Monday, March 30, 2015

0CTF 2015 Quals - Misc geo newbie

This challenge involved giving Country Alpha2 codes as responses.  It had 3 different levels.

For the first 20 challenges, it asked what a specific the Alpha2 code was for a specific country.

To solve these, I used Google's maps geocode API.
An example of use this is:
 https://maps.googleapis.com/maps/api/geocode/json?address=new%20york

Sometimes, the API would not think that the country that I sent was a country.  So I appended 'country' to the beginning of each address query string for the first 20 challenges:
https://maps.googleapis.com/maps/api/geocode/json?address=country%20canada

I then had to parse the JSON response for the country Alpha2 code. It seemed that the last
"address_components" contained the country and it's code, however, I noticed later that some did not.  So I adjust my code to quickly solve hopefully most of this issue:
for d in respdata['results'][0]['address_components'][::-1]:
    alpha2 = d['short_name']
    if len(alpha2) == 2:
        break

For the next 50 challenges (20-70), the server gave us a place, such as a city, nickname, state, etc., and it requested the code of the country that the place was located in.  Luckily for us, the above solution would work for this as well.

There were a few places that the geocode API would get wrong, so we hard-coded the solutions in dictionaries.  I found it funny that Lego was not a city, but the location of the headquarters...

After solving 70 challenges, the server requested what countries a specific mountain range or river run through.  For this, I used Wikipedia's API to search for the mountain range or river, but instead of trying to parse the JSON response, I used regex to find the countries associated that it was in:
countries = re.findall(r'country\d?\W*=\W*(\w+[ \w+]*)',respdata)

I then took these countries, and got all of their Alpha2 codes using Google's API.  After I finished 74 it printed the flag:


Flag was 0CTF{eNj0y_geography_l0v3_7hE_w0lRd}

Source code can be found here