Downpour Posted July 26, 2016 Posted July 26, 2016 @Extreme Coders Thanks for the hint but that's what I know already I know how everything should be composed but I thought there were some more hints about it (which I obviously don't see). I have some time left now so I'll try to solve it .
Rurik Posted July 27, 2016 Posted July 27, 2016 @Castor Not too many hints they can give you. Once you test each constraint, establish the ranges of each, and try all of them. It'll take a small bit of computing power. You can always go at it again in a few months when it's cold outside. 1
AcidShout Posted July 29, 2016 Posted July 29, 2016 On 7/27/2016 at 5:44 PM, Rurik said: @Castor Not too many hints they can give you. Once you test each constraint, establish the ranges of each, and try all of them. It'll take a small bit of computing power. You can always go at it again in a few months when it's cold outside. Then I have to really be missing something...
Extreme Coders Posted July 29, 2016 Posted July 29, 2016 The keyspace is much smaller than that. Just recheck the constraints on the parameters. Any updates on the mobile challenge #5, the iOS app. Without an apple device at hand, https://appetize.io/ is fine just for getting a feel of the game, but sadly at the end of the game, it wants to connect to some non existent domains to fetch the flag . Without access to real hardware nothing much can be done to override the check. Seems like a dead-end.
kao Posted July 29, 2016 Author Posted July 29, 2016 @AcidShout: There are 7 things to check, not 6.. @Extreme Coders: Thanks, did not know that site! I think I know the place where flag is decrypted but unless Appetize can give me debugging powers, I'm stuck.
Extreme Coders Posted July 29, 2016 Posted July 29, 2016 (edited) Appetize doesn't have debugging abilities. Also be sure to upload the simulator build not the arm build. Edited July 29, 2016 by Extreme Coders
AcidShout Posted July 29, 2016 Posted July 29, 2016 (edited) @Extreme Coders @kao Thanks! I had a memcpy(key, "some random test key here", sizeof(...)) right before the decryption routine. What a dumb mistake. Went unnoticed for a few hours. Don't be an AcidShout! Edited July 29, 2016 by AcidShout 1
Guest Assalit Posted July 30, 2016 Posted July 30, 2016 Extreme Coders, mobile 5 is possible to solve without apple hardware, for sure. Have anyone here solved unix 3 task? That cat... random jumpy code... I fell like I've seen every part of the file, but I have no idea of getting anything from it. It just prints a ASCII cat and does nothing (obfuscated nothing). Can someone give a hit or something, please?
Rurik Posted July 30, 2016 Posted July 30, 2016 Unix 3 is best done statically. I'd recommend IDA. Unix 4 though. I think I get what they did, and it's downright cruel. But even then only have 27 out of 918 blocks
Guest Assalit Posted July 31, 2016 Posted July 31, 2016 13 hours ago, Rurik said: Unix 3 is best done statically. I'd recommend IDA. Unix 4 though. I think I get what they did, and it's downright cruel. But even then only have 27 out of 918 blocks thx Unix 4. Restoring file is not an end...
kao Posted August 2, 2016 Author Posted August 2, 2016 On 7/30/2016 at 0:56 PM, Assalit said: mobile 5 is possible to solve without apple hardware, for sure. Any hints on how to do that? Static analysis in IDA reveals only some interesting constants but nothing about the data being decrypted.. As for Unix tasks.. Well, I'm Windows guy with some skills in other fields. But I haven't even looked at Unix challenges yet.
Guest Assalit Posted August 2, 2016 Posted August 2, 2016 Mobile 5. Places that required to be visited on the way to the flag: 1. 2 funcs with constants 2. func with 2 xor loops (it should be easy to find) 3. some code before referensed string "http:\\pan" 4. site in the internet with something important (its posiible to get flag without, but ... reeeeeely luck based. I was unable to do so)
kao Posted August 2, 2016 Author Posted August 2, 2016 Awesome, thanks! I already had #1 and #2. I just didn't know how it fits into the big picture.
lazydaemon Posted August 9, 2016 Posted August 9, 2016 I found a valid serial for Windows Challenge #4 but it's still not the correct one. My serial is 38 characters long and after I press "Validate" it says "Congratulations bla bla.." but the decrypted flag is just gibberish ;-(. Any hints?
lazydaemon Posted August 9, 2016 Posted August 9, 2016 (edited) OK, I solved it. Spoiler I just had to simplify my state machine so that it took exactly 16 steps. Edited August 9, 2016 by lazydaemon
m0rphiz3 Posted August 10, 2016 Posted August 10, 2016 any hint on windows 7? got all parameters but still not working.
