added example of the Compiled problem class

Author: Sanjay C

Diff for: auth1/Makefile

@@ -0,0 +1,5 @@
+all:
+	gcc -Wall -m32 -pedantic --std=gnu99 -o radix auth1.c
+
+clean:
+	rm radix

Diff for: auth1/README.md

@@ -0,0 +1,7 @@
+This is an example of the Compiled problem_template
+
+This is useful when trying to build binaries dynamically for multiple instances
+
+One can specify a makefile or compiler sources/flags to compile the source files AFTER the flask substitution has been made for variables defined in challenge.py
+
+The prog_name should be defined as well so that the proper executable will be marked with the right permissions

Diff for: auth1/auth1.c

@@ -0,0 +1,64 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+static char alphabet[] = {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+				'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+				'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+				'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+				'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+				'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+				'w', 'x', 'y', 'z', '0', '1', '2', '3',
+				'4', '5', '6', '7', '8', '9', '+', '/'};
+
+static int mod[] = {0, 2, 1};
+
+char check_password(char *input) {
+  int input_length = strlen(input);
+  int output_length = 4 * ((input_length + 2) / 3);
+  
+  char encoded_data[output_length+1];
+  
+  for (int i = 0, j = 0; i < input_length;) {
+    
+      unsigned int octet_a = i < input_length ? (unsigned char)input[i++] : 0;
+      unsigned int octet_b = i < input_length ? (unsigned char)input[i++] : 0;
+      unsigned int octet_c = i < input_length ? (unsigned char)input[i++] : 0;
+      
+      unsigned int triple = (octet_a << 0x10) + (octet_b << 0x08) + octet_c;
+      
+      encoded_data[j++] = alphabet[(triple >> 3 * 6) & 0x3F];
+      encoded_data[j++] = alphabet[(triple >> 2 * 6) & 0x3F];
+      encoded_data[j++] = alphabet[(triple >> 1 * 6) & 0x3F];
+      encoded_data[j++] = alphabet[(triple >> 0 * 6) & 0x3F];
+  }
+  
+  for (int i = 0; i < mod[input_length % 3]; i++) {
+    encoded_data[output_length - 1 - i] = '=';
+  }
+  return strncmp(encoded_data, "{{pwd}}", output_length);
+}
+
+int main(int argc, char **argv){
+  // Set the gid to the effective gid
+  //  gid_t gid = getegid();
+  //  setresgid(gid, gid, gid);
+
+  setvbuf(stdout, NULL, _IONBF, 0);
+  
+  if (argc < 2) {
+    printf("Please provide a password!\n");
+    return -1;
+  }
+
+  if (!check_password(argv[1])) {
+      printf("Congrats, now where's my flag?\n");
+      return 0;
+  }
+  else {
+    printf("Incorrect Password!\n");
+    return -1;
+  }
+}

Diff for: auth1/challenge.py

@@ -0,0 +1,16 @@
+from hacksport.problem_templates import Compiled
+import base64
+
+class Problem(Compiled):
+    makefile = "Makefile"
+    program_name = "radix"
+
+    def generate_flag(self, random):
+        bf = "picoCTF{bAsE_64_eNCoDiNg_iS_EAsY_}"
+        hexdigits = "{:08}".format(random.randrange(16**8))
+        while (((len(bf) + len(hexdigits))*8) % 6 != 0):
+            hexdigits = hexdigits[:-1]
+        return "picoCTF{bAsE_64_eNCoDiNg_iS_EAsY_%s}" % hexdigits
+
+    def initialize(self):
+        self.pwd = base64.b64encode((self.flag).encode()).decode()

Diff for: auth1/problem.json

@@ -0,0 +1,9 @@
+{
+    "name": "Radix's Terminal",
+    "category": "Reversing",
+    "description" : "Can you find the password to {{url_for(\"radix\", display=\"Radix's login\")}}? You can also find the executable in  {{directory}}?",
+    "hints" : ["https://en.wikipedia.org/wiki/Base64"],
+    "score" : 1,
+    "author": "speeeday",
+    "organization": "picoCTF"
+}

Diff for: auth1/writeup.txt

@@ -0,0 +1,3 @@
+If we look at the check_password function we see that they are comparing the obfuscated input to 'cGljb0NURntiQXNFXzY0X2VOQ29EaU5nX2lTX0VBc1l9'
+
+If we pop that into a base64 decoder we get picoCTF{bAsE_64_eNCoDiNg_iS_EAsY}