Skip to content

CSAW CTF: Reversing 400

Binary available at http://repo.shell-storm.org/CTF/CSAW-2012/Reversing/400/.

We are given an ELF binary and I wasn’t very sure I could solve this since I have not played with ELF much. It was an easy challenge though-I thought Reversing 300 was slightly more difficult.

On executing, the program prints an encrypted key and instantly, I realize it can be solved by adopting the same approach as reversing 100. Just modify the call to encrypt to call decrypt and you get the key:


Encrypted Key: csawissohard__:(

I won’t get into details as to how I patched it: used a combination of IDA and hexedit to do so(yeah I’ve a long way to go in reversing).

PS: Eindbazen has a much more elegant solution than mine. Visit http://eindbazen.net/2012/09/csaw-2012-reversing-400/ for more.

Advertisements

CSAW CTF: Reversing 300

Binary available at http://repo.shell-storm.org/CTF/CSAW-2012/Reversing/300/.

Yet another .NET binary. Run it and it’s similar to Reversing 200: prints a line, read a line and exits. Decompiling using ILSpy and we get main. It’s too long so I’ll post only relevant bits here.

private static void Main(string[] args)
{
    Console.WriteLine("Do you really just run random binaries given to you in challenges?");
    Console.ReadLine();
    Environment.Exit(0);
    MD5CryptoServiceProvider mD5CryptoServiceProvider = new MD5CryptoServiceProvider();
    AesCryptoServiceProvider aesCryptoServiceProvider = new AesCryptoServiceProvider();
    foreach (string current in Directory.EnumerateDirectories(Program.target))
    {
        byte[] first = mD5CryptoServiceProvider.ComputeHash(Encoding.UTF8.GetBytes(current.Replace(Program.target, "")));
        if (first.SequenceEqual(Program.marker))
        {
            byte[] rgbKey = mD5CryptoServiceProvider.ComputeHash(Encoding.UTF8.GetBytes("sneakyprefix" + current.Replace(Program.target, "")));
            ICryptoTransform cryptoTransform = aesCryptoServiceProvider.CreateDecryptor(rgbKey, new byte[]... //Truncated to save space
            byte[] bytes = cryptoTransform.TransformFinalBlock(Program.data, 0, Program.data.Length);
            Console.Write(Encoding.UTF7.GetString(bytes));
        }
    }
}

The program creates an MD5 object, AES object and start iterating over all directories the target directory C:\Program Files. It computes the MD5 hash of each child directory’s name and then checks if it equals marker. If it equals, then “sneakyprefix” is prefixed to the directory name and used as the key for the encryption that follows.

After playing with marker, I realize that it is an MD5 sum and so I search the online databases of MD5 sums to find that it is the hash of “Intel”. So, the program checks if there is a directory named “Intel” in the target and if so, it proceeds with the decryption. I quickly modify the .NET code, removing references to the target directories and run it in compilify(loved it a lot-my favourite handy .NET compiler) and voila I get the flag

That was pretty easy, wasn't it? \key{6a6c4d43668404041e67f0a6dc0fe243}

CSAW CTF: Reversing 200

Binary available at http://repo.shell-storm.org/CTF/CSAW-2012/Reversing/200/.

We’re given a .NET binary in this challenge. It merely prints a string and exits instantly. Decompiling it using ILSpy and we see the main routine as follows.


private static void Main(string[] args)
{
    Console.WriteLine("Okay, going to compute the key. Have to remember to write it out at the end! I keep forgetting!");
    string arg = "";
    byte[] array = Program.encrypted;
    for (int i = 0; i < array.Length; i++)
    {
        byte b = array[i];
        arg += Convert.ToChar((int)(b ^ 255));
    }
    Console.ReadLine();
}

Simple stuff! I wrote a python script to reverse it.


>>> cipher_text = [171, 151, 154, 223, 148, 154, 134, 223, 150, 140, 223, 198, 156, 207, 198, 153, 199, 203, 206, 201, 158, 205, 205, 207, 201, 205, 205, 206, 154, 202, 207, 157, 198, 199, 154, 204, 203, 201, 207, 203, 200, 157, 200]
 >>> plain_text = ""
 >>> for char in cipher_text:
 ... plain_text += chr(char ^ 255)
 ...
 >>> plain_text
 'The key is 9c09f8416a2206221e50b98e346047b7'

CSAW CTF: Reversing 100

Binary available at http://repo.shell-storm.org/CTF/CSAW-2012/Reversing/100/

We’re given a PE32 executable file. On executing it, it displays some encrypted key. So basically, the program encrypts the key and we(or something else :P) should decrypt it.

Pop it into IDA. On seeing the disassembly of main, we see something interesting:

lea eax, [ebp+var_18]
push eax
call encrypt

The more hardcore(and difficult) way of doing it would be to reverse engineer the encrypt method(it’s easy if you have hexrays probably) but I did something far easier.

I noticed a method decrypt was also defined in the binary which should be able to decrypt it. So, I modified the call above to

call decrypt

with the help of Olly, using the memory location available from IDA and voila! We get the flag “welcome_to_csaw”!

The principle of non-duality and the various schools of thought in Hinduism

I was talking about the ‘hidden truth’ in the last post but never wrote about what is the hidden truth. In this post, I shall try to explain what I meant by that. Remember, it’s based on my understanding so i could be way off the mark when compared to the actual truth. Do correct me in that case.

