Starblind - Teaser CONFidence CTF 2017

This was a 200 points reverse engineering challenge.
Challenge Description:

The light of the star is blinding.

Clicking on the above link, it redirects to another website. It was actually very surprising to get a link to a website as a reversing challenge. When we view the source code, we can find a javascript link which is base64 encoded. After decoding, we get the following file Starblind.html.

The input to be supplied is 27 characters long. After encoding it using  CalcSHA4, it is compared with the following string:

983bb35ed0a800fcc85d12806df9225364713be578ba67f65bc508b77f0c54878eda18a5eed50bac705bdc7db205623221e8ffe330483955a22216960754a122

I guessed that the correct input must be the flag. Actually, some junk values were being added to our input to make its length 64. Then is was encoded by two functions xor and perm. Each function was being called alternatively. The xor function had an array of length 64 as argument and perm had an array of length 512 as argument. Then many operations were being carried out on our input with the help of those arguments. In total both of those functions were being called alternatively for a total of 512 times.

The functions were being called in the following order:

perm()
xor()
perm()
xor()

What we have to do is this:

reverse_perm()
xor()
reverse_perm()
xor()

Now lets see what the perm function actually does:

        let perm = function(imm) {
            let n = new Uint8Array(64);
            for (let i = 0; i < 512; i++) {
                const dst_bit = i % 8;
                const dst_byte = i / 8 | 0;
                const sign = Math.sgn(imm[i]);
                const idx = sign ? -imm[i] : imm[i];
                const src_bit = idx % 8;
                const src_byte = idx / 8 | 0;
                let b = (r[src_byte] >> src_bit) & 1;
                if (sign) {
                    b ^= 1;
                }
                n[dst_byte] |= b << dst_bit;
            }
            r = n;
        };

What this function is actually doing is,

n[dst_byte][dst_bit]=r[src_byte][src_bit]

The function does this for each bit. So the total no. of iterations will be 64 X 8 times i.e 512.
Finally the value of n is saved to r. Then xor function is called with the integer array of length 64 as argument. Then r is xor ' ed with that array and result is stored in r. The same things are repeated again and again for a total of 512 times.

Now what I did is decode the encoded string given in the program to find out the flag. For that I wrote the following script:

Finally the script prints out the following flag:

DrgnS{Humank1ndEmpire0fAbh}

KeyPass - VolgaCTF 2017

This was a 100 points re challenge.
The challenge description was as follows:

For reasons unknown an amature cryptographer wrote an application to generate "strong encryption keys". One of these keys was used to encrypt a tar archive with the flag. They used openssl command line util with -aes-128-cbc. Could you please get the flag? It shouldn't take much time...

flag.zip.enc
keypass

The file command gives the following output:

~/D/V/keypass 100 ❯❯❯ file flag.zip.enc keypass
flag.zip.enc: data
keypass:      ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=a2bcacc1e853c36e757ec1608a37f79b30315da4, stripped

Now,

What we have to do is decrypt flag.zip.enc using a particular key generated by the program keypass.

So, we have to find the right key.

When I tried running the program, it asked for a command line argument, so I supplied it with a random input, it gave out the following ouput:

~/D/V/keypass 100 ❯❯❯ ./keypass asdf

evMSVbNx7SmvxT#46

Then I loaded the file in IDA and then disassembled it. The main function looks like this.

First of all, it was checking if the number of command line arguments supplied was 2. If it is true then it goes inside the if condition else it exits the program.

If argc==2, the next thing the binary does is calculate the length of the input. After that we can see a while loop. The loop is actually, xor-ing the characters of the input one by one starting from the first character to the last character. The final value is stored in v5.

Then a buffer v24, of size 256 bytes is allocated. After that the value of v7 is calculated as 

v7= 16631*v5*511115. 

We can also see that there is an array arr[ ] . So I checked what is stored at that address using gdb and I got the following string.

gdb-peda$ x/s 0x0400A41

0x400a41: "2FuMlX%3kBJ:.N*epqA0Lh=En/diT1cwyaz$7SH,OoP;rUsWv4g\\Z<tx(8mf>-#I?bDYC+RQ!K5jV69&)G"

So it is character array of size 82.

