以下は修正後の Obliterated File Again
について述べています. 非想定解と修正(Obliterated File Again)について
問題文
Working on making a problem of TSG CTF, I noticed that I have staged and committed the flag file by mistake before I knew it. I googled and found the following commands, so I'm not sure but anyway typed them. It should be ok, right?
TSG CTFに向けて問題を作っていたんですが,いつの間にか誤ってflagのファイルをコミットしていたことに気付いた!とにかく,Google先生にお伺いして次のようなコマンドを打ちこみました.よくわからないけどこれできっと大丈夫...?
$ git filter-branch --index-filter "git rm -f --ignore-unmatch *flag" --prune-empty -- --all $ git reflog expire --expire=now --all $ git gc --aggressive --prune=now
概要
- 答えとなるflagファイルは一度commitされmasterから辿ることができるようになっていたが,問題文よりfilter-branchで全てのコミットについて
git rm -f --ignore-unmatch *flag
が適用されているため,flagファイルのblobはmasterのheadからは辿ることはできない*. 参考: .4 Git のさまざまなツール - 歴史の書き換え - reflogを消去した上でgit gcを実行しているため,一見してflagファイルへの参照は無くなりgcでflagのblobは消去されたように思える.
- しかしgitはfliter-branch実行時に
refs/heads/master
のcommit/tree/blob objectを単に上書きしたり消去したりするのでは無く,全て新たに作成し直しこれらにrefs/heads/master
が向くようにしている.そして,元のHEADはrefs/original/*
以下に保存している. - 故にflagのblob objectは
refs/heads/master
からの参照はないものの,refs/original/refs/heads/master
からの参照が存在するためgit gc --aggressive --prune=now
をしても消去されない. - よって,git filter-branchで消去されたflagのファイルは
refs/original/refs/heads/master
から辿ることが可能である.(想定解法1) - 上記の挙動を知らなくても,git rev-listを用いたり,git gcでpackされたgit objectsからgit unpack-objects等でflagのblob objectを特定する等すればこの問題を解くことが出来ると推測出来る.(想定解法2,3)
- FLAG(
TSGCTF{$_git_update-ref_-d_refs/original/refs/heads/master}
)の通り,git update-ref -d refs/original/refs/heads/master
をするとflagのblobへの全ての参照が消えるためgit gcで除去することがきる.
$ git cat-file -p c1e375244c834c08d537d564e2763a7b92d5f9a8 x��A ��AP����TJ��i�V�7�C7�w���������N)�b7�/z�Xe�� �&��hB6k*�a1k ] �a���� ��%{% $ git update-ref -d refs/original/refs/heads/master $ git gc --aggressive --prune=now Counting objects: 99, done. Delta compression using up to 4 threads. Compressing objects: 100% (90/90), done. Writing objects: 100% (99/99), done. Total 99 (delta 38), reused 53 (delta 0) $ git cat-file -p c1e375244c834c08d537d564e2763a7b92d5f9a8 fatal: Not a valid object name c1e375244c834c08d537d564e2763a7b92d5f9a8
想定解法
1
filter-branch 実行時に生成された refs/original/refs/heads/master
からcommitとtreeオブジェクトを順に辿っていく
git log
は以下の通り
$ git log commit 13ca1969e42f07352374da0338b1e9ddd406c623 (HEAD, master) Author: tsgctf <info@tsg.ne.jp> Date: Sat May 4 21:01:11 2019 +0900 delete .travis.yml commit e6910d795c77de966da4b4da299f44e359cbd791 Author: tsgctf <info@tsg.ne.jp> Date: Sat May 4 21:00:53 2019 +0900 fix the way of posessing the flag commit 7b20d43eee6cb7f06d553bdf32696f35740c995f Author: tsgctf <info@tsg.ne.jp> Date: Sat May 4 20:58:25 2019 +0900 fix .gitignore commit 072690c0aaf46bc7875b67d6323b8f8d2074aaca Author: tsgctf <info@tsg.ne.jp> Date: Sat May 4 20:56:51 2019 +0900 