Team Reboot

We were given the following C source code:

#include
#include

printf("Get your key: ");
printf("%x\n", hash);
return 0;
}`

So lets compile it:

$ gcc -o rev100 code.c
code.c: In function ‘main’:
code.c:7:6: warning: incompatible implicit declaration of built-in
function ‘exit’ [enabled by default]
code.c:13:6: warning: incompatible implicit declaration of built-in
function ‘exit’ [enabled by default]
code.c:19:6: warning: incompatible implicit declaration of built-in
function ‘exit’ [enabled by default]
code.c:24:6: warning: incompatible implicit declaration of built-in
function ‘exit’ [enabled by default]

Below is the commented source code:

#include
#include

printf("Get your key: ");
printf("%x\n", hash);
return 0;
}

We can use bash to convert hex values automatically and to do some
basic calculations with the $(()) construct.
(Programmers are lazy, right?)

$ ./rev100 $((0xcafe)) $((17*1+8)) h4cky0u
Brr wrrr grr
Get your key: c0ffee

$ ./rev100 $((0xcafe)) $((17*3+8)) h4cky0u
Brr wrrr grr
Get your key: c0ffee

Solution: c0ffee

The challenge was to extract the key hidden inside the PNG image below.

 

By using the stego plugin for Paint.NET and extracting the 1-bit hidden image (shown below), we noticed that there seems to be a repeatable pattern in the least significant bit of a pixel.

 

So lets examine it a bit further.

>>> from PIL import Image
>>>
>>> # Open PNG image object.
>>> im = Image.open('stg300.png')

When we get the least significant bit of each color channel of a pixel, we see that this bit is the same for each color channel. As an example,

> Pixel: 0×0
> DecToBinary: 0000001[0]
> DecToBinary: 0000110[0]
> DecToBinary: 0001000[0]
> Pixel: 0×1
> DecToBinary: 0000010[1]
> DecToBinary: 0000111[1]
> DecToBinary: 0001001[1]

We discovered that the LSB of each color of the pixel has always the same value.
So, for pixel 0, only keep 0.
For pixel 1, only keep 1.
Thus after 8 pixels, we have 1 byte of hidden data consolidating all the bits collected.

>>> for pixel in im.getdata():
... print [color & 1 for color in pixel]

[0, 0, 0]
[1, 1, 1]
[0, 0, 0]
[0, 0, 0]
[0, 0, 0]
[0, 0, 0]
[1, 1, 1]
[1, 1, 1]
[0, 0, 0]
[1, 1, 1]
[1, 1, 1]
[0, 0, 0]
[1, 1, 1]
[1, 1, 1]
[1, 1, 1]
[1, 1, 1]
[0, 0, 0]

When we look the number of pixels we can see that we have a multiple of 8, so by using only the least significant bit of one color channel of a pixel we can make full bytes.

>>> print "Number of pixels: " + str(len(list(im.getdata())))

Number of pixels: 229920

Extract the least significant bit of only one color channel of each pixel:

>>> # Store least significant bit of each pixel (of only one color) in lsb
>>> lsb = ""
>>>
>>> for pixel in im.getdata():
... # Add least significant bit of the current pixel.
... lsb += str(pixel[1] & 1)
...
>>> print "".join([ chr(int(lsb[i:i+8],2)) for i in range(0, len(lsb), 8) ])

Congrats
You win!
The
Flag
is
4E34B38257200616FB75CD869B8C3CF0 *** Congrats
You win!
The
Flag
is
4E34B38257200616FB75CD869B8C3CF0 *** Congrats
You win!
The
Flag
is
4E34B38257200616FB75CD869B8C3CF0 *** Congrats
You win!
The
Flag
is
4E34B38257200616FB75CD869B8C3CF0 *** Congrats
You win!

Solution: 4E34B38257200616FB75CD869B8C3CF0

We were given a Wireshark capture file and the following instructions:

Epic Arc

----------

Mister You is willing to hire someone who can repeat his investigation.
Arc starts from here



Part 1. Find the secret link in this conversation

Part 2. What's the md5 of the file being transferred?

Part 3. Find and solve it. It's up to you

We loaded the file in Wireshark and converted it to libpcap format. Then again loaded the converted capture file in Network Miner.

