From 553522c799fe52326e6228c9b4b601fb1835e69c Mon Sep 17 00:00:00 2001 From: haskal Date: Tue, 26 May 2020 06:27:26 -0400 Subject: [PATCH] huge major cleanup for pdf generation --- Makefile | 5 +- aaaa/attitude-adjustment/README.md | 8 +-- aaaa/digital-filters-meh/README.md | 6 +- aaaa/seeing-stars/README.md | 16 +---- comms/56k/README.md | 91 ++++++++++++++++++++-------- fonts.tex | 2 +- payload/leakycrypto/README.md | 6 +- satellite-bus/bytes-away/README.md | 4 +- satellite-bus/magic-bus/README.md | 67 +++++++++----------- space/good-plan-great-plan/README.md | 4 +- top.md | 2 +- 11 files changed, 113 insertions(+), 98 deletions(-) diff --git a/Makefile b/Makefile index ca7fa0f..f104c03 100644 --- a/Makefile +++ b/Makefile @@ -17,8 +17,9 @@ $(WRITEUP_PDF): $(DOCS_ALL) fonts.tex top.md @echo "GEN writeup.md" @mkdir build/ 2>/dev/null || true @find . -mindepth 3 -iname '*.png' -exec cp {} build/ \; + @find . -mindepth 3 -iname '*.py' -exec cp {} build/ \; @cp fonts.tex build/fonts.tex - @for md in top.md $(DOCS_ALL); do cat $$md; done > build/writeup.md + @for md in top.md $(DOCS_ALL); do cat $$md; printf "\n\n----------\n\n"; done > build/writeup.md @echo "PDF writeup.pdf" - @cd build && pandoc -i writeup.md --pdf-engine=lualatex -o writeup.pdf + @cd build && pandoc -f markdown-implicit_figures -i writeup.md --pdf-engine=lualatex -o writeup.pdf @cp build/writeup.pdf $@ diff --git a/aaaa/attitude-adjustment/README.md b/aaaa/attitude-adjustment/README.md index 710c06d..4bd6499 100644 --- a/aaaa/attitude-adjustment/README.md +++ b/aaaa/attitude-adjustment/README.md @@ -53,7 +53,7 @@ Note that I threw in an inversion of the rotation matrix; this is because I shou Then we just grabbed each challenge from the computer, aligned the sets, and spat the orientation of the satellite back at the server to get ```{.python} -TICKET = 'ticket{papa21503yankee:GGntHycE-_FqMqGbIoz7rKZD-MzEraoec3dRGU21ExVYGGYFLJQQlRLqNLWn8D4ghQ}' +TICKET = 'THE_TICKET' r = tubes.remote.remote('attitude.satellitesabove.me', 5012) r.send(TICKET+'\n') time.sleep(0.5) @@ -73,6 +73,6 @@ The flag should get printed out on stdout by the final line. ``` ## Resources and other writeups -- https://en.wikipedia.org/wiki/Orthogonal_Procrustes_problem -- https://en.wikipedia.org/wiki/Kabsch_algorithm -- https://github.com/charnley/rmsd/tree/master \ No newline at end of file +- +- +- diff --git a/aaaa/digital-filters-meh/README.md b/aaaa/digital-filters-meh/README.md index c924585..f46f35d 100644 --- a/aaaa/digital-filters-meh/README.md +++ b/aaaa/digital-filters-meh/README.md @@ -99,7 +99,7 @@ Hook up to the server: sep = ',' r = remote('filter.satellitesabove.me', 