Create README.md

quasar098 · May 6, 2024 · 3e3b09c · 3e3b09c
1 parent 57c15ec
commit 3e3b09c
Showing 1 changed file with 143 additions and 0 deletions.
diff --git a/squ1rrel-ctf-2024/squirrel-terminal/README.md b/squ1rrel-ctf-2024/squirrel-terminal/README.md
@@ -0,0 +1,143 @@
+# squirrel terminal
+
+## problem
+
+![image](https://github.com/quasar098/ctf-writeups/assets/70716985/a7916515-0b46-4f33-ba6f-0c4b46ff12b4)
+
+see [./xterm_fun.bin](./xterm_fun.bin)
+
+## solution
+
+we can see that the xterm_fun.bin is comprised of 
+
+```
+quasar@quasar098:~/Downloads$ cat xterm_fun.bin | xxd
+00000000: 1b5b 3c30 3b31 323b 324d 1b5b 3c30 3b35  .[<0;12;2M.[<0;5
+00000010: 3b38 6d1b 5b3c 303b 333b 324d 1b5b 3c30  ;8m.[<0;3;2M.[<0
+00000020: 3b31 323b 376d 1b5b 3c30 3b31 393b 334d  ;12;7m.[<0;19;3M
+00000030: 1b5b 3c30 3b32 323b 376d 1b5b 3c30 3b32  .[<0;22;7m.[<0;2
+00000040: 323b 384d 1b5b 3c30 3b32 373b 336d 1b5b  2;8M.[<0;27;3m.[
+00000050: 3c30 3b32 363b 334d 1b5b 3c30 3b33 303b  <0;26;3M.[<0;30;
+00000060: 376d 1b5b 3c30 3b33 323b 384d 1b5b 3c30  7m.[<0;32;8M.[<0
+00000070: 3b33 353b 336d 1b5b 3c30 3b34 323b 384d  ;35;3m.[<0;42;8M
+00000080: 1b5b 3c30 3b34 323b 336d 1b5b 3c30 3b34  .[<0;42;3m.[<0;4
+00000090: 313b 334d 1b5b 3c30 3b34 363b 336d 1b5b  1;3M.[<0;46;3m.[
+000000a0: 3c30 3b35 353b 344d 1b5b 3c30 3b36 303b  <0;55;4M.[<0;60;
+000000b0: 326d 1b5b 3c30 3b36 303b 324d 1b5b 3c30  2m.[<0;60;2M.[<0
+000000c0: 3b36 303b 396d 1b5b 3c30 3b35 363b 394d  ;60;9m.[<0;56;9M
+000000d0: 1b5b 3c30 3b36 333b 396d 1b5b 3c30 3b37  .[<0;63;9m.[<0;7
+000000e0: 353b 314d 1b5b 3c30 3b37 343b 376d 1b5b  5;1M.[<0;74;7m.[
+000000f0: 3c30 3b37 323b 344d 1b5b 3c30 3b37 363b  <0;72;4M.[<0;76;
+00000100: 346d 1b5b 3c30 3b38 383b 334d 1b5b 3c30  4m.[<0;88;3M.[<0
+00000110: 3b39 313b 316d 1b5b 3c30 3b39 313b 314d  ;91;1m.[<0;91;1M
+00000120: 1b5b 3c30 3b39 303b 376d 1b5b 3c30 3b38  .[<0;90;7m.[<0;8
+00000130: 373b 374d 1b5b 3c30 3b39 353b 376d 1b5b  7;7M.[<0;95;7m.[
+00000140: 3c30 3b31 3035 3b37 4d1b 5b3c 303b 3130  <0;105;7M.[<0;10
+00000150: 353b 336d 1b5b 3c30 3b31 3035 3b33 4d1b  5;3m.[<0;105;3M.
