Oman National Cyber Security CTF Quals \ GUI I

-

  The challenge:

Category: Malware Reverse Engineering
Level: easy  
Points: 50
The correct input is the flag,format flag{xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

The solution :

 I open the GUI.exe using dnspy tool because it is a .net file 

it contains form with 8 check boxes and button and 4 labels
when you hit the button the label will change to number 
when i take a look at the button click event i saw this
the code is very simple 
every time the button clicked it takes the number 2 raised to the power num2
num2 is the index of the checkbox that we checked it from array 
then calculate the result and store it in num 
so we Jumped into conclusion :
checkbox1.checked = array(0) >> num = math.pow(2,0) = 1
checkbox2.checked = array(1) >> num = math.pow(2,1) = 2
checkbox3.checked = array(2) >> num = math.pow(2,2) = 4
checkbox4.checked = array(3) >> num = math.pow(2,3) = 8
checkbox5.checked = array(4) >> num = math.pow(2,4) = 16
checkbox6.checked = array(5) >> num = math.pow(2,5) = 32
checkbox7.checked = array(6) >> num = math.pow(2,6) = 64
checkbox8.checked = array(7) >> num = math.pow(2,7) = 128

after that it checks if num is equal to number from the label3 + 10
if we go to InitializeComponent 
we found that label3.text is 

then lablel2.text = char of num
it sound clear that label3.text value is the flag
we can code simple python script to get our flag by taking every number in label3
and add 10 to it or we can try to get the correct pattern of check boxes for
every letter from the flag
the first way by using this python script :

num = "92 98 87 93 113 95 105 85 106 94 95 105 85 89 87 91 105 87 104 85 89 95 102 94 91 104 53 115"
numb = num.split(' ')
result = ""
for a in numb:
    result += chr(int(a)+10)
print(result)
and here is our flag :



تعليقات

إرسال تعليق

المشاركات الشائعة من هذه المدونة

Hook-me write up

-
صورة
Syria National CTF (Finals) Hook-me challenge we had an android app named hook-me, back to the time of the competition we solved the challenge by de-compiling the apk and patching the smali code then recompile the app and signing it to get the flag , since that time i felt there should be another way to solve it using hooking so  i decide to write this write-up after finding the second way to solve this hook-me . by de-compiling the apk and viewing its source code using apktool and dex2jar or simply using Jadx if you have no idea what i'm talking about then i recommend you read this guide Android App Reverse Engineering 101 then back to continue reading this post. when you view the source code you will see the following : as you see we have to change DoSomeMagic(55); to DoSomeMagic(256); then the flag will be displayed so to do this without patching the apk we can use a great tool called Frida but i never used it before so i have to read the documentation https://frida.re/docs/andr
قراءة المزيد

Can-CWIC CTF 2017 rev me easy writeup

-
صورة
hi there  in this article i'll tell you how i solved the rev me easy  challenge in can-cwic ctf 2017,so let's go first the challenge look like the image below   after downloading the file  Let’s take a look at the binary in IDA    so as we saw it is pretty simple  it is just move group of values one by one to edx then xor it with the value in eax  now what is the value in eax  let's scroll up a little bit and we found it it is 0x10 so after i collect all the values that been mov to edx and xored  in order to solve the challenge i wrote a python script that do  the same operation the app do and print the result  wish supposed to be the flag cc = "" bb = [] aa = [ 0x56 , 0x5c , 0x51 , 0x57 , 0x6b , 0x42 , 0x23 , 0x66 , 0x75 , 0x62 , 0x63 , 0x79 , 0x7e , 0x77 , 0x4f , 0x79 , 0x25 , 0x4f , 0x7e , 0x20 , 0x64 , 0x4f , 0x64 , 0x78 , 0x71 , 0x64 , 0x4f , 0x78 , 0x71 , 0x62 , 0x74 , 0x2f , 0x6d , 0x7 ] for a
قراءة المزيد