5014) r.clean() -r.send('ticket{foxtrot78531papa:GLliqPNOiBYZl7OwLiZCOx2yfdmbyO6cdgrfcNRC8iMPcJgy0YQ_H1kBeWTloVB_-w}\n') +r.send('THE_TICKET') time.sleep(0.1) ``` @@ -134,7 +134,3 @@ while True: ``` When we see that string, the script jumps to `pwnlib.tubes`' interactive mode and we see the flag in the dumped buffer. - -### Full code -```{.python include=meh.py} -``` \ No newline at end of file diff --git a/aaaa/seeing-stars/README.md b/aaaa/seeing-stars/README.md index d4b62df..35e54c5 100644 --- a/aaaa/seeing-stars/README.md +++ b/aaaa/seeing-stars/README.md @@ -53,6 +53,7 @@ return solve We then automated this entire process using pwnlib to connect to the server and read the data. + ### Full code ```{.python include=seeing-stars.py} ``` @@ -60,21 +61,6 @@ read the data. Run it: ``` λ has-writeup/aaaa/seeing-stars python seeing-stars.py -b'flag{juliet73678uniform:GDy7YZdtCL9mcLgYuLceK_zwgwSAoT6ui5aMGo1IMYcic9tiI8EXUHLfQDcUsjjt5KqsIvOWUYeM8IS6631Vppw}\n' -Traceback (most recent call last): - File "seeing-stars.py", line 42, in - rawdat = r.recvuntil('Enter', drop=True) - File "/usr/lib/python3.8/site-packages/pwnlib/tubes/tube.py", line 310, in recvuntil - res = self.recv(timeout=self.timeout) - File "/usr/lib/python3.8/site-packages/pwnlib/tubes/tube.py", line 82, in recv - return self._recv(numb, timeout) or b'' - File "/usr/lib/python3.8/site-packages/pwnlib/tubes/tube.py", line 160, in _recv - if not self.buffer and not self._fillbuffer(timeout): - File "/usr/lib/python3.8/site-packages/pwnlib/tubes/tube.py", line 131, in _fillbuffer - data = self.recv_raw(self.buffer.get_fill_size()) - File "/usr/lib/python3.8/site-packages/pwnlib/tubes/sock.py", line 56, in recv_raw - raise EOFError -EOFError ``` ## Resources and other writeups diff --git a/comms/56k/README.md b/comms/56k/README.md index 8ad4ccb..6e82d92 100644 --- a/comms/56k/README.md +++ b/comms/56k/README.md @@ -137,26 +137,28 @@ stuffing within the frame, since PPP will escape certain bytes with the `7d` pre byte XOR `0x20`. Finally, the frame can be passed to scapy for analysis. This is a VERY lax de-framer because sometimes frames seemed to not be started or terminated properly. - def decode(ch): - buf2 = b"" - esc = False +```python +def decode(ch): + buf2 = b"" + esc = False - for x in ch: - if x == 0x7e: - if buf2 != b"\xFF" and buf2 != b"": - print(PPP(buf2).__repr__()) - buf2 = b"" - esc = False - elif esc: - esc = False - buf2 += bytes([x^0x20]) - elif x == 0x7d: - esc = True - else: - buf2 += bytes([x]) + for x in ch: + if x == 0x7e: + if buf2 != b"\xFF" and buf2 != b"": + PPP(buf2).show() + buf2 = b"" + esc = False + elif esc: + esc = False + buf2 += bytes([x^0x20]) + elif x == 0x7d: + esc = True + else: + buf2 += bytes([x]) - if len(buf2) > 0: - print(PPP(buf2).