HMV Lab Temperance

For people who plays CTF and wants to program some shit.

levelx00

# Connect to the host and receive the message / Conecta al host y recibes la intro general.
    print('Receiving Intro')
    data = s.recv(1024)
    print(data)

    # Send "levelx00" to choose the level / Envia levelx00 para elegir el nivel.
    s.send(b'levelx00')

    # Receive the challenge / Recibe el challenge.
    print('Receiving challenge.')
    data2 = s.recv(1024)
    print(data2)

    # Send the challenge solved / Envia el resultado del challenge.
    print('Envio reto')
    s.send(data2)

    # Receive the flag / Recibe la flag.
    print('Recibo flag')
    data3 = s.recv(1024)
    print(data3)

levelx01

# Codename: levelx01
# Mission: This mission is similar to the previous one, but adding a minimum of complexity :)
# You will receive a string, you must return the same string and you will
# receive another string which you must also return.
s.send(b'levelx01')
while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(temp)

levelx02

# Codename: levelx02
# Mission: In this mission you will receive a string and you must return the same string but converted to uppercase.
s.send(b'levelx02')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(temp.upper())

levelx03

# Codename: levelx03
# Mission: In this mission you will receive a string in base64, you must do the decode and return the result.

s.send(b'levelx03')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(base64.b64decode(temp))

levelx04

# Codename: levelx04
# Mission: In this mission you will receive a string and you must return it in reverse.
s.send(b'levelx04')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(temp[::-1])

levelx05

 # Codename: levelx05
# Mission: In this mission you will receive a string and you must return the last 5 chars.
s.send(b'levelx05')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(temp[-5:])

levelx06

# Codename: levelx06
# Mission: In this mission you will receive a string and you must return its length. (as string, not as int).

s.send(b'levelx06')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(str(len(temp)).encode())

levelx07

# Codename:levelx07
# Mission: In this mission you will receive a string in hexadecimal format, you must return it converted to ascii.
s.send(b'levelx07')
while True:
    temp = s.recv(1024)
    # 474b736a55527876496d7468446b6e65434c417a694f575062
    print(temp)

    if b'Flag' in temp:
        break
    s.send(bytes.fromhex(temp.decode()))

levelx08

# Codename:levelx08
# Mission: In this mission you will receive 2 numbers, you must return the result of adding both.

s.send(b'levelx08')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp = temp.split()
    s.send(str(int(temp[0]) + int(temp[1])).encode())

levelx09

def decrypt_rot13(string):
    solvedArray = []
    for i in string:
        i = ord(i)
        if (i >= 97 and i <= 122):  # If ASCII letter is lowercase - ASCII Value from 97 till 122
            ogAns = chr(i)
            rot13_uni = int(i + 13)
            print("rot13_uni is: ", rot13_uni)
            if (rot13_uni > 122):
                ans = chr(i - 13)
                print("-------")
                print("13 is being deducted")
                print("Original answer:", ogAns, " Changed answer: ", ans)
                print("Original unicode value=", i)
                print("Changed unicode value=", i - 13)
                solvedArray.append(ans)
            else:
                ans = chr(i + 13)
                print("-------")
                print("13 is being added")
                print("Original answer:", ogAns, " Changed answer: ", ans)
                print("Original unicode value=", i)
                print("Changed unicode value=", i + 13)
                solvedArray.append(ans)
        elif (i >= 65 and i <= 90):  # or If ASCII letter is uppercase - ASCII Value from 65 till 90.
            ogAns = chr(i)
            rot13_uni = int(i + 13)
            print("rot13_uni is: ", rot13_uni)
            if (rot13_uni > 90):
                ans = chr(i - 13)
                print("-------")
                print("13 is being deducted")
                print("Original answer:", ogAns, " Changed answer: ", ans)
                print("Original unicode value=", i)
                print("Changed unicode value=", i - 13)
                solvedArray.append(ans)
            else:
                ans = chr(i + 13)
                print("-------")
                print("13 is being added")
                print("Original answer:", ogAns, " Changed answer: ", ans)
                print("Original unicode value=", i)
                print("Changed unicode value=", i + 13)
                solvedArray.append(ans)
        else:
            ans = chr(i)
            print("-------")
            print("SPECIAL CHARACTER: ", ans)  # In case of any other characters.
            solvedArray.append(ans)

