ASIS 2015 Finals: License (rev125)

Reading time ~1 minute

This challenge was solved by and the write up was written by one of my teammates, nguyen

We got x64 ELF binary ‘license’

alt

Decompile result of main function starts with opening a file _a\nb\tc_, since it is inconvenient to create file with such name, we replace the filename with following command

hexdump -ve '1/1 "%.2X"' license | sed 's/5F610A6209635F/6B657966696C65/g' | xxd -r -p > license_patch

now we create a file name “keyfile” and get following error.

alt

from next logic, we can see that size of keyfile should satisfy some equation.

alt

which is

44242*X^5 - 45235*X^4 - 1256*X^3 + 14392*X^2 - 59762*X - 1949670109068 = 0

we solve this using z3 solver and found out that size should be 34 byte. next, the file should contain 5 newlines

alt

the file contents needs to be separated with newline and each line has to contain 6bytes which will be compared after XORing with hardcoded XORed key:

iKWoZLVc4LTyGrCRedPhfEnihgyGxWrCGjvi37pnPGh2f1DJKEcQZMDlVvZpEHHzUfd4VvlMzRDINqBk;1srRfRvvUW

alt

As a result, the following equation should be satisfied.

s.add(l4 == 0x686779477857)
s.add(l1 ^ l2 == 0x694b576f5a4c)
s.add(l2 ^ l4 ^ 0x232323232323 == 0x5663344c5479)
s.add(l3 ^ l4 == 0x477243526564)
s.add(l3 ^ (l4 ^ l5 ^ 0x232323232323) == 0x506866456e69)

solving this equation with z3 yields

l1 = 128008166266177
l2 = 32055189049101
l3 = 51768215280947
l4 = 114793625647191
l5 = 57419521861678

generating keyfile with these keys concatenated with newline we get following result

[email protected]:~/tmp# ./license
program successfully registered to ASIS{8d2cc30143831881f94cb05dcf0b83e0}
[email protected]:~/tmp#

GoogleCTF 2018 Quals: Web - BBS

Last weekend I played on the Google CTF 2018 Quals which was one of the best CTFs I played recently. They separated the easy challenges i...… Continue reading

0CTF 2017 Quals: Crypto challenges

Published on March 23, 2017

0CTF 2017 Quals: Choices (reverse, 297pts)

Published on March 23, 2017