July 26, 20169 yr @Extreme Coders Thanks for the hint but that's what I know already I know how everything should be composed but I thought there were some more hints about it (which I obviously don't see). I have some time left now so I'll try to solve it .
July 27, 20169 yr @Castor Not too many hints they can give you. Once you test each constraint, establish the ranges of each, and try all of them. It'll take a small bit of computing power. You can always go at it again in a few months when it's cold outside.
July 29, 20169 yr On 7/27/2016 at 5:44 PM, Rurik said: @Castor Not too many hints they can give you. Once you test each constraint, establish the ranges of each, and try all of them. It'll take a small bit of computing power. You can always go at it again in a few months when it's cold outside. Then I have to really be missing something...
July 29, 20169 yr The keyspace is much smaller than that. Just recheck the constraints on the parameters. Any updates on the mobile challenge #5, the iOS app. Without an apple device at hand, https://appetize.io/ is fine just for getting a feel of the game, but sadly at the end of the game, it wants to connect to some non existent domains to fetch the flag . Without access to real hardware nothing much can be done to override the check. Seems like a dead-end.
July 29, 20169 yr Author @AcidShout: There are 7 things to check, not 6.. @Extreme Coders: Thanks, did not know that site! I think I know the place where flag is decrypted but unless Appetize can give me debugging powers, I'm stuck.
July 29, 20169 yr Appetize doesn't have debugging abilities. Also be sure to upload the simulator build not the arm build. Edited July 29, 20169 yr by Extreme Coders
July 29, 20169 yr @Extreme Coders @kao Thanks! I had a memcpy(key, "some random test key here", sizeof(...)) right before the decryption routine. What a dumb mistake. Went unnoticed for a few hours. Don't be an AcidShout! Edited July 29, 20169 yr by AcidShout
July 30, 20169 yr Extreme Coders, mobile 5 is possible to solve without apple hardware, for sure. Have anyone here solved unix 3 task? That cat... random jumpy code... I fell like I've seen every part of the file, but I have no idea of getting anything from it. It just prints a ASCII cat and does nothing (obfuscated nothing). Can someone give a hit or something, please?
July 30, 20169 yr Unix 3 is best done statically. I'd recommend IDA. Unix 4 though. I think I get what they did, and it's downright cruel. But even then only have 27 out of 918 blocks
July 31, 20169 yr 13 hours ago, Rurik said: Unix 3 is best done statically. I'd recommend IDA. Unix 4 though. I think I get what they did, and it's downright cruel. But even then only have 27 out of 918 blocks thx Unix 4. Restoring file is not an end...
August 2, 20169 yr Author On 7/30/2016 at 0:56 PM, Assalit said: mobile 5 is possible to solve without apple hardware, for sure. Any hints on how to do that? Static analysis in IDA reveals only some interesting constants but nothing about the data being decrypted.. As for Unix tasks.. Well, I'm Windows guy with some skills in other fields. But I haven't even looked at Unix challenges yet.
August 2, 20169 yr Mobile 5. Places that required to be visited on the way to the flag: 1. 2 funcs with constants 2. func with 2 xor loops (it should be easy to find) 3. some code before referensed string "http:\\pan" 4. site in the internet with something important (its posiible to get flag without, but ... reeeeeely luck based. I was unable to do so)
August 2, 20169 yr Author Awesome, thanks! I already had #1 and #2. I just didn't know how it fits into the big picture.
August 9, 20169 yr I found a valid serial for Windows Challenge #4 but it's still not the correct one. My serial is 38 characters long and after I press "Validate" it says "Congratulations bla bla.." but the decrypted flag is just gibberish ;-(. Any hints?
August 9, 20169 yr OK, I solved it. Spoiler I just had to simplify my state machine so that it took exactly 16 steps. Edited August 9, 20169 yr by lazydaemon
August 10, 20169 yr 5 hours ago, m0rphiz3 said: any hint on windows 7? got all parameters but still not working. I spent way too long on Windows 7's final step. First trying to write the same and brute force, then duplicate the reverse and decrypt. I eventually decrypted it but did so with what should not work.
August 10, 20169 yr 9 hours ago, m0rphiz3 said: any hint on windows 7? got all parameters but still not working. Decompile the encryption function and you will find it mostly a junk code and the algorithm is simple to reverse. On 7/26/2016 at 10:12 AM, kao said: I got stuck on Mobile #5 - solving that without Apple hardware doesn't seem realistic. And Threat #2 has utterly confusing requirements for Yara rule. The GIF file isn't alone, check the EOF Any hints for Random Challenge 1 and Unix Challenge 1? yeah I'm still struggling with level 1 In Unix I got the GIF file with good header but still corrupted.
August 10, 20169 yr Author @fasya: yes, I have the archive and the text and the yara template. But creating the required regex is just a guessing game - not fun at all.
August 10, 20169 yr @fasya Random #1 is a base (??) encoding. Unix #1 requires to create your own decoding tools working on the file recursively.
August 10, 20169 yr 5 hours ago, fasya said: Decompile the encryption function and you will find it mostly a junk code and the algorithm is simple to reverse. i am talking about the shellcode one, algo is *c4, 11 len key, in which 5 are constants.. Edited August 10, 20169 yr by m0rphiz3 silly mistake
August 10, 20169 yr The shellcode one was a bit tricky but after the hint Rurik gave to me made it pretty easy to solve. My hint is to isolate the constants and understanding each of them.
August 11, 20169 yr 9 hours ago, kao said: @fasya: yes, I have the archive and the text and the yara template. But creating the required regex is just a guessing game - not fun at all. I haven't been successful to submit a valid rule too. Although I created a valid yara rule that detects what they want and with the same character limitation. Could send it to you if you want. 9 hours ago, Extreme Coders said: @fasya Random #1 is a base (??) encoding. Unix #1 requires to create your own decoding tools working on the file recursively. Thanks @Extreme Coders for the hints, For Random #1 I did guessed that this long string must be base64 encoded but my problem is what I should do to get that string to a valid base64 encoded string. For Unix #1, I did deobfuscated the perl script and joined the 56 chunks both statically and by entering the right answers and in both cases I got a corrupted GIF. 4 hours ago, m0rphiz3 said: i am talking about the shellcode one, algo is *c4, 11 len key, in which 5 are constants.. Remember this challenge loves to be debugged A really vague CTF with a lot of guessing Edited August 11, 20169 yr by fasya
August 11, 20169 yr 5 hours ago, fasya said: For Random #1 I did guessed that this long string must be base64 encoded but my problem is what I should do to get that string to a valid base64 encoded string. base-64 is not the only possible base-n encoding. You are overthinking. It's a lot simpler. 5 hours ago, fasya said: For Unix #1, I did deobfuscated the perl script and joined the 56 chunks both statically and by entering the right answers and in both cases I got a corrupted GIF. There are more than 56 junks. Work recursively. Use regexp for automating. 5 hours ago, fasya said: A really vague CTF with a lot of guessing Fully agree with this. In many challenges, it was not sure what is the objective in the first place. It's simply a guess work as you say.
August 11, 20169 yr 9 hours ago, fasya said: Remember this challenge loves to be debugged i think you are talking about the fs[30] thing which is added to 69, yea considered that also, but not happening.
Create an account or sign in to comment