enable production mode commit 164349386f4522b1cdee775e63761d57eacbf66a Author: tsgctf <info@tsg.ne.jp> Date: Sat May 4 20:56:02 2019 +0900 small fix && add readme commit c4b2408b3646bb0d2d05b639b4d99b009815c97e Author: tsgctf <info@tsg.ne.jp> Date: Sat May 4 20:54:43 2019 +0900 add problem statement commit 1132b19fe615106585d0a4d73a1d2caebf213b1c Author: tsgctf <info@tsg.ne.jp> Date: Sat May 4 20:52:29 2019 +0900 made solvable (snip)
$ ls .git COMMIT_EDITMSG ORIG_HEAD description index logs packed-refs HEAD config hooks info objects refs $ cat .git/packed-refs # pack-refs with: peeled fully-peeled sorted 072690c0aaf46bc7875b67d6323b8f8d2074aaca refs/heads/master 1c80e25f51797b19dfbdeb0e2831ebd9bba64ab8 refs/original/refs/heads/master $ git cat-file -p 1c80e25f51797b19dfbdeb0e2831ebd9bba64ab8 tree d0ca60424dc0174f1e3eb142a508a205e0df8df7 parent 353d6ab1d16539043e9bef6743db1f7bc6a02391 author tsgctf <info@tsg.ne.jp> 1556971011 +0900 committer tsgctf <info@tsg.ne.jp> 1556971011 +0900 enable production mode
git filter-branch
がenable production mode
の時点で行われたことが分かる.
$ git cat-file -p d0ca60424dc0174f1e3eb142a508a205e0df8df7 100644 blob 163eb75c85257e212368c0694a2947ebcd4c9bcc .editorconfig 100644 blob ffc7b6ac56d181e10a191d2c4115aa8d83aec847 .travis.yml 100644 blob 6eec6e57cc9eb5aa67f09fb73bdb3b933d7fdded README.md 040000 tree d5fe4dc31680a0c12730b4599ecccb369b6a0a14 problem $ git cat-file -p d5fe4dc31680a0c12730b4599ecccb369b6a0a14 100644 blob 94ae2db65e3dc2365cdc8136dececdbc35374adc .gitignore 100644 blob dd46f3189d012d72738a6aa20358581d71945bca README.md 100644 blob c1e375244c834c08d537d564e2763a7b92d5f9a8 flag 100644 blob 02d365359d84a5d4f4317fa3549fe073a024c502 main.cr 100644 blob a56e0143927a72fee0c6f00618442def5cd60fac shard.lock 100644 blob d3a384c81e3e530ad97719e80b8223ed7754a4a2 shard.yml 040000 tree 69c2b0afdb2a14797f43e4424dc06cc6202bea1f src
以上を $ git checkout 1c80e25f51797b19dfbdeb0e2831ebd9bba64ab8
,git checkout refs/original/refs/heads/master
としても良い
$ git cat-file -p c1e375244c834c08d537d564e2763a7b92d5f9a8 > flag $ file flag flag: zlib compressed data # これはmain.crを見ても分かる $ pry [1] pry(main)> require "zlib" => true [2] pry(main)> file = File.binread "flag" => "x\x9C\v\tvw\x0Eq\xABV\x89O\xCF,\x89/-HI,I\xD5-JM\x8B\xD7M\x89\aR\xC5\xFA\xF9E\x99\xE9\x99y\x899\xFA`^FjbJ\xB1~nbqIjQ-\x00\x85\xEB\x16(" [3] pry(main)> inz = Zlib::Inflate.new => #<Zlib::Inflate:0x007fbf28073070 @dictionaries={}> [4] pry(main)> flag = inz.inflate file => "TSGCTF{$_git_update-ref_-d_refs/original/refs/heads/master}"
2
git rev-listを使う
git rev-list master
ならばmasterのHEADから辿れるcommit objectを列挙
git rev-list --all
で全てのcommit objectを列挙
git rev-list --objects -all
で全てのgit objectを列挙