__repr__()) + if len(buf2) > 0: + PPP(buf2).show() +``` (This code is really awful CTF code, please ignore the 200 awful spaghetti things I'm doing in this snippet.) @@ -164,15 +166,56 @@ snippet.) Now we can see what the packets mean. In particular, we spot these ones: ``` - ===================== CH 1 +###[ HDLC ]### + address = 0xff + control = 0x3 +###[ PPP Link Layer ]### + proto = Link Control Protocol +###[ PPP Link Control Protocol ]### + code = Configure-Ack + id = 0x2 + len = 28 + \options \ +..... + |###[ PPP LCP Option ]### + | type = Authentication-protocol + | len = 5 + | auth_protocol= Challenge-response authentication protocol + | algorithm = MS-CHAP +..... -, , , , , ] |>>> ->> +###[ PPP Link Layer ]### + proto = Challenge Handshake Authentication Protocol +###[ PPP Challenge Handshake Authentication Protocol ]### + code = Response + id = 0x0 + len = 67 + value_size= 49 + value = 0000000000000000000000000000000000000000000000006c2e3af0f2f7760 +2e9831310b56924f3428b05ad60c7a2b401 + optional_name= 'rocketman2674' +``` - ===================== CH 2 +and ->> ->> +``` +###[ PPP Link Layer ]### + proto = Challenge Handshake Authentication Protocol +###[ PPP Challenge Handshake Authentication Protocol ]### + code = Challenge + id = 0x0 + len = 26 + value_size= 8 + value = 12810ab88c7f1c74 + optional_name= 'GRNDSTTNA8F6C' + +###[ PPP Link Layer ]### + proto = Challenge Handshake Authentication Protocol +###[ PPP Challenge Handshake Authentication Protocol ]### + code = Success + id = 0x0 + len = 4 + data = '' ``` We can see in this exchange that the client has negotiated `MS-CHAP` authentication and then diff --git a/fonts.tex b/fonts.tex index 2c8ddd4..08c8770 100644 --- a/fonts.tex +++ b/fonts.tex @@ -15,4 +15,4 @@ \newunicodechar{⬡}{\textsymbol{⬡}} \newunicodechar{⊕}{\textsymbol{⊕}} -\setmonofont{Noto Mono} +\setmonofont{Noto Mono}[Scale=0.9] diff --git a/payload/leakycrypto/README.md b/payload/leakycrypto/README.md index d0f260a..030b844 100644 --- a/payload/leakycrypto/README.md +++ b/payload/leakycrypto/README.md @@ -6,7 +6,7 @@ Many CPUs cache RAM accesses so as to speed up subsequent accesses to the same a In the case of Leaky Crypto, a set of 100,000 plaintexts and corresponding encryption times is provided along with the first six bytes of the encryption key. We ran an analyzer program[^1] against these plaintexts to obtain the probable correlation between different indexes in the key with respect to the XOR product of those bytes with plaintext bytes. Per the above, the plaintexts and timing data provided enough information to derive the systems of equations which may be used to