BalalaikaCr3w - ppc

SATELLITE RELOADED (reverse 250)

Dor1s — Wed, 15 Oct 2014 06:12:57 +0000

Category:

ppc

reverse

Event:

ASIS CTF Finals 2014

Description

Download this file and find the flag.

Solution

After unziping this file we found that it's x64 ELF. At the main function we see some buffer dexoring:

Lets dexor it and save to file (IDA command line with idapython used):

s = ''
for i in range(10952):
	b = Byte(0x601820+i)
	if b==0:
		break
	s += chr(b ^ (0xd4 + i%2))
open('sat.txt','w').write(s)

The decrypted buffer seems to be a condition for some binary array (full dexored buffer avaliable here):

( a[253] | ! a[218] ) & ( ! a[92] | ! a[46] ) & ( ! a[2] | ! a[285] ) & ( ! a[275] | ! a[256] ) ...

so we can suggest that this array is a binary representation of the flag (295 bits ~ 37 bytes) and everything we need is to find such array a that this condition is true.

Well, this type of problem is well-known as SAT. There are many different solvers for such things in the Internet. We used minisat.

Firstly, we need to convert all conditions to MiniSAT Input Format. You can write short script for that but we did few 'Replace with' at text editor.

Notice that array element with zero index should be substituted by non-zero index because of MiniSAT input format (0 means and of line). We changed 0 index to next after last one - 295. Now our SAT looks like needed and we can do:

$ minisat mysat.txt myout.txt
============================[ Problem Statistics ]=============================
|                                                                             |
|  Number of variables:           295                                         |
|  Number of clauses:             441                                         |
|  Parse time:                   0.00 s                                       |
|  Eliminated clauses:           0.00 Mb                                      |
|  Simplification time:          0.00 s                                       |
|                                                                             |
============================[ Search Statistics ]==============================
| Conflicts |          ORIGINAL         |          LEARNT          | Progress |
|           |    Vars  Clauses Literals |    Limit  Clauses Lit/Cl |          |
===============================================================================
===============================================================================
restarts              : 1
conflicts             : 0              (0 /sec)
decisions             : 1              (0.00 % random) (467 /sec)
propagations          : 294            (137191 /sec)
conflict literals     : 0              ( nan % deleted)
Memory used           : 0.22 MB
CPU time              : 0.002143 s

SATISFIABLE
$ cat myout.txt 
SAT
-1 -2 -3 -4 -5 6 -7 8 -9 10 -11 -12 13 14 -15 16 -17 -18 19 -20 -21 22 -23 24 -25 26 -27 -28 29 30 -31 32 -33 34 35 36 37 38 -39 -40 41 42 -43 -44 45 -46 -47 -48 49 50 -51 -52 -53 -54 -55 56 57 -58 -59 -60 -61 62 -63 -64 65 66 -67 68 69 -70 -71 -72 73 74 -75 76 -77 -78 -79 80 81 -82 -83 84 -85 86 -87 -88 89 90 91 -92 -93 94 -95 -96 97 98 -99 100 -101 102 -103 -104 105 106 -107 108 109 110 -111 112 113 -114 -115 -116 117 118 -119 -120 121 122 123 -124 -125 126 -127 -128 129 130 -131 132 133 -134 -135 -136 137 138 -139 -140 -141 142 -143 144 145 -146 -147 -148 -149 150 -151 -152 153 154 -155 -156 157 -158 -159 160 161 -162 -163 -164 165 -166 -167 168 169 -170 -171 172 -173 174 -175 176 177 -178 -179 -180 -181 182 -183 184 185 -186 -187 188 -189 190 -191 -192 193 194 195 -196 -197 198 -199 200 201 -202 -203 -204 205 -206 -207 208 209 -210 -211 -212 213 -214 -215 -216 217 218 -219 -220 221 -222 -223 -224 225 226 -227 -228 229 230 -231 -232 233 234 -235 -236 -237 -238 -239 240 241 -242 -243 -244 245 -246 -247 -248 249 250 -251 -252 253 254 -255 -256 257 258 -259 260 -261 262 -263 -264 265 266 -267 -268 -269 270 -271 272 273 -274 -275 -276 277 -278 -279 280 281 -282 -283 -284 285 286 -287 288 289 -290 -291 -292 -293 294 295 0

Nice, solution found. Try to convert in to some printable data:

