid if purchased together with a machine
```

Tesseract does not see the key. I decided to hardcode and change the colors of the pictures so that the tesseract can see the keys. For this I used python and the OpenCV library.
```python
import cv2

for i in range(1, 1001):
img = 'B999582-{0:04}.png'.format(i)
src = cv2.imread(img, cv2.IMREAD_UNCHANGED)
green_channel = src[:,:,2]
cv2.imwrite('res/{0:04}.png'.format(i), green_channel)
```
Now the pictures look like this:

![](https://raw.githubusercontent.com/holypower777/ctf_writeups/main/syskronCTF_2020/stolen_licenses/readme_files/0001.png)
```shell
$ tesseract res/0001.png stdout
Warning: Invalid resolution 0 dpi. Using 70 instead.
Estimating resolution as 333
oe eee

SW serial number

B999582-0001

activation key

78121994415279564775

only valid if purchased together with a machine
```
Works fine. Let's write a small bash script to get a list of keys
```shell
$ for i in {0001..1000}; do tesseract res/$i.png stdout | grep -x -E '[0-9]{20}'; done >> keys.txt
```
Now that we have a list of all the keys, I wrote a script on node.js that checks the keys using the above algorithm
```javascript
const Luhr = require('luhn-js');
const fs = require('fs');

const data = fs.readFileSync('./keys.txt', 'utf-8').split('\n');

data.forEach(key => Luhr.isValid(key) ? console.log(key) : null);
```
```shell
$ node valid.js
78124512846934984669
```

Flag: 78124512846934984669

Original writeup (https://github.com/holypower777/ctf_writeups/tree/main/syskronCTF_2020/stolen_licenses).