Rurik Posted August 10, 2016 Posted August 10, 2016 5 hours ago, m0rphiz3 said: any hint on windows 7? got all parameters but still not working. I spent way too long on Windows 7's final step. First trying to write the same and brute force, then duplicate the reverse and decrypt. I eventually decrypted it but did so with what should not work.
fasya Posted August 10, 2016 Posted August 10, 2016 9 hours ago, m0rphiz3 said: any hint on windows 7? got all parameters but still not working. Decompile the encryption function and you will find it mostly a junk code and the algorithm is simple to reverse. On 7/26/2016 at 10:12 AM, kao said: I got stuck on Mobile #5 - solving that without Apple hardware doesn't seem realistic. And Threat #2 has utterly confusing requirements for Yara rule. The GIF file isn't alone, check the EOF Any hints for Random Challenge 1 and Unix Challenge 1? yeah I'm still struggling with level 1 In Unix I got the GIF file with good header but still corrupted.
kao Posted August 10, 2016 Author Posted August 10, 2016 @fasya: yes, I have the archive and the text and the yara template. But creating the required regex is just a guessing game - not fun at all.
Extreme Coders Posted August 10, 2016 Posted August 10, 2016 @fasya Random #1 is a base (??) encoding. Unix #1 requires to create your own decoding tools working on the file recursively.
m0rphiz3 Posted August 10, 2016 Posted August 10, 2016 (edited) 5 hours ago, fasya said: Decompile the encryption function and you will find it mostly a junk code and the algorithm is simple to reverse. i am talking about the shellcode one, algo is *c4, 11 len key, in which 5 are constants.. Edited August 10, 2016 by m0rphiz3 silly mistake
Downpour Posted August 10, 2016 Posted August 10, 2016 The shellcode one was a bit tricky but after the hint Rurik gave to me made it pretty easy to solve. My hint is to isolate the constants and understanding each of them.
fasya Posted August 11, 2016 Posted August 11, 2016 (edited) 9 hours ago, kao said: @fasya: yes, I have the archive and the text and the yara template. But creating the required regex is just a guessing game - not fun at all. I haven't been successful to submit a valid rule too. Although I created a valid yara rule that detects what they want and with the same character limitation. Could send it to you if you want. 9 hours ago, Extreme Coders said: @fasya Random #1 is a base (??) encoding. Unix #1 requires to create your own decoding tools working on the file recursively. Thanks @Extreme Coders for the hints, For Random #1 I did guessed that this long string must be base64 encoded but my problem is what I should do to get that string to a valid base64 encoded string. For Unix #1, I did deobfuscated the perl script and joined the 56 chunks both statically and by entering the right answers and in both cases I got a corrupted GIF. 4 hours ago, m0rphiz3 said: i am talking about the shellcode one, algo is *c4, 11 len key, in which 5 are constants.. Remember this challenge loves to be debugged A really vague CTF with a lot of guessing Edited August 11, 2016 by fasya
Extreme Coders Posted August 11, 2016 Posted August 11, 2016 5 hours ago, fasya said: For Random #1 I did guessed that this long string must be base64 encoded but my problem is what I should do to get that string to a valid base64 encoded string. base-64 is not the only possible base-n encoding. You are overthinking. It's a lot simpler. 5 hours ago, fasya said: For Unix #1, I did deobfuscated the perl script and joined the 56 chunks both statically and by entering the right answers and in both cases I got a corrupted GIF. There are more than 56 junks. Work recursively. Use regexp for automating. 5 hours ago, fasya said: A really vague CTF with a lot of guessing Fully agree with this. In many challenges, it was not sure what is the objective in the first place. It's simply a guess work as you say.
m0rphiz3 Posted August 11, 2016 Posted August 11, 2016 9 hours ago, fasya said: Remember this challenge loves to be debugged i think you are talking about the fs[30] thing which is added to 69, yea considered that also, but not happening.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now