> For the complete documentation index, see [llms.txt](https://jedi.gitbook.io/jedi/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://jedi.gitbook.io/jedi/ctf-archive/downunderctf-2025/yodawg-147-pts.md). # YoDawg (147 pts) ### Description Dear CSI, We found this file on a USB drive, it seems to be some sort of gamified cyber skilled based learning system thingy? Maybe if all of the challenges are sold we will get some answers, or maybe it is just the friends we make along the way. Note - This may produce false positives with your virus scanner. Regards,\ Nosurf #### Attachments * [yo-dawg.zip](https://storage.googleapis.com/downunderctf-2025-noctf-files/noctf-files/p06yDnjgfjtrsrHvd0sEJ?X-Amz-Algorithm=AWS4-HMAC-SHA256\&X-Amz-Credential=GOOG1ELBSKCSEHWDHBGZCFZBP3RXLJBHVAZJTTYKCMYMRJRM6O5N35G46S26H%2F20250721%2Fauto%2Fs3%2Faws4_request\&X-Amz-Date=20250721T120000Z\&X-Amz-Expires=1200\&X-Amz-SignedHeaders=host\&X-Amz-Signature=a92f13543abc9d6ea75ad9af05f4335fc393286bc2df403ed49eadf4b527e2c9) ### Solution We were given a zip file. Inside, we get several files as follows ``` jedi@aqua: /mnt/d/CTF/ductf/misc/yo-dawg $ ls [19:07:38] 'Yo Dawg.deps.json' 'Yo Dawg.dll' 'Yo Dawg.exe' 'Yo Dawg.runtimeconfig.json' jedi@aqua: /mnt/d/CTF/ductf/misc/yo-dawg $ file Yo\ Dawg.dll [19:07:39] Yo Dawg.dll: PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections jedi@aqua: /mnt/d/CTF/ductf/misc/yo-dawg $ file Yo\ Dawg.exe [19:07:53] Yo Dawg.exe: PE32+ executable (GUI) x86-64, for MS Windows, 7 sections ``` We see that the .dll is a 32-bit .NET assembly, while the .exe is a 64-bit native Windows GUI executable. Here, i have 2 approach 1. Open the .dll using **dotpeek** 2. Run the .exe file and see how it works When we open the .dll file using dotpeek, we see that there are several "form". In form1, we saw this

There is a variable named **lbCTFTitle.Text**, and the value is **YO DAWG CTF 2025** There is also a function **d()** that probably list the challenge inside

When we try to run the .exe file, we saw this

From here, we can assume that we need to get the flag of each challenge to get the flag #### Welcome ``` Heard you like CTFs, so here's another CTF in the DUCTF! The flag format for this CTF is ydctf{some_text} Good luck! ...oh, your first flag? Here it is! ydctf{s0mething_1s_wr0ng} ``` We get the first flag by simply copy and paste it `ydctf{s0mething_1s_wr0ng}`

#### Hidden ``` There's a flag somewhere hidden here... I wonder where it is? Time to channel Inspector Morse! Flag format: ydctf{...} ``` To find the flag, we need to check **dotpeek** again. We see in the variable **lbHidden.Text**, there is a morse code.

We can try to convert it to get the flag

`YDCTF{HIDDENFLAGNOTSOHIDDEN}`

#### Deeper ``` I wonder if you're connected to the Internet... Can you solve the easiest RSA ever? Go get it :) http://pastebin.com/tK8PFRhA ``` Inside the pastebin, we get this data ``` n = 134995596339263906364650042879218690804636051969803060327341006918906219701871373267641203454219249589885364856414727976145795558649019334400706818997156295194002540549348224335820431341746858682831145870760296688552893053945533239982236058292620771496924967301973679586874984087016314758930354348923476779669 e = 65537 c = 69942350419946767506345128529425495489283491089474687791937626592410531523906950815924944348938594154233834152367027685926503406302513787705918832376135541106323504321024539733768444780639669173742768253534729267483408610794975624076605589114620168690234573082137589585730517788273985226086330327586276612491 p = 12347237270477958961788304962214070527659642053458163016362914018933001634467295346381421813235616243811654194550990042394688050113879996006954916978208993 q = 10933263318915572696351286556191402769398472611952670383866334702901100179649513873715034012424560855818813105922996981430536446597319054410065510024545333 ``` We simply need to decrypt c using p and q. This is the solver that i use ```python from Crypto.Util.number import inverse, long_to_bytes n = 134995596339263906364650042879218690804636051969803060327341006918906219701871373267641203454219249589885364856414727976145795558649019334400706818997156295194002540549348224335820431341746858682831145870760296688552893053945533239982236058292620771496924967301973679586874984087016314758930354348923476779669 e = 65537 c = 69942350419946767506345128529425495489283491089474687791937626592410531523906950815924944348938594154233834152367027685926503406302513787705918832376135541106323504321024539733768444780639669173742768253534729267483408610794975624076605589114620168690234573082137589585730517788273985226086330327586276612491 p = 12347237270477958961788304962214070527659642053458163016362914018933001634467295346381421813235616243811654194550990042394688050113879996006954916978208993 q = 10933263318915572696351286556191402769398472611952670383866334702901100179649513873715034012424560855818813105922996981430536446597319054410065510024545333 phi = (p - 1) * (q - 1) d = inverse(e, phi) m = pow(c, d, n) plaintext = long_to_bytes(m) print(plaintext) ```

