Jump to content
Tuts 4 You

Recommended Posts

Posted

@Extreme Coders Thanks for the hint but that's what I know already ;) I know how everything should be composed but I thought there were some more hints about it (which I obviously don't see).
I have some time left now so I'll try to solve it :) .

 

Posted

@Castor Not too many hints they can give you. Once you test each constraint, establish the ranges of each, and try all of them. It'll take a small bit of computing power. You can always go at it again in a few months when it's cold outside.

  • Like 1
Posted
On 7/27/2016 at 5:44 PM, Rurik said:

@Castor Not too many hints they can give you. Once you test each constraint, establish the ranges of each, and try all of them. It'll take a small bit of computing power. You can always go at it again in a few months when it's cold outside.

Then I have to really be missing something...

Extreme Coders
Posted

The keyspace is much smaller than that. Just recheck the constraints on the parameters.

Any updates on the mobile challenge #5, the iOS app.
Without an apple device at hand, https://appetize.io/ is fine just for getting a feel of the game, but sadly at the end of the game, it wants to connect to some non existent domains to fetch the flag :( . Without access to real hardware nothing much can be done to override the check. Seems like a dead-end.

Posted

@AcidShout: There are 7 things to check, not 6..

@Extreme Coders: Thanks, did not know that site! :) I think I know the place where flag is decrypted but unless Appetize can give me debugging powers, I'm stuck. 

Extreme Coders
Posted (edited)

Appetize doesn't have debugging abilities. Also be sure to upload the simulator build not  the arm build.

Edited by Extreme Coders
Posted (edited)

@Extreme Coders

@kao

 

Thanks! I had a 

memcpy(key, "some random test key here", sizeof(...))

right before the decryption routine. What a dumb mistake. Went unnoticed for a few hours. Don't be an AcidShout!

Edited by AcidShout
  • Like 1
Guest Assalit
Posted

Extreme Coders, mobile 5 is possible to solve without apple hardware, for sure.

Have anyone here solved unix 3 task? That cat... random jumpy code... I fell like I've seen every part of the file, but I have no idea of getting anything from it.

It just prints a ASCII cat and does nothing (obfuscated nothing).

Can someone give a hit or something, please?

Posted

Unix 3 is best done statically. I'd recommend IDA.

Unix 4 though. I think I get what they did, and it's downright cruel. But even then only have 27 out of 918 blocks

Guest Assalit
Posted
13 hours ago, Rurik said:

Unix 3 is best done statically. I'd recommend IDA.

Unix 4 though. I think I get what they did, and it's downright cruel. But even then only have 27 out of 918 blocks

thx

Unix 4. Restoring file is not an end...

Posted
On 7/30/2016 at 0:56 PM, Assalit said:

mobile 5 is possible to solve without apple hardware, for sure.

Any hints on how to do that? Static analysis in IDA reveals only some interesting constants but nothing about the data being decrypted..

 

As for Unix tasks.. Well, I'm Windows guy with some skills in other fields. But I haven't even looked at Unix challenges yet. ;) 

Guest Assalit
Posted

Mobile 5.

Places that required to be visited on the way to the flag:

1. 2 funcs with constants

2. func with 2 xor loops (it should be easy to find)

3. some code before referensed string "http:\\pan"

4. site in the internet with something important (its posiible to get flag without, but ... reeeeeely luck based. I was unable to do so)

 

Posted

Awesome, thanks! I already had #1 and #2. :) I just didn't know how it fits into the big picture.

Posted

I found a valid serial for Windows Challenge #4 but it's still not the correct one. My serial is 38 characters long and after I press "Validate" it says "Congratulations bla bla.." but the decrypted flag is just gibberish ;-(. Any hints?

Posted (edited)

OK, I solved it.

Spoiler

I just had to simplify my state machine so that it took exactly 16 steps.

 

Edited by lazydaemon
Posted

any hint on windows 7?

got all parameters but still not working.

Posted
5 hours ago, m0rphiz3 said:

any hint on windows 7?

got all parameters but still not working.

I spent way too long on Windows 7's final step. First trying to write the same and brute force, then duplicate the reverse and decrypt.  I eventually decrypted it but did so with what should not work. 

Posted
9 hours ago, m0rphiz3 said:

any hint on windows 7?

got all parameters but still not working.

Decompile the encryption function and you will find it mostly a junk code and the algorithm is simple to reverse.

On 7/26/2016 at 10:12 AM, kao said:

I got stuck on Mobile #5 - solving that without Apple hardware doesn't seem realistic. :( And Threat #2 has utterly confusing requirements for Yara rule.
 

The GIF file isn't alone, check the EOF

 

Any hints for Random Challenge 1 and Unix Challenge 1? yeah I'm still struggling with level 1 :D

In Unix I got the GIF file with good header but still corrupted.

Posted

@fasya: yes, I have the archive and the text and the yara template. But creating the required regex is just a guessing game - not fun at all.

Extreme Coders
Posted

@fasya Random #1 is a base (??) encoding. Unix #1 requires to create your own decoding tools working on the file recursively.

Posted (edited)
5 hours ago, fasya said:

Decompile the encryption function and you will find it mostly a junk code and the algorithm is simple to reverse.

 

i am talking about the shellcode one, algo is *c4, 11 len key, in which 5 are constants..

Edited by m0rphiz3
silly mistake
Posted

The shellcode one was a bit tricky but after the hint Rurik gave to me made it pretty easy to solve.
My hint is to isolate the constants and understanding each of them.

Posted (edited)
9 hours ago, kao said:

@fasya: yes, I have the archive and the text and the yara template. But creating the required regex is just a guessing game - not fun at all.

I haven't been successful to submit a valid rule too. Although I created a valid yara rule that detects what they want and with the same character limitation. Could send it to you if you want.

9 hours ago, Extreme Coders said:

@fasya Random #1 is a base (??) encoding. Unix #1 requires to create your own decoding tools working on the file recursively.

Thanks @Extreme Coders for the hints, For Random #1 I did guessed that this long string must be base64 encoded but my problem is what I should do to get that string to a valid base64 encoded string. 

For Unix #1, I did deobfuscated the perl script and joined the 56 chunks both statically and by entering the right answers and in both cases I got a corrupted GIF.

4 hours ago, m0rphiz3 said:

i am talking about the shellcode one, algo is *c4, 11 len key, in which 5 are constants..

Remember this challenge loves to be debugged ;)

 

A really vague CTF with a lot of guessing :(

Edited by fasya
Extreme Coders
Posted
5 hours ago, fasya said:

For Random #1 I did guessed that this long string must be base64 encoded but my problem is what I should do to get that string to a valid base64 encoded string. 

base-64 is not the only possible base-n encoding. You are overthinking. It's a lot simpler.

5 hours ago, fasya said:

For Unix #1, I did deobfuscated the perl script and joined the 56 chunks both statically and by entering the right answers and in both cases I got a corrupted GIF.

There are more than 56 junks. Work recursively. Use regexp for automating.

5 hours ago, fasya said:

A really vague CTF with a lot of guessing :(

Fully agree with this. In many challenges, it was not sure what is the objective in the first place. It's simply a guess work as you say.

Posted
9 hours ago, fasya said:

Remember this challenge loves to be debugged ;)

i think you are talking about the fs[30] thing which is added to 69, yea considered that also, but not happening.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...