Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

LabyREnth Capture the Flag (CTF) Challenge - 2017

crystalboy
crystalboy
in Reverse Engineering Articles

Featured Replies

On 6/17/2017 at 5:56 PM, crystalboy said:

@Etor Madiv

  Reveal hidden contents

You should just be faster. You can send it or just copy and paste it on the website but you must be fast! :)

 

Thanks! Solved it! This probably was my favorite challenge do date! 

  • Replies 92
  • Views 39.4k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Most Popular Posts

  • kao
    kao

    Unfortunately for that weekend I have some other plans in "real life".  So, I'll take part in it but only starting on Monday..   Last year it was THE best CTF challenge I tried, so I can who

  • kao
    kao

    @Castor: yep, first challenges of binary track are more difficult. No more base64 or xor, it's proper reversing this year. Other tracks aren't that hard. @akkaldama: there shouldn't be an excepti

  • kao
    kao

    @Etor Madiv: please don't spoil the fun by giving full solutions! It's just ruining the game.

Can anyone give a hint at doc2. I think I know what to do and I get the following key

Spoiler

PAN{63g8db85T83F}

but it is wrong :rolleyes:.

Can anyone tell if it is just me not getting the ascii art correct or if I have misunderstood the task.

Thanks!

  • Author

@pivskid 

Spoiler

Yes you didn't get the ascii correctly. Some of your characters are wrong.

To correct them you can reference to this website: http://patorjk.com/ ;)

 

Thanks crystalboy! Finally, got the right key :P 

Does anyone know how to programatically extract the key for the xor'ing? the key that is overwritten on document open?

I tried oletools and oledump to no avail but maybe there is another way...

Any hints of mobile 2? I figured out what file is looking for, pretty sure how many chars it is looking for in that file; 29, but not sure what it is doing after that. I tried strace to see if the response is different if a character matches, but that doesnt seem to be the case... kinda stuck. I have been trying to use gdb-multiarch and radare2, but cant really debug the program. I also tried NOPing out the ptrace... 

Thanks! 

Edited by ctfallday

is the second binary from rev 1 a ping binary? just want to make sure i didnt miss anything. 

@ctfallday

It decrypts something, keep debugging.

 

Regards,

akkaldama.

On 7/6/2017 at 11:28 AM, ctfallday said:

Any hints of mobile 2? I figured out what file is looking for, pretty sure how many chars it is looking for in that file; 29, but not sure what it is doing after that. I tried strace to see if the response is different if a character matches, but that doesnt seem to be the case... kinda stuck. I have been trying to use gdb-multiarch and radare2, but cant really debug the program. I also tried NOPing out the ptrace... 

Thanks! 

It's in there. You got the first part done, you're just overlooking the rest somewhere. I did it in QEMU-MIPS with gdb.

3 hours ago, Rurik said:

It's in there. You got the first part done, you're just overlooking the rest somewhere. I did it in QEMU-MIPS with gdb.

Thanks Rurik... i had tried doing that, but the stack and all pointers come up as blank of gdb for some reason. for some reason, i have having issues with reading process memory no matter which debugger i am using. sudo or not. 

Edited by ctfallday

Any hints on docs4?

Got the first macro, i have edited to set the resolution.. etc as per the calculation value, got the xor encrypted content from pos 83012 but stuck at the the xor decryption as it gives invalid .doc file based on my language settings.

 

Regards,

akkaldama

Any hints for binary 3?

Spoiler

I've got to the part where it needs some 64 bytes in the host's clipboard, but I can't work out what it wants.

 

On 2017/7/16 at 4:01 PM, akkaldama said:

Any hints on docs4?

Got the first macro, i have edited to set the resolution.. etc as per the calculation value, got the xor encrypted content from pos 83012 but stuck at the the xor decryption as it gives invalid .doc file based on my language settings.

 

Regards,

akkaldama

Wrong offset!

There are system calls other than resolution. Try all combinations of parameters.

    • Like 1
    On 2017/7/18 at 3:21 AM, kirby said:

    Any hints for binary 3?

      Reveal hidden contents

    I've got to the part where it needs some 64 bytes in the host's clipboard, but I can't work out what it wants.

     

    Spoiler

    There are some byte wise conversion along with redundant (repeated) computations. Then the comparison after the whole loop.

    It is related to the text produced earlier.

     

    anyone who has completed http://mi22ionimp0cible.com:8080 ... pm me pls, need help

    nvm...solved

    This is a nice writeup for the binary challenges which goes more into detail than necessary in my opinion but still really good: https://fevral.github.io/

    and congrats to everyone who solved the challenges!

    Edited by Castor

    • 2 weeks later...

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.