$ git rev-list --objects --all 13ca1969e42f07352374da0338b1e9ddd406c623 e6910d795c77de966da4b4da299f44e359cbd791 7b20d43eee6cb7f06d553bdf32696f35740c995f 1c80e25f51797b19dfbdeb0e2831ebd9bba64ab8 072690c0aaf46bc7875b67d6323b8f8d2074aaca 353d6ab1d16539043e9bef6743db1f7bc6a02391 164349386f4522b1cdee775e63761d57eacbf66a 78036f3e858975d2c574d81ba6c3a6f57573314a c4b2408b3646bb0d2d05b639b4d99b009815c97e afafedc82152dd8f38497ae1b17bedd7b647e062 1132b19fe615106585d0a4d73a1d2caebf213b1c 8316c40ce4f952bd9a10bf53921eb1039820d403 6b4cbce5f389a45bc849f07fa5c17a8b7f43f005 bff308624444eed4cac43b0d432a92d2d350fcfb f4416accd32d3063630d243770ff6d1ba79ac209 b346b76e3642b0b33f5b17a19761b8d77276473b b614e74c0d6db7c50c64a6f643c08e768308295c 828b54e76c9ee94b1d9a478aef792726c60a01bc 0f0a48cede1c8edb37b9449b7de0eb28402db1fc 166baf8b5abaf404923426c08199e7396628e759 4801d6ec013679a4cd8353812fa9502418ba6237 d3953a7e9d5e89a07f767851721c09b543fe1a9b 5d04bb5c39d8821c57d6e109088caefbdfd9660b 163eb75c85257e212368c0694a2947ebcd4c9bcc .editorconfig 6eec6e57cc9eb5aa67f09fb73bdb3b933d7fdded README.md fae323e2976c63f9aab36283ded3a205b02cd8da problem 4e48cb9537172cfcf4174c999ee409ca70139c3d problem/.gitignore dd46f3189d012d72738a6aa20358581d71945bca problem/README.md 8e497982ba717ee0fe21acd4d6a1beb74be0f90f problem/main.cr a56e0143927a72fee0c6f00618442def5cd60fac problem/shard.lock d3a384c81e3e530ad97719e80b8223ed7754a4a2 problem/shard.yml 69c2b0afdb2a14797f43e4424dc06cc6202bea1f problem/src 77248329a5e663f2ac278c095f113d27b4e8f8be problem/src/app.cr d756753ddde35b336989129b46062c22e97d0e38 problem/src/public d564d0bc3dd917926892c55e3706cc116d5b165e problem/src/public/css e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 problem/src/public/css/.gitkeep 43988cd07d60aa41f61e6e2421156068b3f8632b problem/src/views 567458274957b016d5016532662137022b650439 problem/src/views/index.ecr 956542f28d8010bc0ceec6ae9dfdb84e49fa2d2b problem/src/views/layout.ecr d0750a2659e0c89c3e61a2c6d8573c52adafe860 problem/src/views/login.ecr a0f3b51d97779b176407ff04686cdc6105851799 problem/src/views/register.ecr 8716dd0de5702371cc61c4627865bcaf16ddb448 ffc7b6ac56d181e10a191d2c4115aa8d83aec847 .travis.yml 4e342ba6d191971197bb40023855b53a0155060b 50935b0c64743459d3ffdfabb31229af867b949e problem 02d365359d84a5d4f4317fa3549fe073a024c502 problem/main.cr d0ca60424dc0174f1e3eb142a508a205e0df8df7 d5fe4dc31680a0c12730b4599ecccb369b6a0a14 problem 94ae2db65e3dc2365cdc8136dececdbc35374adc problem/.gitignore c1e375244c834c08d537d564e2763a7b92d5f9a8 problem/flag 7edb96cb41cbfea869dabc7de625a5e50abd71ea 37a62992ec0d4c83df1d6952933c0afaa135d6a8 problem 27b5ce64362f03ef9a7f044e677fba81ab47544b 1f34928d090b69867f664dcbef276d53a29483cc problem ebc4754f23719c17eedf24af0187be86b52e71d2 problem/main.cr 157d2e555e663ffb6e203a4ecc62a9e599e259ab 6361c720b6a55eb93f42cd57a48cc27805442a53 problem 7459ce4ad03f11e4f9aae544274766edd675fe11 