Skip to content Skip to navigation

yayaya

Category: 

After decompilation of given SWF file we have found that the code can be divided in two parts. First one is responsible for moving sections of ELF file from SWF's resources to virtual memory. The second one draws black font picture and small colored blocks. The most intresting thing is that position and size of these small colored blocks are defined from ELF binary.

So we get SWF using Crossbridge. So the swf generating the pictures every n milliseconds, but n is always different, and we just need to sum the frames, to get flag

I tried to find programs like swf2png etc. But all of them were trying to get resources, but not to capture the buidling frames.

After that I tried to capture video using the ffmpeg. But after a lot of failed attemps, I just download the programm that makes screen every N millisecons. I ran this programm with flash file and made 4500 of screens. After that I just summed it using PythonImageLibrary and numpy

from PIL import Image
from PIL.Image import fromarray
from numpy import asarray
from os import listdir

images = []

dirname = "screens"
for i, f in enumerate(listdir(dirname)):
    print i
    image = Image.open("%s/%s" % (dirname, f))
    if i == 0:
        dif = asarray(image)
    elif i % 100 == 0:
        fromarray(dif).save("res/file%s.png" % i)
    else:
        dif = dif + asarray(image)
fromarray(dif).save("file6.png")

This script has generated the flag. I think that we get not all frames but it was enough to get flag

P.S. The most funny part was, that one of my teammates ran swf debuger with that file, and forget about it. And after several hours when he switched back swf debugger app, he have seen the lag, where the frames were summed by debbugger. It was worse picture than that, but it was possible to restore flag i think.

Finally, the flag is: GANADAHAAH