Switching over to “Messages” tab lists down four messages out of those, the second one was obviously the key.

Solution: http://tinyurl.com/8pdox5a

The challenge was to get the flag out of the files contained in the archive attached.

We need your help, soldier!

Your goal today is to help us obtain the access to Oscaderp Corp mainframe.
Our intelligence has managed to install a keylogger and a formgrabber on some bad person’s work laptop. You don’t need his name to do your job.
Everything worked as planned, the victim visited mainframe’s authentication page, https://authen.intranet/, and started to type in the password.
But when he had a couple characters left, the keylogger got busted and hard-killed by him.

Present intelligence evidence:
[*] The password that’s being used is 1,048,576 characters long.
[*] According to our calculations, our keylogger managed to capture 1,048,568 password keystrokes.
[*] Formgrabber remained unnoticed, and in a few hours we’ve got the logs with successful mainframe authentication.
The only major problem: they use client-side MD5 to protect the password from being eavesdropped.
[*] We also managed to acquire the source code of the authentication mechanism

You can find all the necessary files in the archive.

YOUR GOAL: obtain the password to the mainframe, and post its SHA1 hash as the flag.

import md5
import sha

# Bruteforce the password.
bruteforce(key_partial)

The output from the above code was:

SHA-key: 947c83329e6cf2d9b747af59edf7974752afd741
8 last characters: 69880983

Solution: 947c83329e6cf2d9b747af59edf7974752afd741

Factorizing large numbers is hard. But, prior to solving this challenge, probably nobody knew how hard it actually is!  The challenge provided an image of a large integer with the word “factorize” prepended in front of it. The PNG picture changes every time you visit the page again.

We fetched the HTML of the challenge first to have a look inside.

$ curl http://misteryou.ru/ppc300/

So what we need to do is to find factors of the big number.

With Wolfram alpha we can input the big number and “factorization” and it will return a list of factors: http://www.wolframalpha.com/input/?i=285333216290284618438394521747220218201+factorization

If we submit the prime number, we get:

ReFactor

You are human! ALERT!

Because, we are too slow.

To automate this process, we need an OCR tool to extract the number from the PNG picture. (typing by hand takes way too long)

It would be nice to calculate the factors with a command line program. First, we tried GNU ‘factor’ of coreutils, but it was very slow (more than a few minutes). Thereafter, we found a much faster and more recent implementation. Just in case if someone wants to get the code:

hg clone http://gmplib.org:8000/factoring

Sadly enough it only supports numbers up to 2^127-1 = 170141183460469231731687303715884105727, while the number that we need to factorize is just one digit bigger.

It is possible to compile it whit GMP (GNU Multiple Precision Arithmetic Library) support, but in that case is seems to be as slow as GNU ‘factor’ of coreutils.

So we decided to use Wolfram alpha anyway (which requires manually copying of the prime factor). When we have one of the factors, we need to send this info with a POST request to http://misteryou.ru/ppc300/

  – captchatype = refactor
  – trueanswer = 3E724A15D0242D2D9D1BB03B
  – answer = prime factor

Our final python code was:

import subprocess
import urllib

fh_answerquestion.close()

The output from the code above:

$ python ./ppc300-solution.py

--2012-10-10 23:51:02-- http://misteryou.ru/ppc300/img/9f9d3b017e405192.png
Resolving misteryou.ru... 159.253.22.174
Connecting to misteryou.ru|159.253.22.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 15407 (15K) [image/png]
Saving to: `9f9d3b017e405192.png'

2012-10-10 23:51:02 (136 KB/s) - `9f9d3b017e405192.png' saved [15407/15407]

Open Wolfram alpha page:

http://www.wolframalpha.com/input/?i=285333216290284618438394521747220218201+factorization

Enter factor: 16747469112141221639

POST parameters: answer=16747469112141221639&trueanswer=3E724A15D0242D2D9D1BB03B&captchatype=refactor

The result was:

Ok, u are robot
Secret is:
1101011
1101001
1101100
1101100
1011111
110001
1011111
1101000
1110101
1101101
1100001
1101110



The binary strings always have 7 digits, so it is very likely that they represent ASCII characters:

$ echo '1101011
1101001
1101100
1101100
1011111
110001
1011111
1101000
1110101
1101101
1100001
1101110' | sed -e 's/
/, /g'
1101011, 1101001, 1101100, 1101100, 1011111, 110001, 1011111,
1101000, 1110101, 1101101, 1100001, 1101110

In python we can easily get the string:

>>> print "".join([ chr(int(str(x),2)) for x in [ 1101011, 1101001, 1101100, 1101100, 1011111, 110001, 1011111, 1101000, 1110101, 1101101, 1100001, 1101110 ] ])

The output from the code above was the flag itself.