>>> sol = '-1 -2 -3 -4 -5 6 -7 8 -9 10 -11 -12 13 14 -15 16 -17 -18 19 -20 -21 22 -23 24 -25 26 -27 -28 29 30 -31 32 -33 34 35 36 37 38 -39 -40 41 42 -43 -44 45 -46 -47 -48 49 50 -51 -52 -53 -54 -55 56 57 -58 -59 -60 -61 62 -63 -64 65 66 -67 68 69 -70 -71 -72 73 74 -75 76 -77 -78 -79 80 81 -82 -83 84 -85 86 -87 -88 89 90 91 -92 -93 94 -95 -96 97 98 -99 100 -101 102 -103 -104 105 106 -107 108 109 110 -111 112 113 -114 -115 -116 117 118 -119 -120 121 122 123 -124 -125 126 -127 -128 129 130 -131 132 133 -134 -135 -136 137 138 -139 -140 -141 142 -143 144 145 -146 -147 -148 -149 150 -151 -152 153 154 -155 -156 157 -158 -159 160 161 -162 -163 -164 165 -166 -167 168 169 -170 -171 172 -173 174 -175 176 177 -178 -179 -180 -181 182 -183 184 185 -186 -187 188 -189 190 -191 -192 193 194 195 -196 -197 198 -199 200 201 -202 -203 -204 205 -206 -207 208 209 -210 -211 -212 213 -214 -215 -216 217 218 -219 -220 221 -222 -223 -224 225 226 -227 -228 229 230 -231 -232 233 234 -235 -236 -237 -238 -239 240 241 -242 -243 -244 245 -246 -247 -248 249 250 -251 -252 253 254 -255 -256 257 258 -259 260 -261 262 -263 -264 265 266 -267 -268 -269 270 -271 272 273 -274 -275 -276 277 -278 -279 280 281 -282 -283 -284 285 286 -287 288 289 -290 -291 -292 -293 294 295'
>>> sol = sol.split(' ')
>>> res = ''
>>> for c in sol: 
...     if '-' in c: res += '0'
...     else: res += '1'
... 
>>> c
'295'
>>> res
'0000010101001101001001010100110101111100110010001100000110000100110110001101000110010100111001001101010011011101100011001110010011011000110001011000010011001001100010011001010110000101100101001110010110001001100010001100100011001100110000011000100011001100110101001100010110001001100011011000011'
>>> len(res)
295
>>> res = '0' + res[-1] + res[:-1] #move last to first (because [0] index) and add leading zero for padding
>>> hex(int(res, 2))[2:-1].decode('hex')
'ASIS_20a64e957c961a2beae9bb230b351bca'

The flag is ASIS_20a64e957c961a2beae9bb230b351bca.

Sports Shoes | Women's Nike Air Force 1 Shadow trainers - Latest Releases , Ietp

Attachments:

mysat.txt

sat.txt

Sattelite (ppc 200)

Triff — Tue, 14 Oct 2014 07:27:15 +0000

Category:

ppc

Event:

ASIS CTF Finals 2014

Task:

Connect here and find the flag:

`nc asis-ctf.ir 12435`

Solution:

Ok, task asks us to connect, let's do it:

notebook:~ hacker$ nc asis-ctf.ir 12435

hi all,  You must send a string for each level that would make the literal True
send "Sattelite"
Sattelite
(x4 ∨ x5) ∧ (¬x3 ∨ ¬x1) ∧ (¬x3 ∨ x5) ∧ (x3 ∨ ¬x4) ∧ (x1 ∨ ¬x5)

Server asks us to solve Boolean Satisfiabilit Problem also known as SAT (task's name corresponds to it). So we have to do two things: first - parse boolean equation and second - solve it.

This code solves both of them:

#!/usr/bin/env python
import socket
import math
from time import sleep

def unpack(r):
	r = r.replace('(','')
	r = r.replace(')','')
	r = r.replace('x','')
	r = r.replace('\xc2\xac', '-')
	r = r.replace('\xe2\x88\xa8', '')
	return [int(n,10) for n in r.split()]

def increment(s):
	for i in xrange(len(s)):
		if s[i] == 0:
			s[i] = 1
			break
		elif s[i] == 1:
			s[i] = 0
	return s

def brute(eq, length):
	solution = [0]*length
	while True:
		bad = False
		for b in eq:
			x = int(math.copysign(b[0],1))
			y = int(math.copysign(b[1],1))
			val = (b[0] > 0 and solution[x-1] == 1) or (b[0] < 0 and solution[x-1] == 0) or (b[1] > 0 and solution[y-1] == 1) or (b[1] < 0 and solution[y-1] == 0)
			if val == False:
				bad = True
				break
		if bad == False:
			return solution
		solution = increment(solution)
		if solution == [0]*length:
			return []

s = socket.socket()
s.connect(('asis-ctf.ir', 12435))
print s.recv(1024)
s.send('Sattelite\n')

while True:
	response = s.recv(1024).strip()
	print "Server: " + response
	blocks = [unpack(r) for r in response.split(" \xe2\x88\xa7 ")]
	solution = brute(blocks,len(blocks))
	if solution == []:
		print "No solutions found..."
		break
	answer = ''.join([str(x) for x in solution])
	print "Answer: " + answer
	s.send(answer+"\n")
	response = s.recv(1024).strip()
	print "Server: " + response
	if "OK" not in response:
		print "Bad solution..."
		break
	print ""

The flag is: ASIS_5b5e15ec25479ac8b743c6e818d75464

Sportswear free shipping | adidas

secure_coding 1,2,3 (coding 100, 200, 300)

Dor1s — Fri, 03 Oct 2014 14:10:45 +0000

Category:

misc

ppc

Event:

Sharif University CTF Quals 2014

In these tasks we were given a service which:

accepts .cpp file
compiles it via MSVS10 or gcc4.8 (you can choose which one)
launches a couple of tests on successfully compiled binary

You can look at it here, here and here.

Also there are original source code files, which are vulnerable and unstable. Tests launched on the service are checking some vulnerabilities on compiled binaries and our goal is to fix them and prevent program from crashing.