+00000160: 5b3c 303b 3131 313b 336d 1b5b 3c30 3b31  [<0;111;3m.[<0;1
+00000170: 3131 3b33 4d1b 5b3c 303b 3131 313b 396d  11;3M.[<0;111;9m
+00000180: 1b5b 3c30 3b31 3237 3b33 4d1b 5b3c 303b  .[<0;127;3M.[<0;
+00000190: 3132 313b 346d 1b5b 3c30 3b31 3230 3b34  121;4m.[<0;120;4
+000001a0: 4d1b 5b3c 303b 3131 393b 386d 1b5b 3c30  M.[<0;119;8m.[<0
+000001b0: 3b31 3139 3b39 4d1b 5b3c 303b 3132 343b  ;119;9M.[<0;124;
+000001c0: 396d 1b5b 3c30 3b31 3234 3b35 4d1b 5b3c  9m.[<0;124;5M.[<
+000001d0: 303b 3132 343b 3132 6d1b 5b3c 303b 3132  0;124;12m.[<0;12
+000001e0: 343b 3132 4d1b 5b3c 303b 3131 383b 3132  4;12M.[<0;118;12
+000001f0: 6d1b 5b3c 303b 3133 303b 384d 1b5b 3c30  m.[<0;130;8M.[<0
+00000200: 3b31 3335 3b38 6d1b 5b3c 303b 3134 343b  ;135;8m.[<0;144;
+00000210: 344d 1b5b 3c30 3b31 3430 3b37 6d1b 5b3c  4M.[<0;140;7m.[<
+00000220: 303b 3133 383b 344d 1b5b 3c30 3b31 3433  0;138;4M.[<0;143
+00000230: 3b37 6d1b 5b3c 303b 3134 383b 344d 1b5b  ;7m.[<0;148;4M.[
+00000240: 3c30 3b31 3531 3b32 6d1b 5b3c 303b 3135  <0;151;2m.[<0;15
+00000250: 323b 324d 1b5b 3c30 3b31 3532 3b37 6d1b  2;2M.[<0;152;7m.
+00000260: 5b3c 303b 3134 383b 374d 1b5b 3c30 3b31  [<0;148;7M.[<0;1
+00000270: 3534 3b37 6d1b 5b3c 303b 3136 343b 334d  54;7m.[<0;164;3M
+00000280: 1b5b 3c30 3b31 3539 3b33 6d1b 5b3c 303b  .[<0;159;3m.[<0;
+00000290: 3135 383b 334d 1b5b 3c30 3b31 3538 3b36  158;3M.[<0;158;6
+000002a0: 6d1b 5b3c 303b 3135 383b 364d 1b5b 3c30  m.[<0;158;6M.[<0
+000002b0: 3b31 3633 3b36 6d1b 5b3c 303b 3136 343b  ;163;6m.[<0;164;
+000002c0: 364d 1b5b 3c30 3b31 3633 3b38 6d1b 5b3c  6M.[<0;163;8m.[<
+000002d0: 303b 3136 323b 384d 1b5b 3c30 3b31 3537  0;162;8M.[<0;157
+000002e0: 3b39 6d1b 5b3c 303b 3137 353b 364d 1b5b  ;9m.[<0;175;6M.[
+000002f0: 3c30 3b31 3739 3b36 6d1b 5b3c 303b 3139  <0;179;6m.[<0;19
+00000300: 313b 334d 1b5b 3c30 3b31 3836 3b37 6d1b  1;3M.[<0;186;7m.
+00000310: 5b3c 303b 3138 333b 334d 1b5b 3c30 3b31  [<0;183;3M.[<0;1
+00000320: 3931 3b38 6d1b 5b3c 303b 343b 3136 4d1b  91;8m.[<0;4;16M.
+00000330: 5b3c 303b 353b 3232 6d1b 5b3c 303b 353b  [<0;5;22m.[<0;5;
+00000340: 3139 4d1b 5b3c 303b 3134 3b31 396d 1b5b  19M.[<0;14;19m.[
+00000350: 3c30 3b31 343b 3135 4d1b 5b3c 303b 3135  <0;14;15M.[<0;15
+00000360: 3b32 356d 1b5b 3c30 3b32 393b 3234 4d1b  ;25m.[<0;29;24M.
+00000370: 5b3c 303b 3238 3b31 366d 1b5b 3c30 3b32  [<0;28;16m.[<0;2
+00000380: 373b 3136 4d1b 5b3c 303b 3232 3b32 316d  7;16M.[<0;22;21m
+00000390: 1b5b 3c30 3b32 313b 3231 4d1b 5b3c 303b  .[<0;21;21M.[<0;
+000003a0: 3333 3b32 316d 1b5b 3c30 3b34 323b 3234  33;21m.[<0;42;24
+000003b0: 4d1b 5b3c 303b 3430 3b31 396d 1b5b 3c30  M.[<0;40;19m.[<0
+000003c0: 3b34 303b 3138 4d1b 5b3c 303b 3436 3b31  ;40;18M.[<0;46;1
+000003d0: 386d 1b5b 3c30 3b35 353b 3231 4d1b 5b3c  8m.[<0;55;21M.[<
+000003e0: 303b 3530 3b32 326d 1b5b 3c30 3b34 393b  0;50;22m.[<0;49;
+000003f0: 3232 4d1b 5b3c 303b 3530 3b32 356d 1b5b  22M.[<0;50;25m.[
+00000400: 3c30 3b35 303b 3235 4d1b 5b3c 303b 3535  <0;50;25M.[<0;55
+00000410: 3b32 356d 1b5b 3c30 3b35 363b 3235 4d1b  ;25m.[<0;56;25M.