solve for key bytes, and the first 6 bytes of the key provided enough information to actually solve said systems of equations. Given the ambiguity of the low bits of each derived key byte, we obtained 214 partial keys with three unknown bytes each. Thus, we reduced the problem of guessing 2128 bits to guessing only 238 bits. We fed our derived partial keys into [Hulk](https://github.com/pgarba/Hulk) to brute force the remaining bytes for each candidate partial key. After 30 minutes had passed, we successfully brute forced the key. -[^1]: ```python +```python from itertools import combinations import matplotlib.pyplot as plt import numpy as np @@ -33,7 +33,7 @@ In the case of Leaky Crypto, a set of 100,000 plaintexts and corresponding encry if __name__ == '__main__': known_keybytes = bytes.fromhex("64c7072487f2") - secret_data = "c1a5fe7beb2c70bfab98926627dcff8b9671edc52441f89fa47797aa023f15f67907ee837b93cd9b194922ebb7c3ca3bd1cbfbc888efe147e80554047d82872fcee564c1bfd2e0a809568acb5cc08f4836a5f91f43b576a4ee1c6f097c15e1cd4056917fc51c1e5d8157409b11f1600d" + secret_data = "c1a5fe7beb2c70bfab98926627dcff8b9671edc52441....." data = set() with open("test.txt", "r") as fp: @@ -67,4 +67,4 @@ In the case of Leaky Crypto, a set of 100,000 plaintexts and corresponding encry known_tly[j][i][c] = cnorm guess_bytes(known_tly, known_keybytes, 4, tavg) - ``` +``` diff --git a/satellite-bus/bytes-away/README.md b/satellite-bus/bytes-away/README.md index de3f761..5602114 100644 --- a/satellite-bus/bytes-away/README.md +++ b/satellite-bus/bytes-away/README.md @@ -65,7 +65,9 @@ at any actual telemetry. ```ruby 12.upto(212) { |off| offset = off - cmd("MM PEEK_MEM with CCSDS_STREAMID 6280, CCSDS_SEQUENCE 49152, CCSDS_LENGTH 73, CCSDS_FUNCCODE 2, CCSDS_CHECKSUM 0, DATA_SIZE 8, MEM_TYPE 1, PAD_16 0, ADDR_OFFSET #{offset}, ADDR_SYMBOL_NAME 'KitToFlagPkt'") + cmd("MM PEEK_MEM with CCSDS_STREAMID 6280, CCSDS_SEQUENCE 49152, CCSDS_LENGTH 73, " + + "CCSDS_FUNCCODE 2, CCSDS_CHECKSUM 0, DATA_SIZE 8, MEM_TYPE 1, PAD_16 0, " + + "ADDR_OFFSET #{offset}, ADDR_SYMBOL_NAME 'KitToFlagPkt'") } ``` diff --git a/satellite-bus/magic-bus/README.md b/satellite-bus/magic-bus/README.md index 8abf968..da9686c 100644 --- a/satellite-bus/magic-bus/README.md +++ b/satellite-bus/magic-bus/README.md @@ -74,7 +74,8 @@ def decode_pkt(b): field4 = to_hex(b[27:30]) if b[30] != ord('?'): print('b[30] is not ?') - print(': 00:00:00 > {} {} {} @ {} {} {} ?'.format(field1, field1end, field2, field3, field3end, field4)) + print(': 00:00:00 > {} {} {} @ {} {} {} ?'