Well, the best way to show how we have solved these tasks is to show diff between original source code files and our solutions. Look at this commit.

When uploaded source code passes all tests and keeps its initial functionality the service prints messages like:

WON!

Flag: b658c70eb17bf96d6f8d64145b4cc859

WON!

Flag: 57ba58587f972a80c12b5f590078270c

WON!

Flag: 696570afe73d9e8cbd206d10dbf58e8b

I don't think that it is needed to describe each line in our solution. But I mention most popular vulnerabilities fixed in these tasks:

buffer overflow
writing to unallocated memory / reading uninitialized memory
format string vulnerabilities
few other errors

If you would have any questions about our code ask it via our twitter account. We will answer and try to explain our fixes.

Btw, my lovely fix is:

At the end of CTF we had just one vulnerability in our source code and suddenly we understood that input like "%%x" crashes the program. I could not come up with anything better than such fix and we got the 1st place when CTF was 12 minutes left.

p.s.

If service tells you complier error, try to choose another compiler ;)

Adidas shoes | NIKE HOMME

Brain fuzzing

briskly — Sun, 01 Jun 2014 18:08:55 +0000

Category:

ppc

Event:

SecuInside CTF Quals 2014

This kind of famous task. You have board with buttons, wich have 2 positions. In Russia there is old quest game with brother pilots and there was the same task to open the fridge with board 4x4. And there was solution remember all buttons in first position. And switch all this buttons one by one. Repeating this algoritm from 1 to 3 times, you will win.

Also it was kind of this task on phdays quals 2013 (I haven't seen it, but heard about it), and kind of this task on defcon quals 2013, but there was the diffrence. There when you were pushing the button raw and column were reversing but the button you push wasn't

On this ctf there was 4 levels of dificulty of this task. First one is the same a wrote (3 times). Second the same but you need to remeber your steps by yourself(3 times more)

But the most difficult was third part. Orgs have changed the conditions and this time button had 3 positions. That was difficult. After some googling, we found better algorythm for 2 position condition (sorry for russian link). The sense is to build weight matrix. I upgraded it, for more than 2 postions. It was kind of lucky upgrade, I wasn't sure it work. So we build matrix where the cell is (-1)*(sum(raw) + sum(column)) mod N (N=3).

# ar is board transfered to ints [[0,1],[1,0]]
def wMatr(ar, N=3):
    cMax = len(ar[0])
    rMax = len(ar)
    wM = deepcopy(ar)
    for i, raw in enumerate(ar):
        for j, column in enumerate(raw):
            # counting weight for cell, last sub is to remove the dublicate of cell with i,j coords
            wM[i][j] = (sum(raw) + sum(ar[k][j] for k in xrange(rMax)) - ar[i][j]) % N
            # reverse the value cell
            if wM[i][j] != 0:
                wM[i][j] = N - wM[i][j]
    return wM

And after that we push the buttons according to that matrix. After first applying of this algorytm, we get board with the same raws like:

1111
2222
1111
0000

After applying it more than one time, we get the right answer. But that decision is not optimal. And sometimes, it need too many attemps. But it wroked 90% of times.

The last 4th task was kind of boss, it was board with 2 postitions but with size 200x200. There were some problems with connection, so my script sometimes couldn't get the full board. But after over9000 attemps it worked

Full code of the solution:

import re
from socket import create_connection
from copy import deepcopy
from time import sleep

host = "54.198.73.164"
host = "54.81.138.191"
port = 5555
hSock = create_connection((host, port))
ans = hSock.recv(10240)

def invert2(x, y, ar, N=3):
    t = ar[x][y]
    for i in range(len(ar[0])):
        ar[x][i] = (ar[x][i] + 1) % N
    for i in range(len(ar)):
        ar[i][y] = (ar[i][y] + 1) % N
    ar[x][y] = (t+1) % N
    return ar

repl = {
  2: {
    "O": 0,
    "X": 1
  },
  3: {
    "O": 0,
    "W": 1,
    "X": 2
  }
}

def serv():
    for asd in range(10000):
        if asd == 0 or "Lupin hear a sound from safebox" in ans:
            sleep(1)
            ans = hSock.recv(102400)
            print ans
            x, y = map(int, re.findall("Board>\s+(\d+)\s+(\d+)", ans)[0])
            ar = ans.split("\n")[-x-1:-1]
            N = len(set("".join(ar)))
            ar = map(list, ar)
            for i in range(len(ar)):
                for j in range(len(ar[0])):
                    ar[i][j] = repl[N][ar[i][j]]

            mine = deepcopy(ar)
        
        while True:
            sleep(1)
            wM = wMatr(mine, N)
            for i, raw in enumerate(wM):
                for j, column in enumerate(raw):
                    for k in range(column):
                        mine = invert2(i, j, mine, N)
                        hSock.send("%s %s\n" % (i, j));
                        ans = hSock.recv(102400)
                        if len(ans) > 5:
                            print ans
                    #print "\n".join("".join(map((str), c)) for c in mine), "\n"
            if "Lupin hear a sound from safebox. some layout of button changed" in ans:
                break
            if "Too many attempts" in ans:
                exit(0)
            if set("".join("".join(map((str), c)) for c in mine)) == set(["0"]):
                break

    print hSock.recv(10240)

def wMatr(ar, N=3):
    cMax = len(ar[0])
    rMax = len(ar)
    wM = deepcopy(ar)
    for i, raw in enumerate(ar):
        for j, column in enumerate(raw):
            wM[i][j] = (sum(raw) + sum(ar[k][j] for k in xrange(rMax)) - ar[i][j]) % N
            if wM[i][j] != 0:
                wM[i][j] = N - wM[i][j]
    return wM

serv()

