Skip to content Skip to navigation

RuCTF Quals 2014

writeup
19 Mar

PIN (reverse 400)

Category: 

The task was to reverse file main. This is an executable for MS DOS.

Fortunately, this binary isn't packed and it's logic can be easily understand without dynamic analysis. After few minutes of analysis is becames obvius that this executable set hook for interupt int9 (keyboard handler) and for every input character makes some changes with global variable byte_178. If this variables equals 0x14 then we get success message.

First of all let's take a look at the begging of main function:

writeup
17 Mar

Cat's eyes (stego 100)

Category: 

This task is the most simple stego task in this ctf. We have the GIF with 8 frames, all of them have little color difference in the first 3 lines. All we need just to build differences image. After some analysis we decided that it is binary encoded ASCII text. And we decoded it.

writeup
17 Mar

Secret String (ppc 300)

Category: 

As we can see from the task, the talk is about DNA replication, as said my friends from team, we should find the most popular string in the given file.

First of all, I should say, that I'm using python. In the start I just tried to build index where keys are string that can be found in file and values are there frequency. But that didn't work. Because in python index always saved in the RAM, and for my counting, I should have more than 16GB (I think something like 32 or 64). That numbers is reachable, but I guessed that it should be better solution.

writeup
17 Mar

Arcfour (reverse 500)

Category: 

In reverse category this task was the easiest one, except Harm (reverse 10), of course:)

The task was to reverse x86 PE executable. There was 2 ways to solve this task: the easiest one and little more complicated. But let's start with their commom part.

The file seems to be packed by UPX, so start debugging! After unpacking by upx we can find that OEP is at address 0x6d28, but there is a very strange code:

Pages

Subscribe to RSS - RuCTF Quals 2014