Blog Posts
Blog Posts

Mitre STEM CTF 2012 — bin400

Mitre STEM CTF 2012 — bin300

bin300 is an x86 binary that, at first glance, does nothing but print out some strings. Disassembly confirms that this is, in fact, the case:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
080483b4 <main>:
 80483b4:	55                   	push   %ebp
 80483b5:	89 e5                	mov    %esp,%ebp
 80483b7:	83 e4 f0             	and    $0xfffffff0,%esp
 80483ba:	83 ec 10             	sub    $0x10,%esp
 80483bd:	c7 04 24 a0 84 04 08 	movl   $0x80484a0,(%esp)
 80483c4:	e8 27 ff ff ff       	call   80482f0 <puts@plt>
 80483c9:	c7 04 24 d8 84 04 08 	movl   $0x80484d8,(%esp)
 80483d0:	e8 1b ff ff ff       	call   80482f0 <puts@plt>
 80483d5:	b8 00 00 00 00       	mov    $0x0,%eax
 80483da:	c9                   	leave
 80483db:	c3                   	ret
 80483dc:	90                   	nop
 80483dd:	90                   	nop
 80483de:	90                   	nop
 80483df:	90                   	nop
So, we simply ran objdump -s on it instead, and found this:
1
2
3
4
5
6
7
8
9
Contents of section .comment:
 0000 4743433a 20285562 756e7475 2f4c696e  GCC: (Ubuntu/Lin
 0010 61726f20 342e352e 322d3875 62756e74  aro 4.5.2-8ubunt
 0020 75342920 342e352e 3200584f 52204b65  u4) 4.5.2.XOR Ke
 0030 79732027 30783037 30343137 37362720  ys '0x07041776'
 0040 27307830 38313431 39343527 20616e64  '0x08141945' and
 0050 20273078 30343135 31393437 272c206f   '0x04151947', o
 0060 6e652066 6f722065 61636820 61727261  ne for each arra
 0070 7920656c 656d656e 7400               y element.
We also notice that the .data section contains a suspicious array of bytes:
1
2
3
4
5
Contents of section .data:
 804a020 00000000 00000000 00000000 00000000  ................
 804a030 00000000 00000000 00000000 00000000  ................
 804a040 3b54452a 74212539 045a2332 00000000  ;TE*t!%9.Z#2....
 804a050 00000000 00000000 00000000 00000000  ................
We chose to follow the advice of the comment, and wrote a short program:
1
2
3
4
5
6
7
8
9
10
11
12
13
#include <stdio.h>

int b[] = { 0x2a45543b, 0x39252174, 0x32235a04 };
int a[] = { 0x07041776, 0x08141945, 0x04151947 };
int c[] = { 0, 0, 0, 0 };

int main() {
    for (int i = 0; i < 3; i++) {
        c[i] = a[i] ^ b[i];
    }
    puts((char *)c);
    return 0;
}
1
2
3
% gcc -std=c99 solution.c -o solution
% ./solution
MCA-1811CC66
This produces the desired key.

Continue Reading →

Mitre STEM CTF 2012 — bin200

Mitre STEM CTF 2012 — bin100

Defcon 2012 Quals — bin200

Defcon 2012 Quals — bin100

pCTF 2012 Statistics

As many of you know, PPP recently ran its own CTF: PlaidCTF. As running a CTF tends to produce a lot of data, we thought it might be interesting to have a look at some of the statistics related to this data.

Continue Reading →

jit source and writeup

This is the third of a series of posts where we’ll give our solutions (as well as source code) for some problems from Plaid CTF 2012.

Continue Reading →

sfs source and writeup

This is the second of a series of posts where we’ll give our solutions (as well as source code) for some problems from Plaid CTF 2012.

Continue Reading →

NoStarch Book Reviews

A while ago, No Starch Press generously donated to PPP some of their awesome book releases in computer security!

Continue Reading →