2aea982ed4eb63a835ce71322379720fb45e3a7a problem 34b46ad3604df653c93fcede1b7e2c546a748032 problem/src 2c6881340dd54ea0fbc6013da69701adf77cd80f problem/src/views 798fae498457783788a70719f5176d7542c10e72 problem/src/views/layout.ecr bfa5390abc0810070a1983a6ff8982bcc2a6a196 5e1b13226968864981f768dd68bb3a5141f10b26 problem ff591ccbfb2cf72a371008a82f4210209797584f 60723b12e68c53e802729604a16931e74f000e81 README.md 484d7614db417d10ab3116c9ce11d03b6d380f14 67960090c674d6d824da50dfd45d8f12d83786e6 fa7b6981166dcad181464007968ddf2c44b88973 .gitignore 00ba81bd54c79a5e712435ee9ecd2b2d8585917c main.cr 23c5b636f8501a098860f40e56b2beb29d5fa410 src a416178f93b9276bfcfd300dc196e1952e717331 src/app.cr cd7068e30ead3aa205f7bc8c73e1caa8854221a3 da64e5cf3af628fed6a351de35fbca1f39a61b84 src 62062f1afde0d9ae9b4d91781780dd615c6448f9 src/app.cr e79b903e56ed961fd3c0076682976d045f7cec52 6754b81daa8414ea07475e5350f2d54c7523b989 src abf4339ce17591e3712d2dc375864493c82d207b src/app.cr e78e4553e8c4e68a733f67ba8abaed1db3bb95e0 56fced572a5abc13cf60a8a49a19d5af87f61d87 src 501072473b04d8d2eaf05d13cc71fa2568ec3d6c src/app.cr 97fe1a6ab46a57cfa8043a17395b2501332c2436 0bb75ea03f73a8764f724a990b6145f0b929c3f8 .gitignore a2cdcc183cceecbc5a0f8532245e608b90c6340f main.cr 79e09050a3fab6a7c8002ddecd9ba97e1ba6e01f shard.lock 2d412b10aefe0f80e26536c8ec1a58d4b30df1bf shard.yml 5c6f3673d687b416b32cd6d1d49d85da60c66950 src e9441ab4fc0a169d8482e76da4b9f55a6caa5823 src/app.cr 76d6409dbcb16c8282b966f2c0491c02364fcf7b src/views 36659906848b844b0ac530a4efd3dc646fd3f7b2 src/views/index.ecr 8a5cd16517aacf3b150620f6c5347d8e27ef47dc src/views/layout.ecr 7ddff67ab554b53d00d00ae91a3b4c36578b37f0 c29410cbe0e08299c0f0ee8085642bd24a838485 main.cr 0dc0e23010600ab04db1cfef617b35cb9a808668 9f88382a6895bd951d953155960c0ed5a8612303 main.cr 4b1026ccafd4c79a70a10b46c5531fc331e92b6a 0d84bf0607785e59be1448379961ec8064b4d92e main.cr d630e501eea771f59769592170cdc0bf2d741ae6 shard.lock 89db2e6e905c3036b53672b3c3bc9fad472fa368 shard.yml ff42cc4a1974e58b02772f401321ba3f57846e38 views fa17d60b89e69d855a7c01363435995b4dd67def views/index.ecr 91a3b5d486e8cce94c981e459db47a2fa4497e1b 2ff872c5b6173fdb325f89c90b251daebf91092c README.md 18799361bcac695368b53df8847b57ba34967a50 main.cr 51422bc8c729b297e89be5028b080d37f5fa71e8 views a5f2f7907b07430751f2707bf7d12d5cd9bd7be2 views/index.ecr a63dcfb386a4b30e3a1d85641cfb1aae8ecbbb5c 72e3d57df672e811ef56d4fa993a71da33a1de91 main.cr 207cef168362ac985a373f49fdbcf1d29035b6fb f87f5c14cbbd7d462ab7c5ed4f7b4b822d3254a4 main.cr 0b02e2f465e326a2fb4327a1ed2a64ed95084ee6 shard.yml $ git rev-list --objects --all | grep flag c1e375244c834c08d537d564e2763a7b92d5f9a8 problem/flag
後は1と同じ
3
gcで生成されたidxファイルからblobファイルを見ていく / git unpack-objects等を使う
とりあえずpackの中にあるだろうということからゴリ押しで解くことも出来る.