Finally we receive message with flag:

Lupin hear a sound from safebox. some layout of button changed

There is a beep sound from safebox. we might be on the right way.
Some strange noise come out from the safebox..
                        '
               '        '        '
       '         '      '      '        '
          '        \    '    /       '
              ' .   .-"```"-.  . '
                    \`-._.-`/   
         - -  =      \\ | //      =  -  -
                    ' \\|// '   
              . '      \|/     ' .
           .         '  `  '         .
        .          /    .    \           .
                 .      .      .


Congrats!!!! Lupin finally got the Cherry Saphhire!!
Right behind of the jewel, Lupin found a short memo
-----------------------------------------------------
The flag is "THE BEST people are always TAKEN, if you don't STEAL them, you won't HAVE them" (without quote)

So, THE BEST people are always TAKEN, if you don't STEAL them, you won't HAVE them

Running Sneakers | Buy online Sneaker for Men

Secret String (ppc 300)

briskly — Mon, 17 Mar 2014 18:37:14 +0000

Category:

ppc

Event:

RuCTF Quals 2014

As we can see from the task, the talk is about DNA replication, as said my friends from team, we should find the most popular string in the given file.

First of all, I should say, that I'm using python. In the start I just tried to build index where keys are string that can be found in file and values are there frequency. But that didn't work. Because in python index always saved in the RAM, and for my counting, I should have more than 16GB (I think something like 32 or 64). That numbers is reachable, but I guessed that it should be better solution.

So there is two solutions:

First I think just install some datebase with indexies that could use disk for storage. But in this case you should do more admin stuff I think.

Second: I wrote variant just for lulz, with no math calculation and it worked:

At the begiging script builds index reading stings from random places. For me 10 000 000 strings was enough. After that I just take 10 00 most popular string, and count there frequency only:

from collections import defaultdict
from operator import itemgetter
from random import randint
index = defaultdict(int)

with open("word2") as f:
    s = f.read()
    for i in xrange(10000000):
        j = randint(0, len(s))
        index[s[j:j+32]] += 1

    index = dict(sorted(index.iteritems(), key=itemgetter(1), reverse=True)[:10000])
    for i, el in enumerate(s):
        try:
            curS = s[i:i+32]
        except:
            break
        if i % 100000 == 0:
            print i
        if curS in index:
            index[curS] += 1

print max(index.iteritems(), key=itemgetter(1))

The answer is GGAACAAGTTACATGGGCCGAATGCTATTGTC, and it could be found 64 times in the file. Script works for 120 second.

latest Nike release | Best Running Shoes for Men 2021 , Buyer's Guide , Worldarchitecturefestival

Maze (PPC - 200)

Triff — Tue, 11 Mar 2014 09:28:24 +0000

Category:

ppc

Event:

RuCTF Quals 2014

Task:

Universal dangerous positive: 194.226.244.125:1024. Send me your password: "3k8bbz032mrap75c8iz8tmi7f4ou00". Flag format is "RUCTF_.*"

Solution:

"Universal dangerous positive" hints us, that there is UDP protocol. So lets connect to given ip and send password:

UDP_IP = "194.226.244.125"
UDP_PORT = 1024
message = "3k8bbz032mrap75c8iz8tmi7f4ou00"

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(1)

sock.sendto(message, (UDP_IP, UDP_PORT))
print sock.recv(100000)

This code prints:

Hello stranger!
You can go down(1280) with password: g5op3e6wxcy71m24dgcmhq714nd799
You can go right(1025) with password: 084399ptmy7u4bxwy003x2ko2oa06n

Ok, we have a maze, each cell of maze is defined by port and password. When we send correct password to port it responds with information about it's neighbors. So we have to write some code

First thing: maze's answers recognition (it's ugly, but it works):

res = sock.recv(100000)
print res

#Parse the answer
mess = []
dirs = []
while True:
        #looking for direction:
	ind1 = res.find("can go ")
	if -1 == ind1:
		break
	ind1 = ind1 + len("can go ")
	dirs.append(res[ind1:ind1+1])
	#looking for password
	ind = res.find("password: ")
	if -1 == ind :
		break
	ind = ind + len("password: ")
	mess.append(res[ind: ind+30])
	res = res[ind+30:]

Now we have array with password and corresponding array with directions (with first letters of them). We need some maze-solving algorithm, for example right-hand methond:

#declare in the begining
order = ["r","d","l","u"] #right-hand alg order
direction = 3

#and do this in cycle:

#Compute next turn (right-hand method)
next_dir = (direction + 1) % 4
next_i = -1
while True:
	for i in xrange(0, len(dirs), 1):
		if dirs[i] == order[next_dir]:
			next_i = i
			break
	if -1 != next_i:
		break
	next_dir = (next_dir - 1) %4

message = mess[next_i]

#update port and coordinates

if next_dir == 0:
	UDP_PORT +=1
if next_dir == 2:
	UDP_PORT -=1
if next_dir == 1:
	UDP_PORT +=256
if next_dir == 3:
	UDP_PORT -=256
direction = next_dir

So we choose next direction, trying to turn to the right every time when it possible and then update message and port to new values. As you can see, each time you go left and right port simply dec/increments, but when you go up and down it changes by 256... it's obvious from first server answer. (All other answer does not specify port, only passwords.)