    # Convert Array to string
    return "".join([str(i) for i in solvedArray])


# Codename:levelx09
# Mission: In this mission you will receive a string encrypted with ROT13, you must decode it and return the result.

s.send(b'levelx09')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    s.send(decrypt_rot13(temp.decode()).encode())

levelx10

# Codename:levelx10
# Mission: In this mission you will receive numbers separated by spaces, you must return them in order from
# smallest to largest and without separating them with spaces.

s.send(b'levelx10')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    temp2.sort()
    print(temp2)
    s.send(str.encode("".join(temp2)))

levelx11

 # Codename: levelx11
# Mission: In this mission you will receive a string in Morse code, you must decode it and return it.
#
# Example:
# HMV(Input): .-- ...- .-. --.. -... --.. ... ..- ...-- .... ..--- -.- ...
# .-- --... .-- .... ---.. -..- ..-. .... .. ----. .-. ....
#
# Hacker(Output): WVRZBZSU3H2KSW7WH8XFHI9RH

s.send(b'levelx11')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    print(temp2)
    # Convert Morse code to text
    # Morse code dictionary
    morse_code_dict = {
        'A': '.-', 'B': '-...', 'C': '-.-.', 'D': '-..', 'E': '.', 'F': '..-.', 'G': '--.', 'H': '....',
        'I': '..', 'J': '.---', 'K': '-.-', 'L': '.-..', 'M': '--', 'N': '-.', 'O': '---', 'P': '.--.',
        'Q': '--.-', 'R': '.-.', 'S': '...', 'T': '-', 'U': '..-', 'V': '...-', 'W': '.--', 'X': '-..-',
        'Y': '-.--', 'Z': '--..',
        '0': '-----', '1': '.----', '2': '..---', '3': '...--', '4': '....-', '5': '.....', '6': '-....',
        '7': '--...', '8': '---..', '9': '----.'
    }
    # Convert Morse code to text
    solvedArray = []
    for i in temp2:
        for key, value in morse_code_dict.items():
            if i == value:
                solvedArray.append(key)
    # Convert Array to string
    s.send(str.encode("".join(solvedArray)))

levelx12

 # Codename: levelx12
# Mission: In this mission you receive a string and a number, you must return the string repeated n number of times.
#
# Example:
# HMV(Input): JwSIK 17
#
# Hacker(Output): JwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIKJwSIK

s.send(b'levelx12')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    print(temp2)
    solvedArray = []
    for i in range(int(temp2[1])):
        solvedArray.append(temp2[0])
    s.send(str.encode("".join(solvedArray)))

levelx13

 # Codename: levelx13
# Mission: In this mission you receive a list of strings, you must sort them alphabetically and return the last string in the list.
# The characters "[" and "]" must be removed.
#
# Example:
# HMV(Input): [QJIFc brxkaCWxRDNRMjMDNQBcYPi wpzZBxlRMrvchppNmZcsSsqnSxQd nWxEVnDjUIWObjfZ gfsqzTsgfYYVjx wDeVgobCvrlaM cLFTLXrpnmSYsVaaTDnVArG
# dRbEsX KenQzY ZhDilcASluwhjcHlOrrX nPVXUIZELLdcm RsSrmYVHvonLJnv]
#
# Hacker(Output): wpzZBxlRMrvchppNmZcsSsqnSxQd

s.send(b'levelx13')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    temp2.sort()
    print(temp2)
    s.send(str.encode("".join(temp2[-1].replace('[', '').replace(']', ''))))

