Rurik Posted October 3 Posted October 3 5 hours ago, NativeBridge said: Anybody can help with ch3 ? i need to create file to match the yara rule ? dont understand what to do Yes. You need to discover data that would trigger the Yara rule. 1
AUP Posted October 4 Posted October 4 22 hours ago, cl4whands said: does challenge 6 require to guess an input string that should be hashed? Spoiler if you read the README carefully they said brute-force will not work... 1
M.b Posted October 5 Posted October 5 Hi, anyone can help me with 5? Spoiler I believe I found the second key and nounce but I can not find where encrypted data is... Any hint? 1
pcmcia Posted October 5 Posted October 5 On 10/4/2024 at 6:35 AM, AUP said: Hide contents if you read the README carefully they said brute-force will not work... I'm stuck on #6 as well. I could use a hint/nudge. Thanks! 1
JimJ1m Posted October 6 Posted October 6 Any hint on the chall 2? I have pass the first operations easily. But can't understand how to find the hex checksum for the chacha20 decryption. 1
jackyjask Posted October 6 Posted October 6 1 hour ago, JimJ1m said: Any hint on the chall 2? I have pass the first operations easily. But can't understand how to find the hex checksum for the chacha20 decryption. Spoiler hint: find the main.a() (main_a) and you'll have a fresh energy drive how to move forward (from the end... 1
Washi Posted October 6 Author Posted October 6 On 10/5/2024 at 8:34 AM, M.b said: Hi, anyone can help me with 5? Reveal hidden contents I believe I found the second key and nounce but I can not find where encrypted data is... Any hint? Spoiler Everything you need to get should be obtainable systematically via the code and crashdump. Think about where the keys and data would be stored when the relevant code is executed. 1
RevEnjoyer Posted October 6 Posted October 6 (edited) Hi, could I get a small nudge for challenge 7 (fullspeed)? I believe I've reversed everything and am able to communicate successfully with the unmodified binary. But the used crypto seems to be secure (tried many attacks for a day) so no idea how to extract the flag from the .pcap. Update: Got it! Had all the requisite information already but putting it together wasn't easy for me although in hindsight it is very obvious. (as always) Edited October 8 by RevEnjoyer Update 1
AmyBrooklin Posted October 7 Posted October 7 (edited) Never mind! I wanted some help on level 2, but I was able to figure it out. Edited October 7 by AmyBrooklin I was able to figure it out. 1
Washi Posted October 7 Author Posted October 7 On 10/6/2024 at 3:45 PM, RevEnjoyer said: Hi, could I get a small nudge for challenge 7 (fullspeed)? I believe I've reversed everything and am able to communicate successfully with the unmodified binary. But the used crypto seems to be secure (tried many attacks for a day) so no idea how to extract the flag from the .pcap. Spoiler As a general note on attacks: Attack scripts almost never work right out of the box. You will always need to slightly adjust to your current situation. Revisit the parameters involved. Are they all adhering to the standards that are generally expected of them? 2
kekw Posted October 7 Posted October 7 I'm new to CTF and kinda stuck at chall 2. All I can make out of from the decompiled program is that it involves chacha20-poly1305 encryption and there are two other main functions. Can anyone pls drop a hint? 1
g0lan Posted October 7 Posted October 7 Any hint on challenge 6? I'm browsing and trying to follow the code for a while now. It looks very complicated, and I think I probably just don't know how to approach this. I obviously have never seen verilog before in my life😅 1
M.b Posted October 7 Posted October 7 Anyone can help me with 6?i really don't know how to understand what I'm reading 1
Rurik Posted October 7 Posted October 7 6 is just a PITA. Spoiler Understand it, have reimplemented it, and am writing directly in Verilog now and making my own Verilog tbs to fuzz routines. But being told that I'm doing 1000000x more effort than necessary. It's interesting, but not fun. 1
xdbruh1234 Posted October 8 Posted October 8 Hint for 6 Spoiler Find anything suspicious and focus on that 1 2
JimJ1m Posted October 8 Posted October 8 Any hint for chall3? I'm able to get most of the char thanks to constants values xored or added, but unable to find the rest, there is too much possibilities. 1
cl4whands Posted October 8 Posted October 8 need sanity check on challenge 7 (fullspeed) Spoiler it seems to me that internal state of the prng has to be replayed somehow. is that correct path? if so, are values in network handshake enough to recover that? or something like seed should be bruteforced? 1
James7349 Posted October 8 Posted October 8 I'm so stuck on challenge 5 Please can someone help me? I think I need it explaining like I'm a child 🤣 1
understated1 Posted October 9 Posted October 9 Hi guys I'm new to Reverse engineering CTF and at got stuck totally at chall 2. i saw the code via ghidra and noe it has chacha20-poly1305 encryption somewhere nd there is 2 main functions. Can anyone pls drop a hint what to do next as i wont be able to go forward any more then? pls help ! 1
xdbruh1234 Posted October 9 Posted October 9 Any hint on #7? Spoiler I checked the libraries implementation and it's pretty secure. I noticed something is small though I don't know how to exploit it. 1
Washi Posted October 10 Author Posted October 10 (edited) @JimJ1m Spoiler If there are too many options, that means you did not find or qualify all the constraints correctly. There is only one correct answer, and it can be found systematically @cl4whands, @xdbruh1234 Spoiler Everything required to decrypt all data can be found in the pcap and code. Figure out what the involved protocols are and find a weakness! @understated1 Spoiler There is something else other than the symmetric crypto schemes you mention. Did you look at the remainder of the code? @James7349 Spoiler Figure out where and why the server crashed. That should be your starting point of analysis. Edited October 10 by Washi 1
Peter Posted October 12 Posted October 12 (edited) More interested about your setups for challenge 5. Is it possible to dump the shellcode from gdb? I did and while I can see the shellcode in gdb it doesn't appear in the disassembler (tried with IDA Free). In the dump that section is all byte 0. Is it possible to connect the disassembler to the running gdb with the core file? I managed to find the shellcode and extract what I think to be the encrypted RSA blob (0x200 bytes), additionally extracted e and N from the RSA structure, unfortunately cannot decrypt the blob. (the RSA part I think is only to verify the key signature so nothing to decrypt I guess). Happy to bounce ideas here or in DM if anyone is interested. Thank you! Edited October 12 by Peter 1
xdbruh1234 Posted October 12 Posted October 12 (edited) Spoiler I still cant fornicationing solve 7 holy shit. I have tried every script on github and none of them worked. Im tilted so bad already Edited October 12 by xdbruh1234 1
Marie Posted October 13 Posted October 13 (edited) ch5 is quite hard Edited October 15 by Marie i'm done 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now