re-platformer - UACTF 2022

This challenge was created with the intention of showing partipicants how easy it is to decompile .NET code, presented in a fun game challenge. The challenge provides a Unity game. This is evident upon launching the game where you’re greeted with “Made with Unity”. Exploring the game there’s a jump that cannot be made. Rereading the descrption “Have a look around the map for anything that might be of help. It won’t be easy....

September 19, 2022 · 0xRF

Blurry-Eyed - UACTF 2022

Based on the description, you may have determined that we are dealing with an autostereogram, better known as a magic eye puzzle. As such, theoretically you can just stare at the picture with great intensity until the flag reveals itself to you. If you did manage to solve this challenge only with your eyes then you are amazing. Discerning simple shapes are difficult, let alone a short sentence. If you are a mere mortal, an alternative way to solve this challenge is to use any number of the online sterogram solving tools that exist (this one’s pretty good)....

August 7, 2022 · javad

Colour Blind - UACTF 2022

While running the image through stegsolve/stegonline or manipulating the pixels in your favourite image editor won’t work, a hex editor should show you that the data portion of the bitmap contains more than two distinct hex values. Checking the image properties should also indicate that ishihara.bmp is a 16 color bitmap image, and as such, each individual hex value denotes a different colour. Hence, we know that the image contains a wider range colours than are being shown....

August 7, 2022 · javad

Non-textual Troubles - UACTF 2022

It turn out that in Python 3, attempting to write non-ASCII characters to a file without using ‘binary mode’ (a mode which deals with ’non-textual data’, hence the name of the challenge) has some less-than ideal results. Indeed, if you tried providing your own plain-text to xor.py you might have noticed that there are somehow more bytes in the cipher-text after XORing that you started with in your plaintext. Ultimately, it appears that the write....

August 7, 2022 · javad

Vault - IJCTF 2021

Challenge description A robber broke into our vault in the middle of night. There’s an indication that the robber tried to steal some items which are considered as confidential assets. Could you figure it out? Flag format: IJCTF{[a-f0-9]{32}} Author: Avilia#1337 Hint #1: “When the incident happened, the attacker got into our IP over ICMP tunnel network to access an HTTP/2 web-server with SSL enabled.” Hint #2: “Even so, our captured logs aren’t precise enough....

July 26, 2021 · samiko

Substitution - ångstromCTF 2021

For this challenge we are given a source file and a netcat server which presumably runs the source. Looking through the source code, we see that a integer is taken in as input and using this input, the flag is encrypted. The source is as follows: #!/usr/bin/python from functools import reduce with open("flag", "r") as f: key = [ord(x) for x in f.read().strip()] def substitute(value): return (reduce(lambda x, y: x*value+y, key)) % 691 print("Enter a number and it will be returned with our super secret synthetic substitution technique") while True: try: value = input("> ") if value == 'quit': quit() value = int(value) enc = substitute(value) print(">> ", end="") print(enc) except ValueError: print("Invalid input....

April 8, 2021 · lachlan

notes - UMassCTF '21

notes I may not be familiar with .mem files but memory forensics, and more specifically volatility seems like its going to be our friend here. Starting with volatility -f image.mem imageinfo we get Win7SP1x64 as our top suggested profile, providing confirmation that we’ve got a valid dump. Using one of volatility’s coolest features we can use mkdir shots && volatility -f image.mem --profile=Win7SP1x64 screenshot --dump-dir=shots to get the following wire-frame screenshot from memory....

March 29, 2021 · javad

Chicken - UMassCTF '21

Investigating the mystery PDF File We’re given a modified PDF file of the infamous research paper, “Chicken Chicken Chicken: Chicken Chicken”, by Doug Zongker at the University of Washington. chicken.pdf Since we know this is a published research paper, we can download a copy of the original PDF file and compare the two for any difference: We see that at around line 202, there is an extra OpenAction object inserted into the document, with a data stream beginning with 7z:...

March 29, 2021 · samiko

Heim - UMassCTF '21

The Heim Upon navigating to the given URL, we’re met with a login form which asks the user for a “name”, claiming that “only those who BEARER a token may enter”. After entering a name and hitting “Enter”, we are then redirected to the /auth/authorised page containing our access token: This likely suggests that we’re dealing with some type of bearer token authentication. Bearer tokens allow requests to authenticate by using a cryptic string generated and encrypted by the server, such as a JSON Web Token, which looks something akin to this:...

March 29, 2021 · samiko

Small P Problems - UTCTF 2021

The challenge description starts ‘My buddies Whitfield and Martin were trying to share a secret key’, so googling something like ‘Whitfield Martin cipher’ seems like a good place to begin. Immediately we get results for the Diffie–Hellman key exchange, which fortunately can be described in terms of A, B, p, g, and s (the value of the secret key we need). Scripts to brute-force this secret key are easy to find on GitHub....

March 15, 2021 · javad