$ tree .git/objects .git/objects ├── 13 │ └── ca1969e42f07352374da0338b1e9ddd406c623 ├── 4e │ ├── 342ba6d191971197bb40023855b53a0155060b │ └── 48cb9537172cfcf4174c999ee409ca70139c3d ├── 50 │ └── 935b0c64743459d3ffdfabb31229af867b949e ├── 5d │ └── 04bb5c39d8821c57d6e109088caefbdfd9660b ├── 7b │ └── 20d43eee6cb7f06d553bdf32696f35740c995f ├── 87 │ └── 16dd0de5702371cc61c4627865bcaf16ddb448 ├── 8e │ └── 497982ba717ee0fe21acd4d6a1beb74be0f90f ├── e6 │ └── 910d795c77de966da4b4da299f44e359cbd791 ├── fa │ └── e323e2976c63f9aab36283ded3a205b02cd8da ├── info │ └── packs └── pack ├── pack-b799d65ebb2cc3fab7878fcf2a2642585de29408.idx └── pack-b799d65ebb2cc3fab7878fcf2a2642585de29408.pack 11 directories, 13 files # filter-branch後に数コミットしているのでpackされてないオブジェクトもある $ git verify-pack -v .git/objects/pack/pack-b799d65ebb2cc3fab7878fcf2a2642585de29408.idx 072690c0aaf46bc7875b67d6323b8f8d2074aaca commit 217 152 12 1c80e25f51797b19dfbdeb0e2831ebd9bba64ab8 commit 217 151 164 164349386f4522b1cdee775e63761d57eacbf66a commit 218 156 315 353d6ab1d16539043e9bef6743db1f7bc6a02391 commit 218 156 471 c4b2408b3646bb0d2d05b639b4d99b009815c97e commit 216 151 627 78036f3e858975d2c574d81ba6c3a6f57573314a commit 216 151 778 1132b19fe615106585d0a4d73a1d2caebf213b1c commit 208 147 929 afafedc82152dd8f38497ae1b17bedd7b647e062 commit 53 65 1076 1 1132b19fe615106585d0a4d73a1d2caebf213b1c 8316c40ce4f952bd9a10bf53921eb1039820d403 commit 205 146 1141 6b4cbce5f389a45bc849f07fa5c17a8b7f43f005 commit 205 146 1287 bff308624444eed4cac43b0d432a92d2d350fcfb commit 232 163 1433 f4416accd32d3063630d243770ff6d1ba79ac209 commit 239 170 1596 b346b76e3642b0b33f5b17a19761b8d77276473b commit 224 159 1766 b614e74c0d6db7c50c64a6f643c08e768308295c commit 216 155 1925 828b54e76c9ee94b1d9a478aef792726c60a01bc commit 225 162 2080 0f0a48cede1c8edb37b9449b7de0eb28402db1fc commit 212 155 2242 166baf8b5abaf404923426c08199e7396628e759 commit 204 146 2397 4801d6ec013679a4cd8353812fa9502418ba6237 commit 216 153 2543 d3953a7e9d5e89a07f767851721c09b543fe1a9b commit 161 117 2696 163eb75c85257e212368c0694a2947ebcd4c9bcc blob 150 118 2813 ffc7b6ac56d181e10a191d2c4115aa8d83aec847 blob 18 28 2931 6eec6e57cc9eb5aa67f09fb73bdb3b933d7fdded blob 64 74 2959 94ae2db65e3dc2365cdc8136dececdbc35374adc blob 46 49 3033 dd46f3189d012d72738a6aa20358581d71945bca blob 134 100 3082 