levelx14

# Codename: levelx14
# Mission: In this mission you receive a string and a character, you must return the number
# of times the character is repeated in the string.
#
# Example:
# HMV(Input): Kd5vfizCyqgwN2HlEWq2ZOMkaZmar7rmyCl0ssGf078aJ5J3FJKvLzijiqSbsK8ChhLZ1AI3GVhWnYXixY7J4q7KqKSA8t
# VYsQo0LHjjsGSyLHM9lwi8nVhQA7EUBFo1MJ2gPGo2Nywsz7qlq9C7cKC2xyTdVXVhciK6gMVgRdlOktkx5IMXcnHOSbsnagqDBM56CF87MBT2X
# MvUAPRbiEuZsMSIFGpFcNYAPOGD04def3j6a15xCVosZ9wLJI5cAk07aUxULniLYzWjCk64ZDsvisGlG2wqIFpMwnMG24T52yHCQlwYYRNrTsLs
# awZzcUfeutE00WRvcAPyRAYsJRXqaFX9m9teOIA1UqoZfLkRdur3pla6cJxYGl1hi1REClkarFwCFmOAflXN2BZL8mzzK9wixxsvqx7iCL5ky79
# 0pF74MRXt8t09z2zW20qJTLg2UiAvl1ZQ8uB7JhVojRFY4LdW8bS6rQQ4iQGJwyeAzkNaPzwlQIFLdgt9UhdXIstPo7TotSSG60g1ln9G6w1OPU
# K951lrGrKmrCKEUvoGyL3HkToZtkywcL0eYyrW1BrkPTs95TvoUhLjp5Es3mqE x

s.send(b'levelx14')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    print(temp2)
    s.send(str.encode(str(temp2[0].count(temp2[1]))))

levelx15

# Codename: levelx15
# Mission: In this mission you receive a series of numbers, you must return what the next number in the series would be.
#
# Example:
# HMV(Input): 59 140 221 302 383
#
# Hacker(Output): 464

s.send(b'levelx15')

while True:
    temp = s.recv(1024)
    print(temp)
    if b'Flag' in temp:
        break
    temp2 = temp.decode('utf-8').split(' ')
    print(temp2)
    s.send(str.encode(str(int(temp2[-1]) + int(temp2[1]) - int(temp2[0]))))

levelx16

# Codename: levelx16
# Mission: In this mission you receive a png encoded in base64, you must decode it and return
# the size in pixels of its width and height.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAADQAAABeCAYAAABsFzfXAAAAfUlEQVR4nOzPAQkAMBBFobH+oa/G46MN/G+MUJ1QnVCdU
# J1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVCdUJ1QnVC
# dUN1c6AIAAP//yOQAvaQI2KYAAAAASUVORK5CYII=
#
# Hacker(Output): 52x94

s.send(b'levelx16')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
from PIL import Image

data = base64.b64decode(temp2)
img = Image.open(io.BytesIO(data))
print(img.size)
s.send(str.encode(str(img.size[0]) + 'x' + str(img.size[1])))

print(s.recv(1024))

levelx17

# Codename: levelx17
# Mission: In this mission you receive a 1 pixel png encoded in base64, you must decode it and return the last RGBA value.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAAEUlEQVR4nGI6OPmFIiAAAP//Br0CYI/JSpAAAAAASUVORK5CYII=
#
# Hacker(Output): 33

s.send(b'levelx17')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
from PIL import Image

data = base64.b64decode(temp2)
img = Image.open(io.BytesIO(data))

print(img.getpixel((0, 0)))
s.send(str.encode(str(img.getpixel((0, 0))[-1])))
print(s.recv(1024))

levelx18

# Codename: levelx18
    # Mission: In this mission you receive a string and you must return the string converted to binary.
    #
    # Example:
    # HMV(Input): gEmcaIqBNT1z7ikGg1y0RlWZ4ApGvzmOrMBNtHQuycspIMoWDk
    #
    # Hacker(Output): 0110011101000101011011010110001101100001010010010111000101000010010011100101010000
    # 110001011110100011011101101001011010110100011101100111001100010111100100110000010100100110110001010
    # 111010110100011010001000001011100000100011101110110011110100110110101001111011100100100110101000010
    # 010011100111010001001000010100010111010101111001011000110111001101110000010010010100110101101111010
    # 101110100010001101011

    s.send(b'levelx18')
    temp = s.recv(1024)
    print(temp)

    temp2 = temp.decode('utf-8')
    print(temp2)

    s.send(str.encode(''.join(format(ord(i), '08b') for i in temp2)))
    print(s.recv(1024))

