ASIS 2015 Finals: ASIS Hash (rev150)

Reading time ~1 minute

This challenge was a simple reversing challenge.

The first step was NOPing out the ptrace “anti-debug” call and finding out the main hash function which was at the 0x401B40 address.

alt

This accepted the flag as an input and used big integer math to calculate it’s hash. This hash was compared to a static buffer (there was a little trick that only every 4th number was used from that buffer).

The hash function can be summarized with this python code:

result = 0
for c in flag:
    result = result * 33 + (ord(c) ^ 0x8f)

And we know that the hash of the real flag was:

27221558106229772521592198788202006619458470800161007384471764

So we could calculate the flag easily with the following code snippet:

p = 'abcdef0123456789'
def f(h, l, x):
   if l == 0:
       if h == 210839978725:
           yield 'ASIS{' + x
   else:
       for c in p:
           if ((ord(c)^0x8f) % 33) == h%33:
               for r in f((h - (ord(c)^0x8f))//33, l-1, c+x):
                   yield r
h0 = 27221558106229772521592198788202006619458470800161007384471764
x = list(f((h0-(ord('}')^0x8f))//33, 32, '}'))
print x

The flag was:

ASIS{d5c808f5dc96567bda48be9ba82fc1d6}

HITCON CTF 2019 Quals: Reverse - EmojiVM

This challenge was a VM implemented where every instruction was an emoji. For the first part of the challenge we had to reverse a flag ch...… Continue reading

HITCON CTF 2019 Quals: Reverse - CoreDumb

Published on October 19, 2019

HITCON CTF 2019 Quals: Pwn - Crypto in the shell

Published on October 19, 2019