02d365359d84a5d4f4317fa3549fe073a024c502 blob 458 303 3182 a56e0143927a72fee0c6f00618442def5cd60fac blob 507 226 3485 d3a384c81e3e530ad97719e80b8223ed7754a4a2 blob 297 178 3711 77248329a5e663f2ac278c095f113d27b4e8f8be blob 2136 632 3889 e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 blob 0 9 4521 567458274957b016d5016532662137022b650439 blob 288 156 4530 956542f28d8010bc0ceec6ae9dfdb84e49fa2d2b blob 111 85 4686 36659906848b844b0ac530a4efd3dc646fd3f7b2 blob 355 161 4771 d0750a2659e0c89c3e61a2c6d8573c52adafe860 blob 36 47 4932 1 36659906848b844b0ac530a4efd3dc646fd3f7b2 a0f3b51d97779b176407ff04686cdc6105851799 blob 161 106 4979 7edb96cb41cbfea869dabc7de625a5e50abd71ea tree 151 154 5085 d5fe4dc31680a0c12730b4599ecccb369b6a0a14 tree 247 233 5239 37a62992ec0d4c83df1d6952933c0afaa135d6a8 tree 9 20 5472 1 d5fe4dc31680a0c12730b4599ecccb369b6a0a14 69c2b0afdb2a14797f43e4424dc06cc6202bea1f tree 99 106 5492 d756753ddde35b336989129b46062c22e97d0e38 tree 59 45 5598 d564d0bc3dd917926892c55e3706cc116d5b165e tree 36 47 5643 43988cd07d60aa41f61e6e2421156068b3f8632b tree 152 141 5690 d0ca60424dc0174f1e3eb142a508a205e0df8df7 tree 27 40 5831 1 7edb96cb41cbfea869dabc7de625a5e50abd71ea c1e375244c834c08d537d564e2763a7b92d5f9a8 blob 99 112 5871 157d2e555e663ffb6e203a4ecc62a9e599e259ab tree 27 40 5983 1 7edb96cb41cbfea869dabc7de625a5e50abd71ea 1f34928d090b69867f664dcbef276d53a29483cc tree 30 43 6023 1 d5fe4dc31680a0c12730b4599ecccb369b6a0a14 6361c720b6a55eb93f42cd57a48cc27805442a53 tree 9 19 6066 2 1f34928d090b69867f664dcbef276d53a29483cc ebc4754f23719c17eedf24af0187be86b52e71d2 blob 11 22 6085 1 02d365359d84a5d4f4317fa3549fe073a024c502 27b5ce64362f03ef9a7f044e677fba81ab47544b tree 27 40 6107 1 7edb96cb41cbfea869dabc7de625a5e50abd71ea bfa5390abc0810070a1983a6ff8982bcc2a6a196 tree 27 40 6147 1 7edb96cb41cbfea869dabc7de625a5e50abd71ea 2aea982ed4eb63a835ce71322379720fb45e3a7a tree 30 43 6187 2 1f34928d090b69867f664dcbef276d53a29483cc 5e1b13226968864981f768dd68bb3a5141f10b26 tree 9 19 6230 3 2aea982ed4eb63a835ce71322379720fb45e3a7a 34b46ad3604df653c93fcede1b7e2c546a748032 tree 25 38 6249 1 69c2b0afdb2a14797f43e4424dc06cc6202bea1f 2c6881340dd54ea0fbc6013da69701adf77cd80f tree 30 43 6287 1 43988cd07d60aa41f61e6e2421156068b3f8632b 798fae498457783788a70719f5176d7542c10e72 blob 172 129 6330 7459ce4ad03f11e4f9aae544274766edd675fe11 