01
May
2012

Plaid CTF 2012 – Torrent

It turns out that robots, like humans, are cheap and do not like paying for their movies and music. We were able to intercept some torrent downloads but are unsure what the file being downloaded was. Can you figure it out?

{Read More}

01
May
2012

Plaid CTF 2012 – Editors

We recently gained access to a log of a robot operative interacting with computer. We are unsure what he was up to but we know it is of the upmost importance to figure it out.

Opening the file it contains key logging of a session with user interacting with a number of editors. We first cleaned up this file in readable key combinations:
{Read More}

01
May
2012

Plaid CTF 2012 – 80s Thinking

We saw two robots dressed in sweater dresses, leggings and press on nails and decided we had to listen in. But, these robots were speaking an unintelligible language. Can you figure out what they were saying?
Title: 80s Thinking (250)
Category: Practical Packets

In this challenge we received an audio file (80s.wav). Listening to the audio file we got the idea it might be a modem or fax connection, this also fits in with the challenge description.
{Read More}

01
May
2012

Plaid CTF 2012 – Debit or Credit

Ca-Ching! Do you think robots have headphone jacks?
Title: Debit or Credit
Solved: 16 teams solved this!
Points: 200
Category: Potpourri

In this challenge we received a sound (.wav) file. Seeing the challenge title and description we quickly got the idea that this might be a recorded magnetic card swipe. Looking at the sound file in audacity we can see the wave form and from this wave form we can recover the magnetic card swipe. We printed the whole wave form and started out doing this challenge on paper, after we got a solid idea on how to finish this challenges we switched to the computer to work it out further.
{Read More}

01
May
2012

Plaid CTF 2012 – 3D

The robots appear to be testing some kind of new camera technology but we haven”e;t quite figured it out yet. Understanding this imaging could be crucial to our understanding the enemy and winning the war.

Analyzing this file it looked like a JPS file. Opening it with a normal image viewer it showed a computer screen with gedit opened with the key in it, however there was something hanging in front of the screen which made it unable to view the key.
{Read More}

01
May
2012

Plaid CTF 2012 – Demo Time

Pop some popcorn, grab a seat and be ready to listen to your favorite robotic chiptunes. It’s an old fashioned robot party!

After downloading the binary file, we looked at the header to see what type of file this was. Although the header ‘g GCE’ didn’t ring us any bells, Google helped us to identify it as a Vectrex game file. We downloaded ParaJVE so we could run the game file.
{Read More}

01
May
2012

Plaid CTF 2012 – Bouncer

In a recent battle we took an enemy robot hostage and examined his operating system. During the examination we found a piece of robot malware that we don’t quite understand. Can you enumerate its targets?

We solved this challenge the pretty (sqli) and dirty (bruteforce) way.

First of all we started the malware with strace. This shows us several connections to the ip 174.129.48.200. We started a tcpdump to see what exactly was send. It showed us the following data:
{Read More}

30
Apr
2012

Plaid CTF 2012 – ECE’s Revenge II

For this challenge we were supposed to reverse engineer the logic of some stuff laid out on 3 breadboards based on a couple of photos. The final goal was to figure out the correct position for 24 dip switches in order to turn a single LED on.

{Read More}

30
Apr
2012

Plaid CTF 2012 – Addition is Hard

Addition is hard!
0x0+0x7068703f = ?
Answer in decimal

This is an easy trivia question, it even comes with a hint hidden in the second operand:


$ python2 -c "print ('%x' % 0x7068703f).decode('hex')"
php?

Which refers to PHP bug.

Using an affected PHP binary to compute the sum yields: 3771785342

More info on the PHP bug: https://bugs.php.net/bug.php?id=61095

In case you do not have the affected PHP version you can just do this by hand as well:

7068703f = 1885892671
2 x 1885892671 = 3771785342

30
Apr
2012

Plaid CTF 2012 – Shoulder Surfing

What’s a password that polaroid head got from inside Ellingson?

A quick google reveals this question refers to the movie “Hackers” (1995). Luckily, someone was kind enough to post the full movie script online, in which we find the following passage explicitly mentioning “shoulder surfing”:

{Read More}