Flare-On 9

November 3, 2022

For challenge #9:

Spoiler

I've identified the symmetric cipher used as probably being ChaCha20 and other basic usage. The other values in the encrypted file also seem to be relevant but I'm not sure how everything ties together. Two of the byte arrays seem to be always constant, the second is used for the asymmetric stuff and the fourth might be an encrypted key? It's difficult to single-step through all the mathematical operations and make sense of everything.

I can link some similarities between the value used to generate unk_404020 and the second byte array like the last N or so bytes being the same, but not sure how I could use that to extract the key from the 1024-bit value.

November 3, 2022

1 hour ago, upx said:

For challenge #9:

Spoiler

1 hour ago, upx said:

I've identified the symmetric cipher used as probably being ChaCha20 and other basic usage. The other values in the encrypted file also seem to be relevant but I'm not sure how everything ties together. Two of the byte arrays seem to be always constant, the second is used for the asymmetric stuff and the fourth might be an encrypted key? It's difficult to single-step through all the mathematical operations and make sense of everything.

All the ciphers are standard, nothing custom.
There's a reason why one of the byte arrays is seemingly constant. The challenge would have been unsolvable otherwise if everything was implemented properly.

Edited November 3, 2022 by Extreme Coders

November 4, 2022

I'm stuck on Ch#10. Can someone give me a hand?

Spoiler

I got my system 6 OS running on the emulator. I can run the password program. I want to debug the program. However, I can't seem to get the debugger to work. I got a very basic debugger prompt. I can only view memory via the "DM <memory location>" command. That's it. I can't seem to get "IL <address>" to show disassembly. I know there's a better version of Macsbug (Maxbug?), but I can't seem to install it on my system 6. Can someone give me nudge? Or am I going down the wrong rabbit hole.

November 4, 2022

@pcmcia

Spoiler

Probably not wrong to debug it, but it can be solved comfortably statically. Make sure to also explore the binary well with the included resource-program, and unfortunately there is a little bit of guesswork involved - unless I missed something!

November 4, 2022

1 hour ago, deepzero said:

@pcmcia

Reveal hidden contents

Probably not wrong to debug it, but it can be solved comfortably statically. Make sure to also explore the binary well with the included resource-program, and unfortunately there is a little bit of guesswork involved - unless I missed something!

@deepzeroThanks!

Spoiler

I have raw bytes and I have the algorithm that decodes these raw bytes to flag. But I'm missing the password. I guess I need some help with the "guess-work". Any hints?

November 4, 2022

@pcmcia: read carefully what Deepzero said earlier.

November 4, 2022

5 minutes ago, kao said:

@pcmcia: read carefully what Deepzero said earlier.

Spoiler

I did go through every section of the binary. I tried every song name by Nena and/or David Riley from 1983. No luck. Am I going down the wrong path again?

November 4, 2022

@pcmcia

Spoiler

Hint: You already know what the flag ends with.

November 4, 2022

51 minutes ago, Extreme Coders said:

@pcmcia

Reveal hidden contents

Hint: You already know what the flag ends with.

@Extreme CodersThanks! I got it now.

Spoiler

That was one of the first things I tried, but my eye didn't recognized it because it wasn't in english.

November 6, 2022

a

Edited November 7, 2022 by DoIReviewMods

November 9, 2022

Spoiler

I've relabeled all the code and identified the procedure for encrypting the key and so on. Everything is as I would expect however, nothing really strikes out as anything that would be vulnerable. Another thing is if I try to decrypt the example ciphertext using P and Q from the test case (which should be constant) it doesn't match what it should be.

Neither does the values of P and Q I get are able to decrypt the actual ciphertext despite all the values matching and math working out in the debugger.

For Challenge #9 again

November 10, 2022

Spoiler

For Ch 9, it's all about the cryptography concept. Once you identified the algorithm, the university lecture notes helps me revise the concepts and aided me in the analysis.

November 12, 2022

It's over. Thank you guys! Especially @Washi and @kao. I hope I will have a chance to work again in next year.

November 13, 2022

Some of my more silly ones.

I felt bad about 10 and 11, and then realized everyone else did shortcuts as well

https://www.ghettoforensics.com/2022/11/flare-on-9-worst-writeups.html

November 14, 2022

I just pushed my own writeups: https://washi1337.github.io/ctf-writeups/writeups/flare-on/2022/

Challenge 1-9 should be all complete. I haven't done writeups for challenge 10 and 11 yet, as I do feel I cheesed them a bit and don't really have proper notes on them. If there is some demand for it I can write them at a later point in time.

November 14, 2022

47 minutes ago, Washi said:

I haven't done writeups for challenge 10 and 11 yet, as I do feel I cheesed them a bit and don't really have proper notes on them.

Pretty please! As you can see in Rurik's writeups above, pretty much everyone did that...

November 14, 2022

Just for fun, check out my exotic solution for #5 in form of a superhacky bruteforce script ... cuts down required reversing to a minimum.

runtime is about 30 min ...

import ida_dbg, ida_bytes

def onerun(msec):
    ida_dbg.run_to(0x006C1064)
    ida_dbg.wait_for_next_event(ida_dbg.WFNE_SUSP, -1)
    eax = ida_dbg.get_reg_val("eax")
    #print("eax: ", eax)
    ida_dbg.step_over()
    ida_dbg.wait_for_next_event(ida_dbg.WFNE_SUSP, -1)
    #eax = 0xbcfc90
    ida_dbg.write_dbg_memory(eax, bytes.fromhex("E6 07 06 00 02 00 0E 00 12 00 0E 00 24 00 00 00"))
    idaapi.put_word(eax + 14, msec)
    systime = idaapi.get_bytes(eax, 16)
    ida_dbg.run_to(0x006C3DDF)
    ida_dbg.wait_for_next_event(ida_dbg.WFNE_SUSP, -1)
    eax = ida_dbg.get_reg_val("eax")
    deax = idaapi.get_dword(eax)
    #print(hex(deax))
    strl = ida_bytes.get_max_strlit_length(deax, ida_nalt.STRTYPE_C_16)
    ss = ida_bytes.get_strlit_contents(deax, strl, ida_nalt.STRTYPE_C_16)
    ss = ss.decode("ascii")
    ida_dbg.exit_process()
    ida_dbg.wait_for_next_event(ida_dbg.WFNE_SUSP, -1)
    print(str(ss))
    if ss == "ydN8BXq16RE=":
        print("hit!", msec)
        return True
    return False

for i in range(1001):
    if onerun(i):
        break

November 15, 2022

For ch-2, opened it in cerbero profiler, found two images, performed an online image diff, got the flag. It was a little difficult to read the flag from diff'd image but entered the flag correctly after 5-10 attempts..

Flare-On 9

Recommended Posts

upx

Link to comment

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Washi

Rurik

Washi

Extreme Coders

Link to comment

Share on other sites

pcmcia

Link to comment

Share on other sites

deepzero

Link to comment

Share on other sites

pcmcia

Link to comment

Share on other sites

kao

Link to comment

Share on other sites

pcmcia

Link to comment

Share on other sites

Extreme Coders

Link to comment

Share on other sites

pcmcia

Link to comment

Share on other sites

DoIReviewMods

Link to comment

Share on other sites

upx

Link to comment

Share on other sites

yoz

Link to comment

Share on other sites

kiyo

Link to comment

Share on other sites

Rurik

Link to comment

Share on other sites

Washi

Link to comment

Share on other sites

kao

Link to comment

Share on other sites

deepzero

Link to comment

Share on other sites

akkaldama

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Community

Search