tree 27 40 6459 1 7edb96cb41cbfea869dabc7de625a5e50abd71ea ff591ccbfb2cf72a371008a82f4210209797584f tree 327 300 6499 484d7614db417d10ab3116c9ce11d03b6d380f14 tree 9 20 6799 1 ff591ccbfb2cf72a371008a82f4210209797584f 60723b12e68c53e802729604a16931e74f000e81 blob 90 80 6819 67960090c674d6d824da50dfd45d8f12d83786e6 tree 75 89 6899 2 484d7614db417d10ab3116c9ce11d03b6d380f14 fa7b6981166dcad181464007968ddf2c44b88973 blob 41 44 6988 00ba81bd54c79a5e712435ee9ecd2b2d8585917c blob 19 31 7032 1 02d365359d84a5d4f4317fa3549fe073a024c502 23c5b636f8501a098860f40e56b2beb29d5fa410 tree 99 106 7063 a416178f93b9276bfcfd300dc196e1952e717331 blob 126 126 7169 1 77248329a5e663f2ac278c095f113d27b4e8f8be cd7068e30ead3aa205f7bc8c73e1caa8854221a3 tree 28 41 7295 3 67960090c674d6d824da50dfd45d8f12d83786e6 da64e5cf3af628fed6a351de35fbca1f39a61b84 tree 66 76 7336 62062f1afde0d9ae9b4d91781780dd615c6448f9 blob 17 30 7412 2 a416178f93b9276bfcfd300dc196e1952e717331 e79b903e56ed961fd3c0076682976d045f7cec52 tree 28 41 7442 3 67960090c674d6d824da50dfd45d8f12d83786e6 6754b81daa8414ea07475e5350f2d54c7523b989 tree 66 76 7483 abf4339ce17591e3712d2dc375864493c82d207b blob 52 61 7559 2 a416178f93b9276bfcfd300dc196e1952e717331 e78e4553e8c4e68a733f67ba8abaed1db3bb95e0 tree 28 41 7620 3 67960090c674d6d824da50dfd45d8f12d83786e6 56fced572a5abc13cf60a8a49a19d5af87f61d87 tree 66 76 7661 501072473b04d8d2eaf05d13cc71fa2568ec3d6c blob 116 82 7737 2 a416178f93b9276bfcfd300dc196e1952e717331 7ddff67ab554b53d00d00ae91a3b4c36578b37f0 tree 297 275 7819 97fe1a6ab46a57cfa8043a17395b2501332c2436 tree 55 70 8094 1 7ddff67ab554b53d00d00ae91a3b4c36578b37f0 0bb75ea03f73a8764f724a990b6145f0b929c3f8 blob 37 43 8164 a2cdcc183cceecbc5a0f8532245e608b90c6340f blob 81 78 8207 79e09050a3fab6a7c8002ddecd9ba97e1ba6e01f blob 10 21 8285 1 a56e0143927a72fee0c6f00618442def5cd60fac 2d412b10aefe0f80e26536c8ec1a58d4b30df1bf blob 6 17 8306 1 d3a384c81e3e530ad97719e80b8223ed7754a4a2 5c6f3673d687b416b32cd6d1d49d85da60c66950 tree 66 76 8323 e9441ab4fc0a169d8482e76da4b9f55a6caa5823 blob 27 38 8399 3 501072473b04d8d2eaf05d13cc71fa2568ec3d6c 76d6409dbcb16c8282b966f2c0491c02364fcf7b tree 75 80 8437 8a5cd16517aacf3b150620f6c5347d8e27ef47dc blob 21 33 8517 1 798fae498457783788a70719f5176d7542c10e72 c29410cbe0e08299c0f0ee8085642bd24a838485 blob 96 96 8550 4 e9441ab4fc0a169d8482e76da4b9f55a6caa5823 