Last thing we need.. some cool gui to draw this maze.. i used pygui... and there is result:

And full code of solving script:

#!/usr/bin/python
import socket
from time import sleep
import sys
from GUI import Application, ScrollableView, Document, Window, Cursor, rgb
from GUI.StdColors import black, red, white
from GUI.Files import FileType
from GUI.Geometry import pt_in_rect, offset_rect, rects_intersect

class MazeView(ScrollableView):
	hero_x = 0
	hero_y = 0
	maze_walls = [[0 for x in xrange(256)] for x in xrange(256)] 

	offset = 10
	multi = 4

	def add_point(self, p_x ,p_y):

		self.maze_walls[p_x][p_y]=1

	def move_hero(self, p_x ,p_y):
		self.hero_x = p_x
		self.hero_y = p_y
		self.invalidate_rect(( self.offset + (p_x - 3) * self.multi, self.offset + (p_y -3) * self.multi, self.offset + (p_x+3) * self.multi, self.offset + (p_y+3) * self.multi ))
		self.update()

	def draw(self, canvas, update_rect):
		#canvas.erase_rect(update_rect)
		#draw main wall
		canvas.fill_frame_rect((self.offset-self.multi,self.offset-self.multi,self.offset+257*self.multi,self.offset+257*self.multi))
		canvas.fillcolor = white
		canvas.pencolor = white
		canvas.fill_frame_rect((self.offset,self.offset,self.offset+256*self.multi,self.offset+256*self.multi))
		#draw hero
		canvas.fillcolor = red
		canvas.pencolor = red
		canvas.fill_frame_rect((self.offset + self.hero_x*self.multi, self.offset + self.hero_y*self.multi ,self.offset + self.hero_x*self.multi + self.multi,self.offset + self.hero_y*self.multi+ self.multi))
		#draw inner walls
		canvas.fillcolor = black
		canvas.pencolor = black

		for k in xrange(self.hero_x-5,self.hero_x+5,1):
			for l in xrange(self.hero_y-5,self.hero_y+5,1):
				if k < 0 or l <0 or k>= 256 or l >=256 : continue
				if 1 == self.maze_walls[k][l]:
					if True == pt_in_rect((self.offset + k*self.multi, self.offset + l*self.multi), update_rect):
						canvas.fill_frame_rect((self.offset + k*self.multi, self.offset + l*self.multi,self.offset + k*self.multi + self.multi,self.offset + l*self.multi+ self.multi))


win = Window(size = (258*4+20, 258*4+20))
view = MazeView(extent = (512*4, 512*4))
win.place(view, left = 0, top = 0, right = 0, bottom = 0, sticky = 'nsew')
win.show()

UDP_IP = "194.226.244.125"
order = ["r","d","l","u"] #right-hand alg order

message = "3k8bbz032mrap75c8iz8tmi7f4ou00"
UDP_PORT = 1024
direction = 3
cur_x = 0
cur_y = 0

while True: # ti recover after disconnect
	try:
		sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
		sock.settimeout(1)
		while True: 
			sock.sendto(message, (UDP_IP, UDP_PORT))
			print "Current position: " + str(cur_x) + ", " + str(cur_y)
			res = sock.recv(100000)
			print res

			#Parse the answer
			mess = []
			dirs = []
			while True:
				#looking for direction:
				ind1 = res.find("can go ")
				if -1 == ind1:
					break
				ind1 = ind1 + len("can go ")
				dirs.append(res[ind1:ind1+1])
				#looking for password
				ind = res.find("password: ")
				if -1 == ind :
					break
				ind = ind + len("password: ")
				mess.append(res[ind: ind+30])
				res = res[ind+30:]

			view.move_hero(cur_x,cur_y)

			if (dirs.count('r') == 0):
				view.add_point(cur_x+1,cur_y)

			if (dirs.count('l') == 0):
				view.add_point(cur_x-1,cur_y)

			if (dirs.count('u') == 0):
				view.add_point(cur_x,cur_y-1)

			if (dirs.count('d') == 0):
				view.add_point(cur_x,cur_y+1)

			#Compute next turn (right-hand method)
			next_dir = (direction + 1) % 4
			next_i = -1
			while True:
				for i in xrange(0, len(dirs), 1):
					if dirs[i] == order[next_dir]:
						next_i = i
						break
				if -1 != next_i:
					break
				next_dir = (next_dir - 1) %4

			message = mess[next_i]

