CTF: MBR - Floppy Disk Overdrive

MBR Capture the Flag Challenge

Album released: 20 Mar 2020

https://masterbootrecord.bandcamp.com/album/floppy-disk-overdrive

Secret

065 115 032 116 104 101 032 119 111 114 108 100 032 105 115 032 115 101 116 032 111 110 032 102 105 114 101 013 010 119 104 105 108 101 032 112 114 101 112 097 114 105 110 103 032 102 111 114 032 116 104 105 115 032 102 105 103 104 116 013 010 073 110 032 116 104 101 032 100 097 114 107 032 097 032 115 112 101 108 108 119 097 114 101 032 114 105 115 101 013 010 077 097 100 101 032 111 102 032 049 046 052 052 032 109 101 103 097 098 121 116 101 115 013 010 013 010 073 110 032 097 032 102 108 111 112 112 121 032 100 105 115 107 032 102 105 116 115 032 116 105 103 104 116 013 010 087 105 116 104 032 097 032 099 114 097 099 107 116 114 111 032 112 097 099 107 101 100 032 105 110 115 105 100 101 013 010 077 101 103 097 116 114 097 105 110 101 114 115 032 116 111 032 098 111 111 115 116 032 121 111 117 114 032 109 105 103 104 116 013 010 071 111 116 116 097 032 116 114 121 032 098 101 102 111 114 101 032 121 111 117 032 102 105 103 104 116 013 010 013 010 078 111 119 032 097 103 097 105 110 032 097 110 111 116 104 101 114 032 116 105 109 101 013 010 070 111 108 108 111 119 032 109 101 032 097 108 111 110 103 032 116 104 101 115 101 032 114 104 121 109 101 115 013 010 073 102 032 121 111 117 032 119 097 110 116 032 116 111 032 103 101 116 032 116 104 105 115 032 112 114 105 122 101 013 010 072 105 100 100 101 110 032 105 110 032 098 101 116 119 101 101 110 032 116 104 101 115 101 032 108 105 110 101 115 013 010 013 010 077 097 107 101 032 097 032 115 117 109 032 111 102 032 097 108 108 032 116 104 111 115 101 032 098 121 116 101 115 013 010 084 114 097 115 104 032 116 104 101 032 111 100 100 115 032 097 110 100 032 109 097 107 101 032 105 116 032 116 105 103 104 116 013 010 084 117 114 110 032 116 111 032 065 083 067 073 073 032 099 111 100 101 032 097 110 100 032 119 114 105 116 101 013 010 065 108 108 032 116 104 111 115 101 032 110 117 109 098 101 114 115 032 111 118 101 114 032 097 032 108 105 110 101 013 010 013 010 078 111 119 032 106 117 115 116 032 107 101 101 112 032 116 104 097 116 032 105 110 032 121 111 117 114 032 109 105 110 100 013 010 067 114 097 099 107 032 116 104 101 032 099 111 100 101 032 098 101 108 111 119 032 116 104 101 115 101 032 108 105 110 101 115 013 010 085 115 101 032 116 104 101 032 099 111 100 101 119 111 114 100 032 121 111 117 032 119 105 108 108 032 102 105 110 100 013 010 084 111 032 114 101 100 101 101 109 032 116 104 101 032 098 111 110 117 115 032 112 114 105 122 101 013 010 013 010 069 110 106 111 121 032 070 108 111 112 112 121 032 068 105 115 107 032 079 118 101 114 100 114 105 118 101 033
iw1r5jgulOG4rRexIP3ijS0kmijNa+1gt1AoA62QYO0K7O41xDiDRuox8A1rf92wLGm7jaJi3BS+rdixt1NldocsJiEuV8NSaFzfFYe658lrFMRxv029EzK6M6kxSLRPYwpjuHY4qJQRyFHhWhyUdKd0WzU+6YcppmWR/uORMmvDWHw4HRmE574h50CiDuswpf3rUa/5dkpwmswyspnlHJODXnSRPFIg9de8KOjOL0Tdg+UKjB/7w2nQE1AEe/JkvNguJ7BqAWN7BqdKOFyN/zGoJo6T/lw0sBe+AJ1geUGUbkUkQtlQmMbY2k0IiarjhMXssQ3wutAqfmPkic87jW16q7K1oBoP4o9Gs9KeAnxp14MhruZ1NGSF30bURr5NxPk3gNu4esNYN8leoVIZ7swZMWiNnFquh1kEEOPXH6gvMiY/FE92DSbYyFM19iCokhaPOpmvldiInvd4wXvq+jKqZyAxYuv3lpEyd3/7UyjfpzVH2q8PS3fxnYeTDzXG8lzH+VrXilsEqJjpeMpt6A==

Analysis

The usual ASCII codes in integer format, but also with what looks like a Base64 string. Decoding reveals a binary blob, probably encrypted. I’ll save you the trouble of finding out the exact type of AES and parameters used, I duplicated it here: https://nearwood.dev/dumbaes/ (source and more info: https://github.com/nearwood/dumbaes)

The first one decoded gives hints. There problem I could not figure out was what the riddle was referring to to sum all the bytes. The bytes on disc of each track? No, because there are multiple version available (FLAC, MP3, etc.). The riddle refers to a floppy disk, and there are two floppy disk images include. The secret is in the directory listing PNG file, and it was not too difficult to try different interpretations of the riddle to figure it out.

ASCII:

As the world is set on fire
while preparing for this fight
In the dark a spellware rise
Made of 1.44 megabytes

In a floppy disk fits tight
With a cracktro packed inside
Megatrainers to boost your might
Gotta try before you fight

Now again another time
Follow me along these rhymes
If you want to get this prize
Hidden in between these lines

Make a sum of all those bytes
Trash the odds and make it tight
Turn to ASCII code and write
All those numbers over a line

Now just keep that in your mind
Crack the code below these lines
Use the codeword you will find
To redeem the bonus prize

Enjoy Floppy Disk Overdrive!

Solution

I won’t reveal what the key is but the decrypted AES payload (email address and subject removed) is:

Congratulation for solving the puzzle!

Send a mail to ██████████ including the codeword ████████ in the object. You will get a reply including the link to download the bonus track.

If you liked this puzzle and want something more challenging come and visit the CTF on my server at mbrserver.com

Stay safe and don't stop enjoying the music!

MASTER BOOT RECORD

Plus a bonus track in the email response.