We’re given a system of polynomial equations with 3 unknowns (parts of the flag). The flag is split into 3 chunks, converted to numbers, then used in various polynomial combinations.
$ cat source.py
from Crypto.Util.number import bytes_to_long
FLAG = open("flag.txt", "rb").read()
step = len(FLAG) // 3
candies = [bytes_to_long(FLAG[i:i+step]) for i in range(0, len(FLAG), step)]
cnd1, cnd2, cnd3 = candies
with open('output.txt', 'w') as f:
f.write(f'v1 = {cnd1**3 + cnd3**2 + cnd2}\n')
f.write(f'v2 = {cnd2**3 + cnd1**2 + cnd3}\n')
f.write(f'v3 = {cnd3**3 + cnd2**2 + cnd1}\n')
f.write(f'v4 = {cnd1 + cnd2 + cnd3}\n')
$ cat output.txt
v1 = 1181239096013650837744125294978177790419553719590172794906535790528758829840751110126012179328061375399196613652870424327167341710919767887891371258453
v2 = 2710472017687233737830986182523923794327361982506952801148259340657557362009893794103841036477555389231149721438246037558380601526471290201500759382599
v3 = 3448392481703214771250575110613977019995990789986191254013989726393898522179975576074870115491914882384518345287960772371387233225699632815814340359065
v4 = 396216122131701300135834622026808509913659513306193
We have 4 equations and 3 unknowns - that’s solvable! SymPy can handle this system of equations easily:
$ cat solve.py
#!/usr/bin/python3
from Crypto.Util.number import long_to_bytes
from sympy import symbols, solve
# Read the output.txt file
with open('output.txt', 'r') as f:
data = f.read().splitlines()
# Extract the values from the file
v1 = int(data[0].split('=')[1].strip())
v2 = int(data[1].split('=')[1].strip())
v3 = int(data[2].split('=')[1].strip())
v4 = int(data[3].split('=')[1].strip())
# Define symbolic variables for cnd1, cnd2, cnd3
cnd1, cnd2, cnd3 = symbols('cnd1 cnd2 cnd3')
# Define the equations
eq1 = cnd1**3 + cnd3**2 + cnd2 - v1
eq2 = cnd2**3 + cnd1**2 + cnd3 - v2
eq3 = cnd3**3 + cnd2**2 + cnd1 - v3
eq4 = cnd1 + cnd2 + cnd3 - v4
# Solve the equations
solutions = solve([eq1, eq2, eq3, eq4], (cnd1, cnd2, cnd3))
# Extract the integers
cnd1_val = int(solutions[0][0])
cnd2_val = int(solutions[0][1])
cnd3_val = int(solutions[0][2])
# Convert integers to bytes and reconstruct the flag
flag = long_to_bytes(cnd1_val) + long_to_bytes(cnd2_val) + long_to_bytes(cnd3_val)
print("Flag:", flag.decode())
$ ./solve.py
Flag: HTB{solving_equations_for_parts_of_the_flag_over_the_integers!}
Flag: HTB{solving_equations_for_parts_of_the_flag_over_the_integers!}