$ cat writeup.md…
$ cat writeup.md…
pingCTF
Task: Python stack machine checker using exp/ln operations to validate 32-char flag. Solution: Recognize log/exp identities implement multiplication, recover polynomial coefficients via greedy search in base 73.21.
$ cat /etc/rate-limit
Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.
rev with source code? in python? with symbols? oh my....
Given a Python script generated.py that implements a stack machine using exp() and ln() operations with high-precision Decimal arithmetic. The script reads a flag and validates it through a series of stack operations.
The checker uses a simple stack machine with these primitives:
from decimal import Decimal, getcontext CTX = getcontext() CTX.prec = 400 # High precision stack = [] OMEGA = Decimal("-inf") def E(): a = stack.pop() b = stack.pop() stack.append((Decimal(0.0) if a == OMEGA else CTX.exp(a)) - CTX.ln(b)) def s(): # swap stack[-1], stack[-2] = stack[-2], stack[-1] def one(): stack.append(Decimal('1')) def neg_inf(): stack.append(Decimal('-Infinity')) def push_inp(): global inp stack.append(Decimal(ord(inp[0]) - 48)) inp = inp[1:]
The core operation E() computes: exp(a) - ln(b) where a and b are popped from the stack.
Key insight: When combined with specific patterns of one(), s(), and neg_inf(), this implements multiplication using logarithm identities:
exp(ln(a) + ln(b)) = a * bln(exp(x)) = xThe repeated instruction patterns effectively chain multiplications.
Each input character is encoded as ord(char) - 48:
'0' → 0, '9' → 9'A' → 17, 'Z' → 42'a' → 49, 'z' → 74'{' → 75, '}' → 77, '_' → 47Through tracing, the checker processes 32 characters in 4 groups of 8. Each group computes a polynomial:
P(group) = sum(73.21^(k+1) * char[k] for k in range(8))
This is essentially a base-73.21 number representation where each character contributes a weighted term.
The checker embeds 4 target constants and validates that each group's polynomial matches:
...