0dc0e23010600ab04db1cfef617b35cb9a808668 tree 30 43 8646 1 7ddff67ab554b53d00d00ae91a3b4c36578b37f0 9f88382a6895bd951d953155960c0ed5a8612303 blob 10 21 8689 5 c29410cbe0e08299c0f0ee8085642bd24a838485 4b1026ccafd4c79a70a10b46c5531fc331e92b6a tree 297 274 8710 0d84bf0607785e59be1448379961ec8064b4d92e blob 218 162 8984 d630e501eea771f59769592170cdc0bf2d741ae6 blob 13 24 9146 1 a56e0143927a72fee0c6f00618442def5cd60fac 89db2e6e905c3036b53672b3c3bc9fad472fa368 blob 6 17 9170 1 d3a384c81e3e530ad97719e80b8223ed7754a4a2 ff42cc4a1974e58b02772f401321ba3f57846e38 tree 75 79 9187 fa17d60b89e69d855a7c01363435995b4dd67def blob 51 56 9266 91a3b5d486e8cce94c981e459db47a2fa4497e1b tree 86 101 9322 1 4b1026ccafd4c79a70a10b46c5531fc331e92b6a 2ff872c5b6173fdb325f89c90b251daebf91092c blob 614 317 9423 18799361bcac695368b53df8847b57ba34967a50 blob 16 28 9740 1 0d84bf0607785e59be1448379961ec8064b4d92e 51422bc8c729b297e89be5028b080d37f5fa71e8 tree 75 80 9768 a5f2f7907b07430751f2707bf7d12d5cd9bd7be2 blob 17 27 9848 a63dcfb386a4b30e3a1d85641cfb1aae8ecbbb5c tree 30 45 9875 2 91a3b5d486e8cce94c981e459db47a2fa4497e1b 72e3d57df672e811ef56d4fa993a71da33a1de91 blob 59 67 9920 207cef168362ac985a373f49fdbcf1d29035b6fb tree 64 79 9987 2 91a3b5d486e8cce94c981e459db47a2fa4497e1b f87f5c14cbbd7d462ab7c5ed4f7b4b822d3254a4 blob 6 15 10066 0b02e2f465e326a2fb4327a1ed2a64ed95084ee6 blob 13 24 10081 1 d3a384c81e3e530ad97719e80b8223ed7754a4a2 non delta: 61 objects chain length = 1: 25 objects chain length = 2: 8 objects chain length = 3: 5 objects chain length = 4: 1 object chain length = 5: 1 object .git/objects/pack/pack-b799d65ebb2cc3fab7878fcf2a2642585de29408.pack: ok
4
gcで生成されたpackをzlibで無理やり展開してゴリ押しreconをする(gitのオブジェクトは全てzlibで圧縮されているため)
Flag
Obliterated File TSGCTF{$_git_update-ref_-d_refs/original/refs/heads/master}
Obliterated File Again TSGCTF{$_git_update-ref_-d_refs/original/refs/heads/master_S0rry_f0r_m4king_4_m1st4k3_0n_th1s_pr0bl3m}
非想定解と修正(Obliterated File Again)について
初めに公開された問題 Obliterated File
にて実行されたコマンドは以下の通り
$ git filter-branch --index-filter "git rm -f --ignore-unmatch flag" --prune-empty -- --all $ git reflog expire --expire=now --all $ git gc --aggressive --prune=now
これによりflagのファイルの乗ったコミットが refs/heads/master
から辿れる場所に1つだけ存在している状態になっていました.この問題を修正したものを Obliterated File Again
として出題し初期得点を250ずつに配分しました.大変失礼いたしました.