Hack.lu 2013 CTF Write-Up: Roboparty

Robot LHCH is happy. He made it into the castings for the tenth roman musical. He even is so happy that he went on the Oktoberfest to drink some beer. Unfortunately it seems that he drank too much so now he is throwing up part of his source code. Can you decipher the secret he knows?

Warning: Viewing this page is not recommended for people that suffer from epilepsy. We are dead serious.

And here is your totally eye-friendly challenge: https://ctf.fluxfingers.net/static/downloads/roboparty/index.html

The linked page provided a tripping psychedelic experience to our team. After connecting a laptop to the projector with the page in fullscreen mode, we spent half of the CTF partying hard.

Continue reading “Hack.lu 2013 CTF Write-Up: Roboparty”

Hack.lu 2013 CTF Write-Up: What’s wrong with this?

We managed to get this package of the robots servers. We managed to determine that it is some kind of compiled bytecode. But something is wrong with it. Our usual analysis failed – so we have to hand this over to you pros. We only know this: The program takes one parameter and it responds with “Yup” if you have found the secret code, with “Nope” else. We expect it should be obvious how to execute it.

The challenge provides a compressed archive hello.tar.gz which contains a bunch of shared objects, an archive called library.zip (actually an ELF executable with an embedded ZIP) and a Python interpreter py. The executable to be cracked is hello, which will reply “Yup” if the correct flag is provided, “Nope” otherwise.

Continue reading “Hack.lu 2013 CTF Write-Up: What’s wrong with this?”

Hack.lu 2013 CTF Write-Up: Robotic Superiority

Help us fight the evil robotic lieutenant Don Sim. He wants to spread robo propaganda to cover his actions on the Oktoberfest. But he needs good video footage for that. So he created an IRC bot that collects information about robots in movies. Robotic emancipation can NOT happen, you have to stop him! All we need is his private key. Our agents located the bot, here is all we know about it:

Server: irc://ctf.fluxfingers.net:1313
Bot: lib[1-5] (load balancer)
Key: /var/private/key.txt

Hint: All available commands are listed with “help”. 3 connections allowed per ip.

Continue reading “Hack.lu 2013 CTF Write-Up: Robotic Superiority”

CSAW CTF 2012 write-up: CryptoMat (web400)

Here is the description of the challenge:
CryptoMat is a site where you can send encrypted messages to other users. Dog is a user on the site and has the key. Figure out how to get into his account and obtain it.

The first thing we had to do was finding out how the encryption algorithm works. After a few attempts, we discovered that the title wasn’t used for the encryption and that, given a plaintext P and a key k, we have
Continue reading “CSAW CTF 2012 write-up: CryptoMat (web400)”

PlaidCTF 2012 write-up: The Game

The following description is provided:

Robots enjoy some strange games and we just can’t quite figure this one out. Maybe you will have better luck than us.

The game offers a choice between two hex strings asking for the “bigger” one. Anyway, it doesn’t appear to be a way to determine which one is bigger just by looking at the values.
Continue reading “PlaidCTF 2012 write-up: The Game”

CSAW CTF 2011 Write-up: Exploitation bin4

This challenge shares the same source code as the bin2 challenge, but the environment is different:
we need to bypass ASLR and we can’t overwrite the GOT nor the .dtors section (because of RELRO).
We will bypass those protections using a ROP approach.
Continue reading “CSAW CTF 2011 Write-up: Exploitation bin4”