levelx19

  # Codename: levelx19
# Mission: In this mission you will receive a zip file encoded in base64, the zip file contains a .txt file
# which contains a string inside. You should return the string inside the .txt file.
#
# Example:
# HMV(Input): UEsDBBQACAAIAAAAAAAAAAAAAAAAAAAAAAAHAAAASE1WLnR4dKpMCg7NTk5yC6+qCnANyckzt0j1Mwp2KgpK9
# kg1yw4K8TLNdPPPzjExqKzMyQlNLTfLAgQAAP//UEsHCMc6NsY4AAAAMgAAAFBLAQIUABQACAAIAAAAAADHOjbGOAAAADIAAAAHAAA
# AAAAAAAAAAAAAAAAAAABITVYudHh0UEsFBgAAAAABAAEANQAAAG0AAAAAAA==
#
# Hacker(Output): ybSUkcbFWzzPETln78eN2SBrRcHe6kRTJ5iFOkl40yyllUew6j

s.send(b'levelx19')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
import zipfile

data = base64.b64decode(temp2)
with open('temp.zip', 'wb') as f:
    f.write(data)
with zipfile.ZipFile('temp.zip', 'r') as z:
    with z.open(z.namelist()[0]) as f:
        str_data = f.read().decode('utf-8')
        print(str_data)
        s.send(str_data.encode('utf-8'))
print(s.recv(1024))

levelx20

 # Codename: levelx20
# Mission: In this mission you receive some of the first 50 words from the Rockyou dictionary in MD5.
# You must send which word the md5 corresponds to.
#
# Example:
# HMV(Input): f25a2fc72690b780b2a14e140ef6a9e0
#
# Hacker(Output): iloveyou

s.send(b'levelx20')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)
import hashlib

# 读取./rockyou.txt 前 50 行
rockyou_md5_dic = {}
with open('./rockyou.txt', 'r', encoding='ISO-8859-1') as f:
    rockyou = f.readlines()[:50]
    for line in rockyou:
        rockyou_md5_dic.update({hashlib.md5(line.strip().encode()).hexdigest(): line.strip()})

print(len(rockyou_md5_dic))
find = rockyou_md5_dic.get(temp2)
print(find)
s.send(str.encode(find))
print(s.recv(1024))

levelx21

# Codename: levelx21
# Mission: In this mission you will receive a number and you must return what amount of KB that number corresponds to.
#
# Example:
# HMV(Input): 52321
#
# Hacker(Output): 51.09KB

s.send(b'levelx21')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

s.send(str.encode(calculate_kb(float(temp2))))

print(s.recv(1024))

levelx22

# Codename: levelx22
# Mission: In this mission you will receive a list of decimal numbers, you must return them converted into their value to ASCII.
#
# Example:
# HMV(Input): 56 116 110 76 90 70 119 49 103 66
#
# Hacker(Output): 8tnLZFw1gB

s.send(b'levelx22')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8').split(' ')
print(temp2)

result = ''
for i in temp2:
    result += chr(int(i))

print(result)
s.send(str.encode(result))
print(s.recv(1024))

levelx23

 # Codename: levelx23
# Mission: In this mission you will receive a 5x1 pixel png encoded in base64, you must read the last RGBA
# value of each pixel, convert it to ascii and return the result.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAAUAAAABCAYAAAAW/mTzAAAAIklEQVR4nGJpk+BMd+Jkvbf
# n02/lr5f+c1U+5TwOCAAA//9bkgoL6P+/xQAAAABJRU5ErkJggg==
#
# Hacker(Output): gEhr9

s.send(b'levelx23')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
from PIL import Image

img = Image.open(io.BytesIO(base64.b64decode(temp2)))
print(img.size)

result = ''
for x in range(5):
    r, g, b, a = img.getpixel((x, 0))
    result += chr(a)

print(result)
s.send(str.encode(result))

print(s.recv(1024))

levelx24

# Codename: levelx24
# Mission: In this mission you will receive a URL which you must visit, you must return the string found on the web.
#
# Example:
# HMV(Input): http://temperance.hackmyvm.eu:8090/uwu/3312
#
# Hacker(Output): 4441514

s.send(b'levelx24')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import requests

r = requests.get(temp2)
print(r.text)
s.send(str.encode(r.text))

print(s.recv(1024))

levelx25

# Codename: levelx25
# Mission: In this mission you will receive a URL which you must visit, you must return
# the value found in a header (HMV-Header).
#
# Example:
# HMV(Input): http://temperance.hackmyvm.eu:8090/head/673
#
# Hacker(Output): 917182