The ‘hidden truth’ what I was talking about is the Brahman-the formless supreme being. Everything in this world is the manifestation of the Brahman or the Supreme Consciousness. Essentially it means that all of us are merely the same being i.e. there are two parts to every human being-the physical body of each human(the form) and the supreme consciousness(the formless) which is common to everyone on earth. The path to this realization is called ‘moksha’ and a realized soul(eg: Amma, Ramana Maharshi and Ramakrishna Paramahamsa) is one who has realized this truth(there’s a truth in the way we know this fact and how the realized souls do).

So why does Hinduism worship deities such as Sri Rama, Sri Krishna, Shiva, Maha Kali etc? How does it fit into this truth theory? It does and I’ll explain how or why we have so many deities whom we worship. It is believed that such an advanced concept cannot be easily accepted by normal people and so several forms were superimposed upon the formless. This way, normal people focus on one of the many forms they like and once they completely focus on a single form alone, destroying that form which one has so passionately worshipped will only leave the formless Brahman and the mind would have realized the fact that the world is unreal as well as divined the ultimate truth.

There is a school of thought in Hinduism called Samkhya(another variant I’ve heard is Sankhya-not sure which is right) which believes only this concept-‘prakriti'(corresponds to man) and ‘purusha'(corresponds to Brahman)-there is no concept of ‘Ishvara'(God) in this school of thought(This is how atheism is incorporated in Hinduism-the Sankhya/Samkhya school believes Hinduism is a way of life and not a religion). The other schools include Vaishesika(school of atomism; later merged with Nyaya), Mimamsa(school of orthopraxy), Yoga(school of meditation), Nyaya(school of logic) and Vedanta(literally ‘end of Vedas’; also called ‘Jnana Kanda’-section of knowledge).

Many of our Hindu prayers(such as the one said before each meal) are directed to the Supreme One, Brahman. It’s one of the most beautiful concepts that teaches humanity that each and every one of us are essentially the same regardless of religion, geography, history, race, caste, status and what not! As my professor says “We are all like the waves in the ocean-we rise from the infinite ocean(consciousness), exist as a wave and then join the ocean again. However, we forget mostly that essentially we’re water and think we are the individual wave. Our goal is to realize this is false and the truth is that we are in fact water and nothing more. And the Guru is a wave who is thrown up from the ocean and who knows the truth(that we are indeed water and not the wave). A Guru’s objective is to lead us from darkness to light and help us realize this fact”.

PHDays CTF 2012

I just thought I should update my blog-been a while since I did so. So, I thought I’ll write about my PHdays CTF 2012 experience.

So team bi0s was invited yet again for PHDays CTF. I was elated when I knew I’ll be part of the 5 going there. It was my first trip out of India and I was damn excited. After paying a whopping 6200 or so INR for my visa, I was finally glad I was going out of India(and making it to the clan of only 4 people from my class who went abroad while still an undergraduate).

Read more…

Announcing sCTF 2012: SecurIT CTF

 Amrita University & TIFAC CORE

proudly present

sCTF ’12

National Level “Capture the Flag” style ethical hacking contest

Not a day passes when several machines are compromised and infections spread rampantly in the world today. The cyber world has witnessed several dangerous attacks including the Stuxnet virus and it’s successor Duqu. The most recent such attack is the Flame infection, in which the malware managed to disguise itself as a legitimate Windows software. It exploited a bug in Windows to obtain a fake certificate which allowed itself to authenticate that is was from Windows.

Indian websites too offer little or no resistance to such security intrusions. The Computer Emergency Response Team, India(Cert-In) has been tracking de-facements of Indian websites and more. Their report can be viewed here. It’s really sad that with so much talent and skill, Indian websites are compromised frequently and nothing can be done to stand this wave of attacks on them.

sCTF is a Capture the Flag style ethical hacking contest, a strategic war-game designed to mimic the real world security challenges. Software developers in India have little exposure to secure coding practices and the effects of not adopting such practices-one of the main reasons why systems are compromised quite easily. Following such simple practices can help prevent such incidents. sCTF is focused exclusively on the student community. No prior exposure or experience in cyber security needed to participate. There are 3 rounds in the contest-the first rounds provide some necessary skills required to perform in the subsequent two rounds.

sCTF is being organized along with the 1st International Conference on Security of Internet of Things to be held at Amrita Vishwa Vidyapeetham, Amritapuri from 17-19 August 2012. Teams who qualify to the final round are fully sponsored to attend the conference and the event on-site. This is a golden opportunity to interact with the best security researchers from around the world! For more details, visit http://securit.ws.

What you need to do?
1. Form a team (three members from your college)
2. Approach a faculty/mentor and request him/her to mentor your team
3. Register online at http://portal.inctf.in

Great Rewards

25K The winning team receives a cash prize of up to Rs. 25000/-
15K The first runner-up team receives a cash prize of up to Rs. 15000/-
10K The second runner-up team receives a cash prize of up to Rs. 10000/-

So, what are you waiting for? It’s simple: Register, Learn, Hack!

Notes:
1. Only four machines will be provided to each team-3 player machines and 1 gateway. Players cannot use any additional machines. Also, collaborating with players(s) remotely is not allowed and any team doing so will be disqualified from the event.
2. The expenses of only 3 members will be covered. Their conference fee will be waived and we will reimburse upto a second class sleeper fare(2S). Each of the 3 members will be required to submit a copy of their tickets in order to be eligible for reimbursement.
3. The remaining members, if any, have to register for the conference at the website and have to bear all expenses they incur.
4. The final round will be on 20th August, 2012. The team can attend workshops and the conference from 17th to 19th August.
5. Accommodation will be available from 16th, August 2012 night to 20th August 2012 night. Kindly plan your travel accordingly.

If you have any clarifications, do get in touch with us.
Website|Email|Facebook|Twitter

*Cash prizes are subject to their performance and participation in the CTF round.