The last non-OSINT challenge I did was called Wacky Recipe.
Our Cyber Chef has been creating some wacky recipes recently, though he has been rather protective of his secret ingredients. Use this Chicken Parmi recipe and decipher the missing values to discover the chef's secret ingredient!
Authors: TurboPenguin & joseph
This one got me a bit because it wasn't clear to me what to look up to find it. But after doing DNAdecay, where the doublehelix library was based on a Perl module Acme::Doublehelix, I started wondering if there was an Acme::Chef module, and there was.
I haven't written Perl in about 8 years but I figured, why not, and got cpan installed and downloaded the module.
I took a quick look at the documentation in the CPAN Module Acme::Chef and the additional documentation. This basically told me that there are different sections to a Chef recipe, some of which are more for flavor. The two main areas are Ingredients and Methods.
In the ingredients area, you list out all of the ingredients for the recipe, starting values, and whether they are liquid, dry, or unspecified. Liquid ingredients are treated as unicode characters and dry or unspecified ingredients are treated as numbers.
In the methods area, you use cooking-ish terms to describe what operators should apply to the ingredients. The order the ingredients get mentioned in the method also sets up essentially a stack.
I didn't get too deep in understanding exactly how this was working because I could just run it and hack at it to get something good.
The last part is there were two ingredients that just had ?? instead of numbers. The key was to figure out the right values for those two ingredients that, when the code ran, we would get the flag.
I was nursing a pretty hefty migraine for most of the last day of the event, so trying to figure this out by hand was not in the cards for me. So I created a Perl script to do it for me!
I set up two arrays of numbers, one for the first ingredient, and another for the second.
my @x = (5..30);
my @y = (6..30);
Then, I copied over the recipe as a heredoc, substituting in $i and $j for the "??" for the missing starting amount for the ingredients. I looped through each value, substituting in the number and compiling the recipe. I was pretty sure the flag started with "DUCTF{" so I just added a regex to check if the output matched that.
for $i (@x){
for $j (@y){
our $recipe = <<"END_MESSAGE";
<recipe>
END_MESSAGE
my $compiled = Acme::Chef->compile($recipe);
my $result = $compiled->execute();
if ($result =~ m/DUCTF/) {
print $result;
}
}
}
The first few times, I ran into some issues because I had started at 0 and the numbers created some conditions that caused errors. Bumping them up solved that issue. Then originally I ended too soon and no flag was found, so I increased the size of the range.
That's when I got an answer: DUCTF{2tsp_Vegemite}