.format(field1, field1end, field2, + field3, field3end, field4)) elif b[0] == ord(';'): print('delimiter') # end of previous packet? else: @@ -138,8 +139,26 @@ tried, this was extremely unlikely. We then tried reading the data sequentially from the buffer, from Juicy Data 00 to 04. Here's the entire string: -``` -Juicy Data 00\x00\xc8\xf7\xeb\x15\x96=kp\\\xc9,^\xd5\xcf\\1\x99\x19w\x9a\xc6\xa9\x08e\x8dU\x92j7,\x00\xff#\xeb\x14\xb9)\x7f)\x85HV\xe3\x1d%?O\xbeY\xc6Juicy Data 01\x00R\x01\x1e{\x81G\x00\xc9\x9d\xe3\xe7\xc2#6\x81|\xfc\xd9\x9bk:\x1fh\xf05\xce\xddw5\xca\xdc\x87\xcc\xfa\x02MA\x02\x16\xdf\xe5\xfd\xa1\x083"\x84/\xfc\x1fJuicy Data 02\x00\xc0\x8f\xe7\x02\x91\xfd\xe1w\xfb\x82\x7f.\xa5\x04^\xa1#\xf9\xd7b\xfc\xfd\xd5\xcd\x00\xc0\xd4\xce\x86ahG\xf1OI\x82M*\xf9H\xacyvQ}\xd4\xf2\xa0\xcd\xc9Juicy Data 03\x00M\xae@\x9a\xd89\xe2\x85\xb2Y\xd6/-\xc9\xd0\xfb\x92\xd2\xc4Y\xaa[ B\xc6\xb5a\x93\xb3\xc6P\x01u\x90\x9bM\xca~\xd2|\xd7\xa9\xac\x04r|\xff\x04N\xc4Juicy Data 04\x00Z\x83%$\x01\xf8\xa0\xd8\xa1L\xdc\x13\xc8\xdc\x17\x17\xa0u\x10\xbf\xf2K\xa5%\xe8\x1e\x0cK\xe8\xf3 +```hexdump +00000000: 4a75 6963 7920 4461 7461 2030 3000 c8f7 Juicy Data 00... +00000010: eb15 963d 6b70 5cc9 2c5e d5cf 5c31 9919 ...=kp\.,^..\1.. +00000020: 779a c6a9 0865 8d55 926a 372c 00ff 23eb w....e.U.j7,..#. +00000030: 14b9 297f 2985 4856 e31d 2558 58be 59c6 ..).).HV..%XX.Y. +00000040: 4a75 6963 7920 4461 7461 2030 3100 5201 Juicy Data 01.R. +00000050: 1e7b 8147 00c9 9de3 e7c2 2336 817c fcd9 .{.G......#6.|.. +00000060: 9b6b 3a1f 68f0 35ce dd77 35ca dc87 ccfa .k:.h.5..w5..... +00000070: 024d 4102 16df e5fd a108 3322 842f fc1f .MA.......3"./.. +00000080: 4a75 6963 7920 4461 7461 2030 3200 c08f Juicy Data 02... +00000090: e702 91fd e177 fb82 7f2e a504 5ea1 23f9 .....w......^.#. +000000a0: d762 fcfd d5cd 00c0 d4ce 8661 6847 f14f .b.........ahG.O +000000b0: 4982 4d2a f948 ac79 7651 7dd4 f2a0 cdc9 I.M*.H.yvQ}..... +000000c0: 4a75 6963 7920 4461 7461 2030 3300 4dae Juicy Data 03.M. +000000d0: 409a d839 e285 b259 d62f 2dc9 d0fb 92d2 @..9...Y./-..... +000000e0: c459 aa5b 2042 c6b5 6193 b3c6 5001 7590 .Y.[ B..a...P.u. +000000f0: 9b4d ca7e d27c d7a9 ac04 727c ff04 4ec4 .M.~.|....r|..N. +00000100: 4a75 6963 7920 4461 7461 2030 3400 5a83 Juicy Data 04.Z. +00000110: 2524 01f8 a0d8 a14c dc13 c8dc 1717 a075 %$.....L.......u +00000120: 10bf f24b a525 e81e 0c4b e8f3 ...K.%...K.. ``` Unfortunately, nothing meaningful was derived from this. There are a `{` and `}` with bytes between them, but they aren't flag length. @@ -168,7 +187,7 @@ of the form of `^3b+00+00+XX+.` where XX<38 shuts it down, but only 37 enables dump mode. This can probably be done with a fuzzer. Why has God abandoned us? What accursed malfunction did we do to deserve this fate? -If you send the packet `^ca+00+44+79+20+44+61+74+61+20+30+31+00+52+01+1e+7b+81+47+00+c9+9d+e3+e7+c2+23+36+81+7c+fc+d9+9b+6b+3a+1f+68+f0+35+ce+dd+77+35+ca+dc+87+cc+.