			#update port and coordinates

			if next_dir == 0:
				cur_x += 1
				UDP_PORT +=1
			if next_dir == 2:
				cur_x -= 1
				UDP_PORT -=1
			if next_dir == 1:
				cur_y +=1
				UDP_PORT +=256
			if next_dir == 3:
				cur_y -= 1
				UDP_PORT -=256

			direction = next_dir
	except Exception, e:
		print e

Running sports | jordan Release Dates

Attachments:

maze.zip

NEOQUEST 2014 Quals - TimeShift 2. Revenge

Dor1s — Tue, 04 Mar 2014 15:14:52 +0000

Category:

crypto

ppc

Event:

NeoQuest Quals 2014

Задание:

Мое внимание привлекает монитор. На него наклеен стикер с надписью B4365F2. Видимо, это какой-то ключ. На экране мигают две точки, соединенные пунктиром, а ниже бегут пакеты сетевого трафика. Наверное, это передача каких-то команд ракете. Но, по всей видимости, передаваемые данные зашифрованы... На компьютере также открыт файл, в котором записаны два IP-адреса (213.170.102.196:4001, 213.170.102.197:4002). Наверняка IP-адреса помогут мне понять схему работы протокола, по которому передаются команды! Да и в отладочной информации, если покопаться, можно будет обнаружить что-нибудь полезное...

Подключившись к адресам из задания понимаем, что используется какой-то протокол связанный с SSL.

Ответ от 213.170.102.196:4001:

Alert! Expected client hello message.
Format:
	1 byte		type	NEOSSL_HANDSHAKE	0x16
	2 byte		version	NEOSSL1_VERSION		0x01
	3-4 bytes	length (excluding header)
	5 byte		data	NEOSSL_CLIENT_HELLO	0x01
---DEBUG INFO---
Ubuntu Release 10.04 (lucid)
Kernel Linux 2.6.32-21-generic
Memory 1001.9 MiB
Processor Intel(R) Core(TM) i3 CPU
Processing time 1998 cycles
Processing threads - 1 thread
Public-key cryptography algorithm - RSA (with Montgomery multiplication)
Symmetric-key cryptography algorithm - AES-128 (zero IV)
------

Ответ 213.170.102.197:4002:

Alert! Expected server hello message.
Format:
	1 byte		type	NEOSSL_HANDSHAKE	0x16
	2 byte		version	NEOSSL1_VERSION		0x01
	3-4 bytes	length (excluding header)
	5 byte		data	NEOSSL_SERVER_HELLO	0x02
	6 byte		data	RSA_WITH_AES_128_CBC	0x01
	7-n bytes	data	Certificate
---DEBUG INFO---
Ubuntu Release 10.04 (lucid)
Kernel Linux 2.6.32-21-generic
Memory 1001.9 MiB
Processor Intel(R) Core(TM) i3 CPU
Processing time 1625 cycles
Processing threads - 1 thread
Public-key cryptography algorithm - RSA (with Montgomery multiplication)
Symmetric-key cryptography algorithm - AES-128 (zero IV)
------

Получив формат пакета с ссертификатом от одного сервера и сертификат от другого, приходит идея устроить пересылку сообщений между серверами:

Устанавливаем два подключения
Пересылаем сообщения между серверами друг другу, просматривая их

Понимаем, что устанавливается SSL соединение (не совсем классическое, а несколько упрощенное):

1-ый сервер выдает сертификат
2-ой сервер в ответ на сертификат выдает зашифрованный на открытом ключе первого сервера сеансовый ключ для AES-128-CBC (из отладочной информации понимаем)
В ответ на это 1 сервер отвечает коротким сообщением об окончании установления соединения
Пересылается один пакет, зашифрованный уже сеансовым симметричным ключом

Помучавшись с попыткой подменить сертификат, приходим к выводу, что используется атака по времени. Ибо:

Название намекает
Намеки в дебажном выводе
Слишком много намеков в дебажном выводе

Наиболее простым и правильным решением оказывается проведение Тайминг-атаки по мотивам вот этой статьи: http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf. Ибо Public-key cryptography algorithm - RSA (with Montgomery multiplication).

#!/usr/bin/python
from struct import pack
from sock import Sock
import sys
from fractions import gcd
from numpy import random
from operator import *
from time import *

#Extended Euclidean algorithm
def extended_euclidean(a, b):	
	x = 0
	lastx = 1
	y = 1
	lasty = 0
	
	while b != 0:
		q = a // b
		a, b = b, a % b		
		x, lastx = (lastx - q * x, x)
		y, lasty = (lasty - q * y, y)
	return (a, lastx, lasty)
	
def inverse(var, module):
	"""
	Return b such that b*m mod k = 1, or 0 if no solution
	"""
	v = extended_euclidean(var,module)
	return (v[0]==1)*(v[1] % module)

def code(u):
	buf = ''
	for i in xrange(0, 16, 1):
		t = u % (1 << 32)
		buf += pack('<I', t)
		u = u >> 32
	return buf[::-1]

hello1 = '\x16\x01\x00\x01\x01'
def decryptTime(u):
	tries = 3
	t = 0
	for i in range(0, tries, 1):
		s = Sock("213.170.102.196:4001", timeout=30)
		s.send(hello1)
		cerHello = s.recv(10000)		
		buf = '\x16\x01\x00\x41\x0c' + code(u)
		s.send(buf)
		s.read_until('Processing time ')
		buf = s.read_until(' cycles')
		s.close()
		t += int(buf[1:-6])
	return (t / tries)