From the ida disassembly we can see that, the array index is calculated by the mod of 0x7fffffff and 82.

As shown in the disassembly the same thing is repeated again and again. Total 17 times. Therefore the output of the program or our key is calculated in the above manner.

After the xor-ing of the input the value in v5 can vary between 0x0 to 0x7f. So we have a total 0x80 possibilities. One of them is the right key.

So what I did is bruteforce all the possible keys and then try to decrypt the flag.zip.enc using openssl. But make sure that the openssl version is 1.1.0e or higher. The reason for the same can be found in the comments section.

This is the script I wrote for bruteforcing and decrypting the flag.zip.enc file using openssl:

The output that I got after running that script is:

\M)R<.DDe/:;d>JZP

It is the right key to decrypt the flag.zip.enc file.
After running the script, you can see the decrypted flag.zip file in the parent folder.
Simply extract the .zip file. After extracting, you can find flag.txt inside which is the flag.

The flag is :

VolgaCTF{L0ve_a11_trust_@_few_d0_not_reinvent_the_wh33l}

If you have any doubts, feel free to ask in the comments section.

ALEX CTF 2017

RE5: packed movement

It was fun playing Alex CTF. Most of the challenges were simple yet very interesting.

As usual, first I checked what kind of a binary this was using the file command:

file move

ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped

I then tried opening it in IDA, but it refused to open. So I asked the admin what the matter was.

He said that the binary was somehow packed and I need to unpack it.

Now I needed to find the type of packing and then unpack it.

So, I tried binwalk on the the binary. It showed the following:

1. ELF, 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux)

2. Copyright string: "Copyright (C) 1996-2013 the UPX Team. All Rights Reserved. $"

As you can see, this file was packed using UPX packer.

So I installed UPX and ran the following command on the file:

./upx -d move

Now the file is unpacked.

When I finally opened the file in IDA, I saw that it was movfuscated (obfuscation). Now I had to demovfuscate it to understand what the input should be.

So I google for demovfuscator and found the following link to be useful:

https://github.com/kirschju/demovfuscator

I installed it and deobfuscated the binary.

Now everything's set. We just need to find the flag... :p

For that I have the following script ready. I found it somewhere online, I don't remember where.

This is the script:

Perf is a Performance counter for Linux. What this script does is count the number of instructions executed for each input (where the input is a printable character). Then append that input to the string key, which made the compiler execute the maximum number of instructions. The same process is repeated until the closing bracket is encountered ( '}' ).

The string which we finally obtain is the flag.

ALEXCTF{M0Vfusc4t0r_w0rk5_l1ke_m4g1c}

BITS CTF 2017

RE20: Mission improbable

This was a hexdump file. It was an easy challenge.

I used xxd tool to  convert the file back to binary form.

    xxd -r -p MissionImprobable.TEENSY31.hex  out

Then I tried strings command on the out file.

There were only a few strings, so I looked at those, and there I saw a string:

BITCTF{B4d_bad_U5B0

I then just replaced the 0 with a '}'.

That's it, it's the flag.

    BITCTF{B4d_bad_U5B}

RE80: Riskv and Reward

First of all I used the file command.

    riskv_and_reward: ELF 64-bit LSB executable, UCB RISC-V, version 1 (SYSV), statically linked, stripped

The file command says it is in RISC-V arch.

So we need to use an emulator.

I  googled for it and found this:

    

    https://github.com/riscv/riscv-qemu

So I installed it as per the instructions mentioned in it's git repository.

After installing I tried to debug it , and it started to gives me many errors. I tried to fix those and it took a lot of time. Then I thought that I haven't run it till now, so why not give it a try.

I must say, I was shocked, the bin printed out the flag.

I didn't expect a 80 point challenge to be this simple.

The flag was:

    BITSCTF{s0m3_r1sc5_4r3_w0rth_1t}