Solution: kill_1_human

“Completely Automated Public Turing test to tell Computers and Humans Apart” are means to distinguish between harvesting robots and human being. And the challenge was designed just for that. But, while conventional captcha allows human beings to pass through, this was put to filter them out. Because, this was “Anti-Human” captcha!!!

Every time the challenge page was loaded, we were provided with two large numbers. The task was to add them up and submit the result. But, doing calculation on pen & paper and submitting the result would lead to: "Yor are human! ALERT!"

Why? Because, we are too slow.

Let’s look at the HTML of the challenge.

$ curl 'http://misteryou.ru/ppc100/'

So we have to extract the summation of the large numbers programmatically, e.g.,  64738449533907673340322376539 + 35360273599524495233794387554 and we need to send this info with a POST request to http://misteryou.ru/ppc100/

 - captchatype = hugecaptcha

  – trueanswer = 7888C7B4C6575337D633977

  – answer = the sum we calcuated

Our Python code was

import urllib

fh_answerquestion.close()

The output was

$ python ppc100-solution.py
POST paramters:
answer=91943027263443023031757931408&trueanswer=154FCFED18BED863B49979CE&captchatype=hugecaptcha
summation: 37396914791428204907774727573 + 54546112472014818123983203835

The binary strings always have 7 digits, so it is very likely that they represent ascii characters:

$ echo '1101011
1101001
1101100
1101100
1100001
1101100
1101100
1101000
1110101
1101101
1100001
1101110
1110011' | sed -e 's/
/, /g'
1101011, 1101001, 1101100, 1101100, 1100001, 1101100, 1101100,
1101000, 1110101, 1101101, 1100001, 1101110, 1110011

In python we can easily get the string:

>>> print "".join([ chr(int(str(x),2)) for x in [ 1101011, 1101001, 1101100, 1101100, 1100001, 1101100, 1101100, 1101000, 1110101, 1101101, 1100001, 1101110, 1110011] ])

Output from the above code was the flag.

Solution: killallhumans

What all we had was an encrypted file.

The “XOR” part of the challenge title suggests that we need to do some xorring.

XORing with “XOROWbIu WbI(|)P” or parts of it, don’t give any
interesting results.

Lets do some frequency based analysis.

We used xortool to do this for us.

xortool can:
  –  guess the key length (based on count of equal chars)
  –  guess the key (base on knowledge of most frequent char)

Because the cry200 file is 194 bytes, it is probably a xored sentence,
so a space (= 0×20) should be a frequent character.

$ ./xortool.py -c 20 cry200
The most probable key lengths:
3: 15.7%
6: 20.4%
9: 11.4%
12: 13.8%
15: 7.2%
18: 9.3%
21: 4.6%
24: 7.8%
26: 5.6%
30: 4.3%

Key-length can be 3*n
1 possible key(s) of length 6:
\x96\xa4*\xc3\xc4:
Found 1 plaintexts with 95.0%+ printable characters
See files filename-key.csv, filename-char_used-perc_printable.csv

The output file ‘xortool_out/0.out’ contains the dexored text when
xoring the input file with “\x96\xa4*\xc3\xc4″

>>> open('xortool_out/0.out','r').read()
'Cong (tula& ons!r\x1ehiler=he q\' ck b &wn f=1 jum": ove ithe >(zy
d=., th7iplai sho =er t:(n th7imess3.e. Y=nd'

Though the key was not completely guessed correctly by xortools, nut we can read most of the text now:
  – “Congratuations!”
  – “The quick brown fox jumps over the lazy dog.” ==> standard font
display sentence.

So now we can find the correct xor key, by xoring the input data with ”Congratuations!”

