Flare On 4

[rand0m 0]

So how is everyone going with it

[kao 1,818]

I'm on #9 and I know that few other members are playing. But all in all forum is unusually quiet this year.

[rand0m 0]

I'm wondering if people use plain gdb or scripts like this are popular https://github.com/longld/peda

[kao 1,818]

For the boat game? I didn't use any Linux debugger whatsoever. If I really had to - I'd use IDA with Linux debugger server.

But I'm sure that everyone has his/her favorite tools.  

[Futex 1]

I'm on it too, i started the 5 challenge.

[Eskalina 0]

Guys hello. Somebody can help me with 10th task ? i'm really stuck on it. I was recovered some bytes from key (particular 1th, 25, 26 and 27), identified set of characters that can be used on positions in the key and I found the expected length of the key (64b). I was trying to reverse algorithm and trying to create system of xor equations, but all to no avail

[Extreme Coders 399]

22 hours ago, rand0m said:

I'm wondering if people use plain gdb or scripts like this are popular https://github.com/longld/peda

Vanilla gdb is cumbersome to use. As such, I tend to use pwngdb or gef when the need arises, but again there is no replacement for IDA.

Started the challenges late. Currently, on the 5th one.

[rand0m 0]

1 minute ago, Extreme Coders said:

Vanilla gdb is cumbersome to use. As such, I tend to use pwngdb or gef when the need arises, but again there is no replacement for IDA.

Started the challenges late. Currently, on the 5th one.

Yeah I switched to IDA in the end. I'm still at level 6.

[kao 1,818]

@Eskalina: I'm at the pretty much same place, so no suggestions yet. There must be better way than sheer bruteforce..

 

EDIT: there's no substitute for human eyes. I made semi-interactive tool which allowed me to cycle through all possible set of chars for each byte and printed first 320 bytes decoded.. In few minutes I was able to recover correct key.

Edited September 9, 2017 by kao (see edit history)

[Eskalina 0]

@kao You right, I decided this. 10/12 completed.

[Aldhard Oswine 6]

Any tips for the 9th challenge?
If not just analyzing whole AVR disassembly via IDA? 

[rand0m 0]

in level 6, I got one letter of the flag from a certain function, does the same function decrypt the rest of the flag or I should be looking for other functions to call ?

[rand0m 0]

6 hours ago, rand0m said:

in level 6, I got one letter of the flag from a certain function, does the same function decrypt the rest of the flag or I should be looking for other functions to call ?

nevermind, figured it out

[kao 1,818]

@Aldhard Oswine: IDA is sufficient. With a bit of skill and trained eye you will recognize the check and then you can reimplement it in any language you like.

Or you can use Atmel Studio, if you wish to debug it.

[Eskalina 0]

@Aldhard Oswine Another way, you can use a bunch of radare2+simavr+gdb. IDA makes errors in calculating addresses of instructions.

[Aldhard Oswine 6]

Using Atmel and debugging is was easy 
I need your help in the 10th challenge, any suggestions for the crypto?
How to get correct function from encoded data, how to get correct input

[endered 0]

I stuck at challenge 5 for two days, still have no idea to do with the number sequence I've got in the last round.

[crystalboy 210]

@endered 

Spoiler

Start by replacing 'PEW' string with empty string.
When you play you fill the grid to sink the ships. At the end of each level the various 'X' toghether represent a letter.
At the end of the challenge you get these numbers that are the order in which you need to sort those letters. When you sort them out and you perform ROT-13 on the sorted string you will get something readable.

 

Edited September 12, 2017 by crystalboy (see edit history)

[Aldhard Oswine 6]

@crystalboy what about 10th? Is there a better way than brute force?

[crystalboy 210]

@Aldhard Oswine Unfortunately i am taking it slowly and i didn't reached level 10 yet.  

Considering kao hint by the way it seems that you need a smart bruteforcer

On 9/9/2017 at 8:19 AM, kao said:

I made semi-interactive tool which allowed me to cycle through all possible set of chars for each byte and printed first 320 bytes decoded.. In few minutes I was able to recover correct key.

 

[endered 0]

@crystalboy Thanks for u help, I forgot that encryption.

I got something readable but still meaningless after decrypt, continue to see and try to find the ans. 

[rand0m 0]

Is there a better java debugger than JDB ?

[quend 0]

#11.... >.< getting caught up in the first decryption part. Any suggestions?

[grau 0]

Got stuck on challenge 4. Can't decrypt with key.bin

[SmilingWolf 263]

Suggestions:

Spoiler

@quend any more details you can offer? What's not working? I have found that some challenges sometimes require a little nudge to go in the right direction.
@grau I couldn't find the last required item (assuming it ever existed EDIT: whelps, it exists, I was damn blind), so I ended up forcing the program a bit in the right direction. If you have done everything right, 3/4 of the key are all you need to get the flag.

 

I have seen a number of people doing something like this on twitter, am I doing it right?

Spoiler

 

Edited September 17, 2017 by SmilingWolf (see edit history)