s.send(b'levelx25')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import requests

r = requests.get(temp2)
print(r.headers)
s.send(str.encode(r.headers['Hmv-Code']))

print(s.recv(1024))

levelx26

 # Codename: levelx26
# Mission: In this mission you will receive a png encoded in base64, you must decode it and send the number found in the image.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAJYAAAAyCAYAAAC+jCIaAAABL0lEQVR4nOzYQU6zQBiA4fbPfxWX3v8gL
# j1MTRcmhBQ6VN5azPNs1BkzkvAGv/LvBAFhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRA
# Wif97H3h5f7vcWj9/fJ7nvzNd27K3dN6WvZHr5MVNb+LS91v27q1/r63tjZ7Fi1qL5TQYwdYYHglLVPtKZ6zrzXr2v5ZHnki/c
# Z1/3e4zVunWjHX9Ol+fzmlLe7SysPZ+CszPm/689nfuXYOnVeMwrxvcfIbnnNFPhXsN4aOfNPm5p89Y8xloZO/WbLT0rmp+5to
# ecDCHmbE4FmGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWCWGREBYJYZEQFglhkRAWia8AAAD//6oWtSXo+kn1AAAAAElFTkSuQmCC
#
# Hacker(Output): 7006997

s.send(b'levelx26')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import base64
import io
from PIL import Image

img = Image.open(io.BytesIO(base64.b64decode(temp2)))
print(img.size)
# 写入图片
img.save('levelx26.png')
# import ddddocr
#
# ocr = ddddocr.DdddOcr(beta=True)
# result = ocr.classification(img, png_fix=True,)
# print(result)
# s.send(str.encode(result))

import pyocr
import pyocr.builders

tools = pyocr.get_available_tools()
if len(tools) == 0:
    print("No OCR tool found")
    exit(1)
ocr_tool = tools[0]
text = ocr_tool.image_to_string(
    img,
    lang='eng',
    builder=pyocr.builders.TextBuilder()
)
print(text)
s.send(str.encode(text))

print(s.recv(1024))

levelx27

 # Codename: levelx27
# Mission: In this mission you will receive a URL which you must visit, in the body of the
# URL there is data from a /etc/passwd file, you must return the UID of the proxy user.
#
# Example:
# HMV(Input): http://temperance.hackmyvm.eu:8090/cumment/3390/
# HMV(Web Body): ---SNIP--- proxy:x:4735654:13:proxy:/bin:/usr/sbin/nologin ---SNIP---
#
# Hacker(Output): 4735654

s.send(b'levelx27')
temp = s.recv(1024)
print(temp)

temp2 = temp.decode('utf-8')
print(temp2)

import requests

r = requests.get(temp2)
text = r.text
print(text)
for line in text.split('\n'):
    if 'proxy:' in line:
        print(line)
        print(line.split(':')[2])
        s.send(str.encode(line.split(':')[2]))

print(s.recv(1024))

levelx28

# Codename: levelx28
# Mission: In this mission you receive a JWT token. You must decode it and send the value of the HMVKey. (Default key).
#
# Example:
# HMV(Input): eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJITVZLZXkiOiJVbHFlc0h0bHZIQVdEYVAifQ.65O1aZHiVaGep-QA0-LZRnWXcDF8bZT_E7BXvXaYMUI
#
# Hacker(Output): UlqesHtlvHAWDaP

s.send(b'levelx28')
temp = s.recv(1024)
print(temp)

import base64

temp2 = temp.decode('utf-8')
print(temp2)
parts = temp2.split('.')
print(parts)
payload_part = json.loads(decode_base64(parts[1]).decode())

print(payload_part)

s.send(str.encode(payload_part['HMVKey']))

print(s.recv(1024))

levelx29

# Codename: levelx29
# Mission: In this mission you receive 2 coordinates, you must calculate how many KM there are between them
# and return the result (with 3 decimal).
#
# Example:
# HMV(Input): Lat: 23 Lon: 21 - Lat: 25 Lon: 16
#
# Hacker(Output): 554.830

s.send(b'levelx29')
temp = s.recv(1024)
temp2 = temp.decode('utf-8')
print(temp2)
# Lat: 90 Lon: 38 - Lat: 24 Lon: 79
# 匹配出数字
import re