+00000420: 5b3c 303b 3535 3b31 366d 1b5b 3c30 3b36  [<0;55;16m.[<0;6
+00000430: 323b 3235 4d1b 5b3c 303b 3636 3b32 346d  2;25M.[<0;66;24m
+00000440: 1b5b 3c30 3b37 333b 3230 4d1b 5b3c 303b  .[<0;73;20M.[<0;
+00000450: 3731 3b32 356d 1b5b 3c30 3b36 383b 3231  71;25m.[<0;68;21
+00000460: 4d1b 5b3c 303b 3735 3b32 346d 1b5b 3c30  M.[<0;75;24m.[<0
+00000470: 3b37 393b 3230 4d1b 5b3c 303b 3834 3b32  ;79;20M.[<0;84;2
+00000480: 316d 1b5b 3c30 3b38 343b 3231 4d1b 5b3c  1m.[<0;84;21M.[<
+00000490: 303b 3835 3b32 346d 1b5b 3c30 3b38 353b  0;85;24m.[<0;85;
+000004a0: 3234 4d1b 5b3c 303b 3830 3b32 356d 1b5b  24M.[<0;80;25m.[
+000004b0: 3c30 3b37 393b 3235 4d1b 5b3c 303b 3739  <0;79;25M.[<0;79
+000004c0: 3b32 366d 1b5b 3c30 3b37 393b 3237 4d1b  ;26m.[<0;79;27M.
+000004d0: 5b3c 303b 3836 3b32 376d 1b5b 3c30 3b39  [<0;86;27m.[<0;9
+000004e0: 383b 3231 4d1b 5b3c 303b 3931 3b32 336d  8;21M.[<0;91;23m
+000004f0: 1b5b 3c30 3b39 313b 3232 4d1b 5b3c 303b  .[<0;91;22M.[<0;
+00000500: 3931 3b32 346d 1b5b 3c30 3b39 313b 3234  91;24m.[<0;91;24
+00000510: 4d1b 5b3c 303b 3931 3b32 346d 1b5b 3c30  M.[<0;91;24m.[<0
+00000520: 3b39 313b 3235 4d1b 5b3c 303b 3937 3b32  ;91;25M.[<0;97;2
+00000530: 346d 1b5b 3c30 3b39 373b 3234 4d1b 5b3c  4m.[<0;97;24M.[<
+00000540: 303b 3937 3b32 376d 1b5b 3c30 3b39 373b  0;97;27m.[<0;97;
+00000550: 3237 4d1b 5b3c 303b 3930 3b32 386d 1b5b  27M.[<0;90;28m.[
+00000560: 3c30 3b31 3131 3b32 374d 1b5b 3c30 3b31  <0;111;27M.[<0;1
+00000570: 3131 3b32 306d 1b5b 3c30 3b31 3130 3b31  11;20m.[<0;110;1
+00000580: 394d 1b5b 3c30 3b31 3036 3b32 336d 1b5b  9M.[<0;106;23m.[
+00000590: 3c30 3b31 3036 3b32 334d 1b5b 3c30 3b31  <0;106;23M.[<0;1
+000005a0: 3135 3b32 336d 1b5b 3c30 3b31 3233 3b32  15;23m.[<0;123;2
+000005b0: 304d 1b5b 3c30 3b31 3239 3b32 316d 1b5b  0M.[<0;129;21m.[
+000005c0: 3c30 3b31 3238 3b32 314d 1b5b 3c30 3b31  <0;128;21M.[<0;1
+000005d0: 3238 3b32 386d                           28;28m
+```
+
+the `\x1b` character is the `ESC` in ascii. this reminds me of ansi escape codes
+
+[here](https://invisible-island.net/xterm/ctlseqs/ctlseqs.html) is some documentation describing xterm control sequences.