`, +If you send the packet `^ca+00+44+79+20+44+61+74+61+20+30+31+00+52+01+1e+7b+81+47+00+.....+87+cc+.`, the same packet is sent back. This means that the juice packets deliminated with `\xca` are actually instructions. @@ -181,7 +200,7 @@ By playing with the packet, the format appears to go: With the inject: ``` b"^3b+00+00+37+." -b"^ca+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+." +b"^ca+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+00+....+00+00+." ``` we can query for everything in memory. And we did. @@ -191,43 +210,11 @@ we can query for everything in memory. And we did. Run it: ``` - λ has-writeup/satellite-bus/magic-bus python magic-bus.py master 2h ⬡ -Injection: ^3b+00+00+37+. -b'^3a+00+00+3e+00+00+00+33+17+43+3c+0b+68+40+41+4e+dc+a0+c0+3e+6c+a0+40+c4+96+3f+c1+f8+fc+e6+3f+.' -START: 0000003317433c0b6840414edca0c03e6ca040c4963fc1f8fce63f -: 00:00:00 > 33:17:43:3c:b:68 @ 4e:dc:a0:c0:3e:6c:a0 @ c4:96 ? f8:fc:e6 ? + λ has-writeup/satellite-bus/magic-bus python magic-bus.py +.... -b'^3b+00+00+3f+.' -ONCE CALL -delimiter - - -b'^3a+00+00+3f+00+00+00+38+94+53+40+c8+2e+40+41+01+3a+a0+c0+69+11+a1+40+7c+2e+40+c1+9b+1c+e6+3f+.' -ONCE: 00000038945340c82e4041013aa0c06911a1407c2e40c19b1ce63f -: 00:00:00 > 38:94:53:40:c8:2e @ 1:3a:a0:c0:69:11:a1 @ 7c:2e @ 9b:1c:e6 ? - - -b'^ca+00+44+79+20+44+61+74+61+20+30+31+00+52+01+1e+7b+81+47+00+c9+9d+e3+e7+c2+23+36+81+7c+fc+d9+9b+6b+3a+1f+68+f0+35+ce+dd+77+35+ca+dc+87+cc+.' -JUICE: b'\xca\x00Dy Data 01\x00R\x01\x1e{\x81G\x00\xc9\x9d\xe3\xe7\xc2#6\x81|\xfc\xd9\x9bk:\x1fh\xf05\xce\xddw5\xca\xdc\x87\xcc' - - -b'^3b+00+00+3e+.' -END CALL -delimiter - - -b'^3a+00+00+3e+00+00+00+ce+49+d5+3b+e9+6b+3f+41+8f+71+a0+c0+fa+72+a0+40+17+e5+3f+c1+51+0a+e7+3f+.' -INJECTING -END: 000000ce49d53be96b3f418f71a0c0fa72a04017e53fc1510ae73f -: 00:00:00 > ce:49:d5:3b:e9:6b ? 8f:71:a0:c0:fa:72:a0 @ 17:e5 ? 51:a:e7 ? - - -b'^3b+00+00+37+.' -SHUT DOWN SUCCESSFUL -INJECTING AGAIN -b'^ca+00+00+4a+75+69+63+79+20+44+61+74+61+20+30+30+00+c8+f7+eb+15+96+3d+6b+70+5c+c9+2c+5e+d5+cf+5c+31+99+19+77+9a+c6+a9+08+65+8d+55+92+6a+37+2c+00+ff+23+eb+14+b9+29+7f+29+85+48+56+e3+1d+25+3f+4f+be+59+c6+4a+75+69+63+79+20+44+61+74+61+20+30+31+00+52+01+1e+7b+81+47+00+c9+9d+e3+e7+c2+23+36+81+7c+fc+d9+9b+6b+3a+1f+68+f0+35+ce+dd+77+35+ca+dc+87+cc+fa+02+4d+41+02+16+df+e5+fd+a1+08+33+22+84+2f+fc+1f+4a+75+69+63+79+20+44+61+74+61+20+30+32+00+c0+8f+e7+02+91+fd+e1+77+fb+82+7f+2e+a5+04+5e+a1+23+f9+d7+62+fc+fd+d5+cd+00+c0+d4+ce+86+61+68+47+f1+4f+49+82+4d+2a+f9+48+ac+79+76+51+7d+d4+f2+a0+cd+c9+4a+75+69+63+79+20+44+61+74+61+20+30+33+00+4d+ae+40+9a+d8+39+e2+85+b2+59+d6+2f+2d+c9+d0+fb+92+d2+c4+59+aa+5b+20+42+c6+b5+61+93+b