result = re.findall(r'\d+', temp2)
print(result)
# 计算距离
from geopy.distance import geodesic

pa = Point(latitude=result[0], longitude=result[1])
pb = Point(latitude=result[2], longitude=result[3])
print(geodesic(pa, pb).kilometers)
s.send(str.encode(str(round(geodesic(pa, pb).kilometers, 3))))

print(s.recv(1024))

levelx30

 # Codename: levelx30
# Mission: In this mission we must use XOR and send the resulting string.(key=HMV)
#
# Example:
# HMV(Input): <49#0,)'%;:!0.!,
# ,�"?!/
#
# Hacker(Output): tyMafELksowokYfddVZjsswwxcwdDJMGsMKaENYVaLMJDjrRib

s.send(b'levelx30')
temp = s.recv(1024)
temp2 = temp.decode('utf-8')
print(temp2)

key = 'HMV'
result = ''
for i in range(len(temp2)):
    result += chr(ord(temp2[i]) ^ ord(key[i % len(key)]))

print(result)
s.send(str.encode(result))

print(s.recv(1024))

levelx31

# Codename: levelx31
# Mission: In this mission you receive a png encoded in base64, you must decode it, read the QR code found inside
# and return the string that indicates the QR.
#
# Example:
# HMV(Input): iVBORw0KGgoAAAANSUhEUgAAAGQAAABkEAAAAAAFGRbLAAABn0lEQVR4nOyazW7EMAiEm2rf/5W3J1+IED8mzXg033GbxhnhERjz+
# X5/KPh9+wOmkBA0JAQNCUHjY3+4rt6LvHy03hf9fXc9mohICBo3jyyyNZi3x6037HP2/bvr0UREQtBwPbLw9mQ3b0ReqK63oImIhKARemSXyDNT0EREQtB
# 4zCPZGmwKmohICBqhR7p72Z5Dst7orkcTEQlBw/VIt9/kYT1jvbC7Hk1EJASNa7rm+a/zh4UmIhKChns/4vVsPdbzUX7o5g/1tU6DRkg6j0zt9YjoPsXLU
# zQRkRA02ueRqie8PZ69D4lqOJqISAga5VmU6kyJ54VqXlKtdRo0Qm4eiWoaS7ZPlX1vNn+p1kKHRsj2vFa1JvLY9Q5NRCQEjfG5324+6XpyQRMRCUFjfO4
# 3u/e7s42qtU6BRsj43K/9v6iflZ2dV1/rNGiEPDbTmO1nRbWY/d2DJiISgsbjc79RPvCeq575aSIiIWiMz/1m+1LReaP6HTQRkRA0xud+s3eJ1fyi88hp0
# AgZn/t9C5qISAgaEoKGhKDxFwAA//9Pk6bevZKZBwAAAABJRU5ErkJggg==
#
# Hacker(Output): xfZfsIM

s.send(b'levelx31')
temp = s.recv(1024)
temp2 = temp.decode('utf-8')
print(temp2)
import base64

imgdata = base64.b64decode(temp2)
filename = 'levelx31.png'
with open(filename, 'wb') as f:
    f.write(imgdata)

import cv2

img = cv2.imread(filename)
qrCodeDetector = cv2.QRCodeDetector()
data, bbox, straight_qrcode = qrCodeDetector.detectAndDecode(img)

s.send(str.encode(data))

print(s.recv(1024))

levelx32

# Codename: levelx32
# Mission: In this mission you receive an md5 and a string. You must permute the string until it matches md5 and return the string.
#
# Example:
# HMV(Input): c142e7e8b1d42f4d6f36dfa760174b3a KOSltuvxy
#
# Hacker(Output): OSylutxKv

s.send(b'levelx32')
temp = s.recv(1024)
temp2 = temp.decode('utf-8')
print(temp2)

import hashlib

parts = temp2.split(' ')
print(parts)
md5 = parts[0]
string = parts[1]

letters = list(string)
print(letters)
# 所有字母的排列组合
result = ''
import itertools

for perm in itertools.permutations(letters):
    result = ''.join(perm)
    if hashlib.md5(result.encode()).hexdigest() == md5:
        break

print(result)
s.send(str.encode(result))

print(s.recv(1024))