Modulus = 0x00d30f0d35084103fdf880a2e23f34b2631cca681eb7651d733cdc09b7c95e68b9b956d37ea3695ea3e6b406c26460a192fc153cf9b688a90282c78dcbee012341
R = 1 << 256
invR = inverse(R, Modulus)

treshold = 50000 #this means 50000 cycles from DEBUG output 
def guess(g0):
	gOrig = g0
	randTries = 1
	for i in xrange(0, 252, 1):
		delta = 0
		g1 = 0
		for j in xrange(0, randTries, 1):
			g = gOrig
			if j > 0:
				g += random.randint(0, 512)
			print '#' + str(i)
			g1 = (1 << (251 - i)) | g

			ug0 = g * invR % Modulus
			print 'g : ' + hex(g)
			print 'g1: ' + hex(g1)
			ug1 = g1 * invR % Modulus

			dt0 = decryptTime(ug0)
			dt1 = decryptTime(ug1)
			delta += abs(dt1 - dt0)
		delta = delta / randTries	
		print 'delta: ' + str(delta)

		if delta < treshold:
			gOrig = g1
	return gOrig


def tryWithG0(g0):
	q = guess(g0)
	print hex(q)
	p = Modulus / q
	if q * p == Modulus:
		print 'SUCCES'
		print hex(q)
		print hex(p)
	else:
		print 'FAIL'


for b1 in range(0, 8):
	g0 = 1 << 255
	print '======================================= ' + str(b1)
	g0 = g0 + b1 * (1 << 252)
	print decryptTime(g0 * invR % Modulus)


g0 = (1 << 255) + 6 * (1 << 252)
tryWithG0(g0)

Примечение. Используется обертка для сокетов Sock, написанная Hellman (https://github.com/hellman/sock).

Если в функции guess выставить переменную randTries переменную равной >1, то скрипт будет использовать Neighborhood из статьи, но в данном случае это необязательно.

В итоге получаем один из множителей RSA модуля, находим закрытый ключ, расшифровываем сеансовый ключ AES. Далее расшифровываем последнее сообщение. Оно говорит нам, что нужно отправить сообщение вида "XXXXXXX:Connect". В качестве XXXXXXX подставляем код из задания. Все это дело шифруем AES'ом и дописываем заголовок пакета из протокола, используемого в задании:

#!/usr/bin/python
import socket
import struct
from Crypto.Cipher import AES

s1 = socket.socket()
s1.connect(("213.170.102.196", 4001)) 

s2 = socket.socket()
s2.connect(("213.170.102.197", 4002))

hello1 = '\x16\x01\x00\x01\x01'

s1.send(hello1)
cerHello = s1.recv(10000)
s2.send(cerHello)
buf = s2.recv(10000)
print '=== recv on cert:'
print buf.encode('hex')


tmp = buf[-64:]
c = int( '0x' + tmp.encode('hex'), 16)
d = 0x164e0ae945dc091df7fb303b94ce6ee3c691257bc989e818db9fad6f3cdabb5a6431a9262d6d04558cfc5084dfc2709f743f673396617b9d71de6f8da481eea1L
N = 0xd30f0d35084103fdf880a2e23f34b2631cca681eb7651d733cdc09b7c95e68b9b956d37ea3695ea3e6b406c26460a192fc153cf9b688a90282c78dcbee012341L
p = pow(c, d, N)
p = hex(p)[2:-1]
print p
if len(p) % 2 == 1:
	p = '0' + p
p = p.decode('hex')
key = p[-16:]
print len(key)
print key.encode('hex')
iv = '\x00' * 16
aes = AES.new(key, AES.MODE_CBC, iv)


s1.send(buf)
buf = s1.recv(10000)
s2.send(buf)
buf = s2.recv(10000)

cmd = aes.decrypt(buf[-112:])
print cmd

msg = 'B4365F2:Connect'
length = 16 - (len(msg) % 16)
msg += chr(length)*length
print msg
aes = AES.new(key, AES.MODE_CBC, iv)
data = '\x17\x01\x00\x10' + aes.encrypt(msg)

s2.send(data)
aes = AES.new(key, AES.MODE_CBC, iv)
flag = s2.recv(10000)

flag = aes.decrypt(flag[4:])
print 'FLAG:'
print flag

s1.close()
s2.close()

И вот только после этого получаем ключ:

To obtain the access to the missile control system send a message: "XXXXXXX:Connect".
XXXXXXX - ID
B4365F2:Connect
FLAG:
b84395ebd302b3e8943708770d45c4d3

Ключ: b84395ebd302b3e8943708770d45c4d3

Sports brands | UOMO, SCARPE

Challenge 1: Guerilla

azrael — Mon, 03 Feb 2014 22:13:54 +0000

Category:

web

ppc

Event:

Teaser Insomnihack 2014

First we see the text on the page: "You must specify a nick". After quick look into source code of the page we understand that our URL must contain GET-parameter 'nick' with random value.

Then server sends us some leet-modified string like

51xty tw0 plu5 0n3

and expecting from us solution of this expression in the same format.