+
+![image](https://github.com/quasar098/ctf-writeups/assets/70716985/15434b26-b017-4515-98d2-f939b1583aca)
+
+![image](https://github.com/quasar098/ctf-writeups/assets/70716985/6575b251-e779-413f-af5e-924e6f74d231)
+
+so `ESC` + `[` is `CSI`
+
+![image](https://github.com/quasar098/ctf-writeups/assets/70716985/0664b03e-90fe-438a-8a37-389dab35bbc5)
+
+so `ESC` + `[` + `<` is followed by the button value and coordinates. we can see that each button press is followed by a button release always. there is no double press or anything
+
+we can scrape the file for coordinates. see [this tfw recipe](https://quasar.name/text-format-wizard/#eyJyZWNpcGUiOlt7Im1vZHVsZVR5cGUiOiJlNWNjMWM4Yi02MjA3LTVjZjQtOTMzZS1jYzA2YjdlNjBiNmQiLCJhcmdzIjp7ImZvcm1hdCI6IlslMCUsICUxJV0sIiwicmVnZXgiOiJcXGQrOyhcXGQrKTsoXFxkKykifX0seyJtb2R1bGVUeXBlIjoiODM3ZDA3YjItYTMyMS01MjM2LTlmYjgtMTk4MDFlMTk3NTViIiwiYXJncyI6eyJmb3JtYXQiOiIgIiwicmVtb3ZlIjoiXFxuIn19XSwiaW5wdXQiOiJcdTAwMWJbPDA7MTI7Mk1cdTAwMWJbPDA7NTs4bVx1MDAxYls8MDszOzJNXHUwMDFiWzwwOzEyOzdtXHUwMDFiWzwwOzE5OzNNXHUwMDFiWzwwOzIyOzdtXHUwMDFiWzwwOzIyOzhNXHUwMDFiWzwwOzI3OzNtXHUwMDFiWzwwOzI2OzNNXHUwMDFiWzwwOzMwOzdtXHUwMDFiWzwwOzMyOzhNXHUwMDFiWzwwOzM1OzNtXHUwMDFiWzwwOzQyOzhNXHUwMDFiWzwwOzQyOzNtXHUwMDFiWzwwOzQxOzNNXHUwMDFiWzwwOzQ2OzNtXHUwMDFiWzwwOzU1OzRNXHUwMDFiWzwwOzYwOzJtXHUwMDFiWzwwOzYwOzJNXHUwMDFiWzwwOzYwOzltXHUwMDFiWzwwOzU2OzlNXHUwMDFiWzwwOzYzOzltXHUwMDFiWzwwOzc1OzFNXHUwMDFiWzwwOzc0OzdtXHUwMDFiWzwwOzcyOzRNXHUwMDFiWzwwOzc2OzRtXHUwMDFiWzwwOzg4OzNNXHUwMDFiWzwwOzkxOzFtXHUwMDFiWzwwOzkxOzFNXHUwMDFiWzwwOzkwOzdtXHUwMDFiWzwwOzg3OzdNXHUwMDFiWzwwOzk1OzdtXHUwMDFiWzwwOzEwNTs3TVx1MDAxYls8MDsxMDU7M21cdTAwMWJbPDA7MTA1OzNNXHUwMDFiWzwwOzExMTszbVx1MDAxYls8MDsxMTE7M01cdTAwMWJbPDA7MTExOzltXHUwMDFiWzwwOzEyNzszTVx1MDAxYls8MDsxMjE7NG1cdTAwMWJbPDA7MTIwOzRNXHUwMDFiWzwwOzExOTs4bVx1MDAxYls8MDsxMTk7OU1cdTAwMWJbPDA7MTI0OzltXHUwMDFiWzwwOzEyNDs1TVx1MDAxYls8MDsxMjQ7MTJtXHUwMDFiWzwwOzEyNDsxMk1cdTAwMWJbPDA7MTE4OzEybVx1MDAxYls8MDsxMzA7OE1cdTAwMWJbPDA7MTM1OzhtXHUwMDFiWzwwOzE0NDs0TVx1MDAxYls8MDsxNDA7N21cdTAwMWJbPDA7MTM4OzRNXHUwMDFiWzwwOzE0Mzs3bVx1MDAxYls8MDsxNDg7NE1cdTAwMWJbPDA7MTUxOzJtXHUwMDFiWzwwOzE1MjsyTVx1MDAxYls8MDsxNTI7N21cdTAwMWJbPDA7MTQ4OzdNXHUwMDFiWzwwOzE1NDs3bVx1MDAxYls8MDsxNjQ7M01cdTAwMWJbPDA7MTU5OzNtXHUwMDFiWzwwOzE1ODszTVx1MDAxYls8MDsxNTg7Nm1cdTAwMWJbPDA7MTU4OzZNXHUwMDFiWzwwOzE2Mzs2bVx1MDAxYls8MDsxNjQ7Nk1cdTAwMWJbPDA7MTYzOzhtXHUwMDFiWzwwOzE2Mjs4TVx1MDAxYls8MDsxNTc7OW1cdTAwMWJbPDA7MTc1OzZNXHUwMDFiWzwwOzE3OTs2bVx1MDAxYls8MDsxOTE7M01cdTAwMWJbPDA7MTg2OzdtXHUwMDFiWzwwOzE4MzszTVx1MDAxYls8MDsxOTE7OG1cdTAwMWJbPDA7NDsxNk1cdTAwMWJbPDA7NTsyMm1cdTAwMWJbPDA7NTsxOU1cdTAwMWJbPDA7MTQ7MTltXHUwMDFiWzwwOzE0OzE1TVx1MDAxYls8MDsxNTsyNW1cdTAwMWJbPDA7Mjk7MjRNXHUwMDFiWzwwOzI4OzE2bVx1MDAxYls8MDsyNzsxNk1cdTAwMWJbPDA7MjI7MjFtXHUwMDFiWzwwOzIxOzIxTVx1MDAxYls8MDszMzsyMW1cdTAwMWJbPDA7NDI7MjRNXHUwMDFiWzwwOzQwOzE5bVx1MDAxYls8MDs0MDsxOE1cdTAwMWJbPDA7NDY7MThtXHUwMDFiWzwwOzU1OzIxTVx1MDAxYls8MDs1MDsyMm1cdTAwMWJbPDA7NDk7MjJNXHUwMDFiWzwwOzUwOzI1bVx1MDAxYls8MDs1MDsyNU1cdTAwMWJbPDA7NTU7MjVtXHUwMDFiWzwwOzU2OzI1TVx1MDAxYls8MDs1NTsxNm1cdTAwMWJbPDA7NjI7MjVNXHUwMDFiWzwwOzY2OzI0bVx1MDAxYls8MDs3MzsyME1cdTAwMWJbPDA7NzE7MjVtXHUwMDFiWzwwOzY4OzIxTVx1MDAxYls8MDs3NTsyNG1cdTAwMWJbPDA7Nzk7MjBNXHUwMDFiWzwwOzg0OzIxbVx1MDAxYls8MDs4NDsyMU1cdTAwMWJbPDA7ODU7MjRtXHUwMDFiWzwwOzg1OzI0TVx1MDAxYls8MDs4MDsyNW1cdTAwMWJbPDA7Nzk7MjVNXHUwMDFiWzwwOzc5OzI2bVx1MDAxYls8MDs3OTsyN01cdTAwMWJbPDA7ODY7MjdtXHUwMDFiWzwwOzk4OzIxTVx1MDAxYls8MDs5MTsyM21cdTAwMWJbPDA7OTE7MjJNXHUwMDFiWzwwOzkxOzI0bVx1MDAxYls8MDs5MTsyNE1cdTAwMWJbPDA7OTE7MjRtXHUwMDFiWzwwOzkxOzI1TVx1MDAxYls8MDs5NzsyNG1cdTAwMWJbPDA7OTc7MjRNXHUwMDFiWzwwOzk3OzI3bVx1MDAxYls8MDs5NzsyN01cdTAwMWJbPDA7OTA7MjhtXHUwMDFiWzwwOzExMTsyN01cdTAwMWJbPDA7MTExOzIwbVx1MDAxYls8MDsxMTA7MTlNXHUwMDFiWzwwOzEwNjsyM21cdTAwMWJbPDA7MTA2OzIzTVx1MDAxYls8MDsxMTU7MjNtXHUwMDFiWzwwOzEyMzsyME1cdTAwMWJbPDA7MTI5OzIxbVx1MDAxYls8MDsxMjg7MjFNXHUwMDFiWzwwOzEyODsyOG0ifQ==)
+
+then we can group them using python and then put it into desmos using polygons
+
+```py
+[print(f"\\polygon\\left(\\left({coords[i][0]}, {coords[i][1]}\\right), \\left({coords[i+1][0]}, {coords[i+1][1]}\\right)\\right)") for i in range(0, len(coords), 2)]
+```
+
+![image](https://github.com/quasar098/ctf-writeups/assets/70716985/06f7bf67-6e89-4872-be17-f0eceac14229)
+
+this is not readable. this is because (0, 0) is actually the top left, not the bottom left. so we can flip across the x axis.
+
+```py
+[print(f"\\polygon\\left(\\left({coords[i][0]}, {-coords[i][1]}\\right), \\left({coords[i+1][0]}, {-coords[i+1][1]}\\right)\\right)") for i in range(0, len(coords), 2)]
+```
+
+so we can just wrap this and submit it
+
+![image](https://github.com/quasar098/ctf-writeups/assets/70716985/8e27175b-e75c-416c-812a-915c742d4a50)