3+c6+50+01+75+90+9b+4d+ca+7e+d2+7c+d7+a9+ac+04+72+7c+ff+04+4e+c4+4a+75+69+63+79+20+44+61+74+61+20+30+34+00+5a+83+25+24+01+f8+a0+d8+a1+4c+dc+13+c8+dc+17+17+a0+75+10+bf+f2+4b+a5+25+e8+1e+0c+4b+e8+f3+23+42+76+48+66+77+40+06+4f+e1+53+2c+f4+1b+08+0c+32+a8+81+42+4a+75+69+63+79+20+44+61+74+61+20+30+35+00+2c+bb+86+6d+c2+d6+4e+15+02+43+30+0a+4f+63+b2+d0+a5+19+43+33+26+dc+a9+52+81+6a+65+1a+4e+bb+29+7b+76+af+e8+38+85+36+4d+66+6c+61+67+7b+6f+73+63+61+72+33+39+36+31+36+6b+69+6c+6f+3a+47+43+78+6d+68+4f+52+59+61+36+35+59+30+50+6d+52+74+46+6d+6c+46+53+42+6d+6e+76+49+6d+45+69+57+67+63+6f+47+32+70+6f+73+49+5f+6e+56+51+51+39+5a+4b+35+44+65+4b+76+56+53+76+69+6f+2d+4c+4c+2d+36+58+32+6a+66+52+46+77+39+42+34+58+71+34+6f+56+51+44+69+71+46+44+74+50+4d+7d+00+0d+70+a9+16+2e+df+4e+64+76+e3+91+15+87+6b+ad+72+22+af+71+ad+6c+91+9d+bd+3e+5e+34+67+.' -JUICE: b'\xca\x00\x00Juicy Data 00\x00\xc8\xf7\xeb\x15\x96=kp\\\xc9,^\xd5\xcf\\1\x99\x19w\x9a\xc6\xa9\x08e\x8dU\x92j7,\x00\xff#\xeb\x14\xb9)\x7f)\x85HV\xe3\x1d%?O\xbeY\xc6Juicy Data 01\x00R\x01\x1e{\x81G\x00\xc9\x9d\xe3\xe7\xc2#6\x81|\xfc\xd9\x9bk:\x1fh\xf05\xce\xddw5\xca\xdc\x87\xcc\xfa\x02MA\x02\x16\xdf\xe5\xfd\xa1\x083"\x84/\xfc\x1fJuicy Data 02\x00\xc0\x8f\xe7\x02\x91\xfd\xe1w\xfb\x82\x7f.\xa5\x04^\xa1#\xf9\xd7b\xfc\xfd\xd5\xcd\x00\xc0\xd4\xce\x86ahG\xf1OI\x82M*\xf9H\xacyvQ}\xd4\xf2\xa0\xcd\xc9Juicy Data 03\x00M\xae@\x9a\xd89\xe2\x85\xb2Y\xd6/-\xc9\xd0\xfb\x92\xd2\xc4Y\xaa[ B\xc6\xb5a\x93\xb3\xc6P\x01u\x90\x9bM\xca~\xd2|\xd7\xa9\xac\x04r|\xff\x04N\xc4Juicy Data 04\x00Z\x83%$\x01\xf8\xa0\xd8\xa1L\xdc\x13\xc8\xdc\x17\x17\xa0u\x10\xbf\xf2K\xa5%\xe8\x1e\x0cK\xe8\xf3#BvHfw@\x06O\xe1S,\xf4\x1b\x08\x0c2\xa8\x81BJuicy Data 05\x00,\xbb\x86m\xc2\xd6N\x15\x02C0\nOc\xb2\xd0\xa5\x19C3&\xdc\xa9R\x81je\x1aN\xbb){v\xaf\xe88\x856Mflag{oscar39616kilo:GCxmhORYa65Y0PmRtFmlFSBmnvImEiWgcoG2posI_nVQQ9ZK5DeKvVSvio-LL-6X2jfRFw9B4Xq4oVQDiqFDtPM}\x00\rp\xa9\x16.\xdfNdv\xe3\x91\x15\x87k\xadr"\xafq\xadl\x91\x9d\xbd>^4g' +JUICE: b'.....v\xaf\xe88\x856Mflag{oscar39616kilo:GCxmhORYa65Y0PmRtFmlFSBmnvImEiWg.....' ``` Hey look, a flag! diff --git a/space/good-plan-great-plan/README.md b/space/good-plan-great-plan/README.md index cbfdc7a..db9c966 100644 --- a/space/good-plan-great-plan/README.md +++ b/space/good-plan-great-plan/README.md @@ -54,5 +54,5 @@ The rest of the strategy is pretty much just to use trial and error: ``` ## Resources and other writeups -- http://gpredict.oz9aec.net/ -- https://en.wikipedia.org/wiki/Two-line_element_set +- +- diff --git a/top.md b/top.md index 7cd7856..cbd32e2 100644 --- a/top.md +++ b/top.md @@ -1,7 +1,7 @@ --- title: BLAHAJ mainfont: Noto Serif -geometry: margin=0.3in +geometry: margin=0.7in header-includes: | \input{fonts.tex}