Added 3 more writeups

Author: ValarDragon

cryptography/decode-me-100-points.md

@@ -0,0 +1,32 @@
+# Decode Me - 100 points
+
+Someone I met today told me that they had a perfect encryption method. To prove that there is no such thing, I want you to decrypt this [encrypted flag](https://github.com/EasyCTF/easyctf-2017-problems/blob/master/decode-me/encrypted_flag.txt) he gave me.
+
+### Solution
+###### Writeup by Valar Dragon
+
+The input file ends in the iconic `=` sign, hinting at base64.
+And it b64 decodes, into another base64 string. So I wrote a short python3 script to perform repeated base64 decryption
+
+``` python
+import base64
+
+a = open('begin').read()
+a = a.replace('\n','').replace('\\n','')
+b64 = str(base64.standard_b64decode(a),'utf-8')
+
+while 'easyctf' not in b64:
+    b64 = str(base64.standard_b64decode(b64),'utf-8')
+print(b64)
+```
+
+which gives the flag
+``` bash
+$ python3 solve.py
+easyctf{what_1s_l0v3_bby_don7_hurt_m3}
+```
+
+
+### External Writeups
+
+* [https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/Decode%20Me/README.md](https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/Decode%20Me/README.md)

forensics/mane-event-50-points.md

@@ -0,0 +1,35 @@
+# Mane Event - 50 points
+
+My friend just got back from the plains and he took [this](https://raw.githubusercontent.com/EasyCTF/easyctf-2017-problems/master/mane-event/lion.jpg) picture with his new camera. He also told me there's a flag hidden in it - can you check it out for me?
+
+### Solution
+###### Writeup by Valar Dragon
+
+![mane_event.jpg](https://raw.githubusercontent.com/EasyCTF/easyctf-2017-problems/master/mane-event/lion.jpg)
+
+This is a great looking picture! Except it looks pretty normal, I doubt the flag has to do with manipulating pixels for only 50 points.
+
+Lets just see if the flag is in there as plaintext!
+
+``` bash
+$ cat mane_event.jpg | grep easyctf
+Binary file (standard input) matches
+```
+
+So the flag is in there as plaintext!
+You can open your favorite hex editor, and search through the hexdump and try to find the flag, but you can also get the flag without leaving the command line!
+
+``` bash
+$ cat mane_event.jpg | hexdump -c | grep 'e   a   s' -A 2 | sed 's/ //g'
+00016c0sts,easyctf{prid
+00016d0e_in_african_eng
+00016e0in33ring},2011B
+```
+Note that the reason for hexdump -c is so that grep doesn't interpret mane_event.jpg as a binary file. So we get the output with some spaces in between the chars! Then sed is removing the spaces.
+
+Our flag is then:
+`easyctf{pride_in_african_engin33ring}`
+
+### External Writeups
+
+* [https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/Mane%20Event/README.md](https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/Mane%20Event/README.md)

forensics/petty-difference-75-points.md

@@ -0,0 +1,32 @@
+# Petty Difference - 75 points
+
+I found two files in a secret room. They look like jumbled letters with no patterns. I mean look at it! [file1](https://github.com/EasyCTF/easyctf-2017-problems/blob/master/petty-difference/file1.txt) is identical to [file2](https://github.com/EasyCTF/easyctf-2017-problems/blob/master/petty-difference/file2.txt), right?
+
+### Solution
+###### Writeup by Valar Dragon
+
+Since it mentions the files being identical, lets look at the differing bytes!
+
+``` python
+a = open('file1').read()
+b = open('file2').read()
+c = ""
+d = ""
+for i in range(len(a)):
+    if(a[i]!=b[i]):
+        c += a[i]
+        d += b[i]
+print(c)
+print(d)
+```
+
+which gives the flag!
+``` bash
+$ python3 solve.py
+easyctf{th1s_m4y_b3_th3_d1ff3r3nc3_y0u_w3r3_l00k1ng_4}
+lfbz95eobcrtqadt7kdxz0dcisw{x5kik4pueriiebmavwnxdvwex9
+```
+
+### External Writeups
+
+* [https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/Petty%20Difference/README.md](https://github.com/HackThisCode/CTF-Writeups/blob/master/2017/EasyCTF/Petty%20Difference/README.md)