26
Jan
2012

MozillaCTF 2012 – SecureFileLock

This very secure locking mechanism encloses files and only gives them to you when you know the passphrase. Find it and you will have the flag.

This challenge requires us to reverse engineer an executable and subsequently retrieve the decryption key for an embedded file.

{Read More}

26
Jan
2012

MozillaCTF 2012 – Text Transformation Puzzle (50)

In this challenge we received the first paragraph of the book Flatland and the the key 49665857477f4b40304276. There are two interesting things about this; the paragraph was full of spelling errors and the key translates to mostly ASCII:

[dutchy@azer ~]$ echo "49665857477f4b40304276" | xxd -p -r -
IfXWGK@0Bv

The spelling errors in the text result in this string: pTldwFsySqD. Same length as the key in ASCII, could this be related? Let’s find out!
The usual approach of finding an answer which requires a key is xor, so let’s try that:
{Read More}

09
Jan
2012

GitS teaser 2012 – AL’s revenge

AL’s revenge was basically a crypto/math challenge with some file format puzzling at the start. The given file is an XZ archive which contains a program in LLVM bytecode. Since the unix ‘file’ utility knows about both these fileformats this wasn’t really hard to figure out. After that, the trick is to compile the LLVM bytecode to an ELF binary using the ‘llvmc’ tool, after which you can use your favorite disassembler/decompiler to reverse engineer the binary.

After having reversed the program and converting the important code to python it gets interesting!

{Read More}

11
Dec
2011

PHD CTF Quals 2011 – M100 (reversing/crypto)

One of the parts of the PHDays Quals was the ‘meteorite rain’ archive, containing many small and not so small challenges. One of these (M100) was tougher than most and quite interesting, so we decided to do a writeup.

The file M100 is a Windows console program written in C++. This means it’s a bit of a pain to reverse engineer. One of my teammates did the reverse engineering but then got stuck, so he asked if I could take a look at it. Basically the program looked like this when translated to a simple C program:

{Read More}