Experimentally found that there is only 4 leet-modified characters: '1' == 'i', '3' == 'e', '5' == 's', '0' == 'o'.

There are can be various numbers and all 4 operations: plus, minus, times and divide by. So our solution has following steps:

unleetify string to normal words (ex. "sixty two plus one");
extract operation ("plus" -> "+");
turn 2 strings to numbers (62 and 1);
eval expression (62 + 1 = 63);
turn number to words ("sixty three");
leetify this string using same rules as server ("51xty thr33");
send string to server and get response. If there is no flag in response go to step 1.

After some number of iterations server will send us a flag: Fl4g4Th3W1nl33tP0w4h.

P.S. Because of script use WebSockets we had to write code on JavaScript.

Running sports | Vans Shoes That Change Color in the Sun: UV Era Ink Stacked & More – Fitforhealth News

Attachments:

1337-calc.html.zip

Markoff

briskly — Sun, 02 Feb 2014 08:30:27 +0000

Category:

ppc

trivia

Event:

PHDays Quals IV

The name of this task connected to "Markov chain"

The main idea of that system is that the next state depends only on the current state, and there is a probability of transition.

First try shows, that one word phrases are shutting down the connection.

So we need to start with two word phrase. First hint is in the password:"talk_with_markov_about_positive_things".

send >> positive spam
recv << positive spam
send >> positive spam
recv << positive hack

As you can see server sometimes changes last word, and this is the main idea

We just need to write a script that will send the same string “n” times and look how last word will be changed. After scipt should send new phrase with changed last word and appended "spam" word. Result of this script is a long chain of words:

positive hack days ha_ha_not_that_easy maybe_technopandas_can_help phd technopandas techno_pandas sorry_wrong_turn techno pandas talk_with_markov_about_hacker

After some words, you can get a chain of words: "talk_with_markov_about_hacker" is a hint, to start a new chain with word "hacker" and this is the answer chain:

hacker quas wex exort yep_those_three_weird_words_are_the_flag

To take egg, you need to start chain with word "easter":

easter easter_egg dc245aad88104604acb82e566fde8ef6

Buy Sneakers | Sneakers Nike Shoes

Rbox

Triff — Thu, 30 Jan 2014 07:47:57 +0000

Category:

ppc

Event:

PHDays Quals IV

Задание:

Unhash this:

5ebad7dcbd73584f32ef949486a161a1e9f10e48ade43b03649a2ca680f327c4

nc 195.133.87.165 5555

Auth token: rb0xch4ll3ng3

Решение:

Подключаемся к серверу, выполнив команду "nc 195.133.87.165 5555", и видим приветствие:

RX-Box hasher v0.1

------------------

Auth:

Вводим токен:

rb0xch4ll3ng3

Enter message:

Теперь можно ввести любое сообщение, и оно будет прохешировано. Вводим разные короткие сообщения и получаем:

"0" - "3ad2b2fcdb1f39281286e7b4e4995795d8906d709e82583b51ff18c3b4c745a70ad2b2fc"

"1" - "3bd2b2fcdb1f39281286e7b4e4995795d8906d709e82583b51ff18c3b4c745a70ad2b2fc"

"00" - "3ae2b2fcdb1f39281286e7b4e4995795d8906d709e82583b51ff18c3b4c745a70ad2b2fc"

"001"-"3ae283fcdb1f39281286e7b4e4995795d8906d709e82583b51ff18c3b4c745a70ad2b2fc"

Видно, что каждый байт исходного текста отображается в один байт (два hex-символа) хеша, то есть восстановить хеш можно простым посимвольным перебором. Еще можно заметить интересный момент: длина возвращаемого хеша - 72 hex-символа, в то же время нам дано лишь 64 символа, значит нужно подобрать лишь первые 32 байта сообщения.

Далее просто пишем скрипт, который будет в цикле подключаться к серверу и подбирать хеш посимвольно.

Например такой:

#!/usr/bin/env python
from socket import create_connection
from time import sleep
import string
 
hash = "5ebad7dcbd73584f32ef949486a161a1e9f10e48ade43b03649a2ca680f327c4"
 
message = ""
end1 = 9
end2 = 2
 
for i in xrange(0,32,1):
    for c in string.printable:
        con = create_connection(('195.133.87.165', 5555))
        con.recv(1024)
        con.recv(1024)
        con.send("rb0xch4ll3ng3\n")
        sleep(0.1)
 
        con.recv(1024)
        con.send(message+c+"\n")
        sleep(0.02)
 
        res = con.recv(1024)
        if res[7:end1] == hash[0:end2]:
            message = message + c
            print message
            end1 = end1 +2
            end2 = end2 +2
            break
 
print ""
print "Message: " + message
print ""

Запускаем скрипт и видим, как он постепенно подбирает исходное сообщение. В конце работы печатается результат:

Message: The flag is b8641ac83fc85e4e44bc

Флаг: b8641ac83fc85e4e44bc

Authentic Nike Sneakers | 【国内5月1日発売予定】アンディフィーテッド × ナイキコービー 5 プロトロ "ホールオブフェイム" メタリックゴールド/フィールドパープル-マルチカラー (DA6809-700) - スニーカーウォーズ

Attachments:

rbox.py.txt