`ydctf{rsa_erry_day}`

#### Even Deeper ``` Tell me your username The flag format for this CTF is ydctf{yourusername} ``` To find out more about this challenge, we need to check dotpeek once again In the Form2, we see this code

The code use **Environment.UserName.ToLower()** function, which is used to get the Windows username of the current user. So, we just need to check our own username and submit it as the flag `ydctf{}`

#### Truth from Vaas ``` Did I ever tell you the definition of insanity? Who was the voice actor who played Vaas Montenegro? The flag format for this CTF is ydctf{firstname_surname} ``` For this, we just need to search in the google for the answer

`ydctf{michael_mando}`

#### Salads ``` I'm always thinking about food, this isn't helping... I got passed this note when I was working at the cafe, what kind of salad is this?! Can you decrypt?: putkw{jltyzjczwv} ``` This is a reference to **Caesar Salad**, so we can assume that this is Caesar Cipher

`ydctf{suchislife}`

Pretty scary now :fearful: #### Passwords ``` Another breach, another password reset. I wonder what password they grabbed? 5E320E0CCC5EE5291FAE1E60A1CD72EB1F6FA4AE26EA180F86CE694832DC4E72DCCFDBF3EABBE12FD86F1D51806F15F3294C5F7038BF21DA6AA75D1F09DF07C2 Flag format: ydctf{...} ``` We were given a hash. We can check it using [CrackStation](https://crackstation.net/)

`ydctf{ihatehackers}`

#### Rotten ``` Study Cyber they said. Get to hack stuff they said. Then why am I needing to decode ciphers? HOW IS THIS HELPING? I mean, can you solve the following? J54E7L5@0J@F0ECFDE0>J04@56nN ``` From the title of the challenge, i assume that this is a ROT (rotate) cipher. We can try to decode it. But first, we need to identify what ROT is this Using [Cipher Identifier](https://www.dcode.fr/cipher-identifier), we can see that there is a chance this is related to ROT-47 Cipher

We use the [ROT-47 decoder](https://www.dcode.fr/rot-47-cipher), and we manage to get the flag

`ydctf{do_you_trust_my_code?}`

#### Inception We now able to click the last challenge in the right bottom corner After we click it, we get a new challenge called **HACKER CTF 1995.**

We need to answer all of the challenge to finally get the flag #### DES ENCRYPTION ``` Can you DES? CMpZlgYbgEc6eTSNUPXvww== with key 'hack\0\0\0\0' (the \0 is the padding) ``` We can use [DES Decryptor](https://anycript.com/crypto/des) to do this

`flag{des4eva}`

#### DEFCON 3 QUIZ ``` Which Casino is hosting (one word)? ``` We need to search in google about the Casino that host DEFCON 3. We find out the place that host DEFCON 3 is Tropicana Resort & Casino

`Tropicana`

#### MOVIE QUIZ ``` What is the best line in the Hackers movie (three words)? ``` Another question that force us to use our googling skill. We see that the "best line" with three words is **Hack the planet!**

**`Hack the planet!`**

Finally, we get the ciphertext for the Flag. So, we can just check it using the DES Decryptor earlier that we get ### Flag

`DUCTF{1995_to_2025}` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://jedi.gitbook.io/jedi/ctf-archive/downunderctf-2025/yodawg-147-pts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.