>>> from itertools import izip, cycle
>>>
... def xor_crypt_string(data, key):
... return ''.join(chr(ord(x) ^ ord(y)) for (x,y) in izip(data, cycle(key)))
...
>>>
>>> data=open('cry200','r').read()
>>> data
'\xd5\xcbD\xa4\xe4\x12\xe2\xd1F\xa2\xe2\x1a\xf9\xcaY\xe2\xb6$\xfe\xcdF\xa6\xb6\x07\xfe\xc1\n\xb2\xe3\x1a\xf5\xcf\n\xa1\xe4\x1c\xe1\xca\n\xa5\xf9\x0b\xb6\xce_\xae\xe6\x00\xb6\xcb\\\xa6\xe4S\xe2\xccO\xe3\xfa\x12\xec\xdd\n\xa7\xf9\x14\xba\x84^\xab\xf3S\xe6\xc8K\xaa\xf8S\xee\xcbX\xe3\xf5\x1a\xe6\xccO\xb1\xb6\x1a\xe5\x84Y\xb7\xff\x1f\xfa\x84\\\xa6\xe4\n\xb6\xd1D\xb0\xf3\x10\xe3\xd6O\xe3\xe1\x1b\xf3\xca\n\xb7\xfe\x16\xb6\xcfO\xba\xb6\x1a\xe5\x84G\xb6\xf5\x1b\xb6\xd7B\xac\xe4\x07\xf3\xd6\n\xb7\xfe\x12\xf8\x84^\xab\xf3S\xfb\xc1Y\xb0\xf7\x14\xf3\x8a\n\x9a\xf9\x06\xe4\x84L\xaf\xf7\x14\xac\x84l\xac\xee\x1a\xf3\x84n\xac\xf1\t\xff\xc1\n\x80\xe4\n\xe6\xd0E\xe3\xc6\x04\xf8\xc0'
>>> xor_crypt_string(data, 'Congratuations!')
"\x96\xa4*\xc3\x96s\x96\xa4'\xd6\x8bu\x97\xb9x\xa1\xd9J\x99\xbf'\xd2\xc3f\x8a\xa8e\xdc\x90;\xb6\xa0d\xc6\x96}\x95\xbfk\xd1\x90d\xd8\xbd~\xed\x89n\xd1\xb9=\xd2\x912\x96\xa5
\x8d\x893\xaf\xb2d\xc0\x8bu\xce\xf1?\xdf\x9a<\x88\xbbj\xe9\x97=\x89\xb99\x97\x80{\x92\xa5
\xdf\xc5;\xa6\xeb7\xd0\x8d~\x8e\xf1=\xd2\x8de\xd8\xa2e\xf3\x9c~\x84\xa4.\x97\x94z\x87\xa3e\xd9\x8d7\xf5\xa0!\xdd\xc4{\x91\xf1&\xc2\x9ct\xd8\xa4c\xef\x8bi\x94\xa4k\xc3\x8bs\x8c\xed1\xc5\x80r\xb8\xae7\xd7\x85u\x87\xffk\xee\x90i\x8a\xf7m\xec\x98z\xcb\xf6\r\xd8\x9b{\x87\xed\x01\xc2\x82(\xbc\xaed\xe7\x96k\x92\xa5$\x97\xafk\x96\xb3"

The correct key is: "\x96\xa4*\xc3\x96s

>>> xor_crypt_string(data, '\x96\xa4*\xc3\x96s')
'Congratulations! While the quick brown fox jumps over the lazy dog,
the plain xor cipher is still very unsecure when the key is much
shorter than the message. Your flag: Foxie Dogzie Crypto Pwnd'

Solution: Foxie Dogzie Crypto Pwnd

From the URL we extracted in the Part – I of the challenge, we got a second Wireshark capture log. The task was again to provide MD5 hash of the file being transferred.

Opening in Wireshark, we found that it was a FTP transfer log.

Right clicking on the highlighted entry and selecting “Follow TCP Stream” extracts the entire data transfer. As, FTP protocol opens a new TCP connection as soon as the file transfer begins and closes the TCP connection as soon as the file transfer ends, capturing the TCP session ensures that ONLY the file bytes are taken out, nothing else, nothing else.