RSS

CSAW CTF 2012: Reversing 2

This entry was posted on Oct 02 2012

Here the challenge was to get the key out of a binary named CSAWQualificationEasy.exe for 200 Points.

The binary is a .NET compiled program, so we used ILSpy to decompile it.

Below is the disassembled code for the main program segment

// CSAWQualificationEasy.Program
private static void Main(string[] args)
{
Console.WriteLine("Okay, going to compute the key. Have to remember
to write it out at the end! I keep forgetting!");
string arg = "";
byte[] array = Program.encrypted;
for (int i = 0; i < array.Length; i++)
{
byte b = array[i];
arg += Convert.ToChar((int)(b ^ 255));
}
Console.ReadLine();
}

If we would have Visual Studio installed on the system, it could be as easy as changing the Console.ReadLine() to Console.WriteLine(arg) and recompile it. As we did not have the M$ compiler installed and were too lazy to get such a bulky package installed, we rewrote it in Python.

The "encrypted" array contains this:

// CSAWQualificationEasy.Program
private static byte[] encrypted = new byte[]
{
171,
151,
154,
223,
148,
154,
134,
223,
150,
140,
223,
198,
156,
207,
198,
153,
199,
203,
206,
201,
158,
205,
205,
207,
201,
205,
205,
206,
154,
202,
207,
157,
198,
199,
154,
204,
203,
201,
207,
203,
200,
157,
200
};

Accordingly, the Python script was 

# Encrypted bytes array of the .NET program:
encrypted_list = [ 171, 151, 154, 223, 148, 154, 134, 223, 150, 140,
223, 198, 156, 207, 198, 153, 199, 203, 206, 201, 158, 205, 205, 207,
201, 205, 205, 206, 154, 202, 207, 157, 198, 199, 154, 204, 203, 201,
207, 203, 200, 157, 200 ]

# This will contain the output string:
decrypted = ""

# Reimplement the for loop to decrypt the string:
for encrypted_chr in encrypted_str:
decrypted = decrypted + chr(encrypted_chr ^ 255)

# Print decrypted string
print decrypted

The output from the script was the solution itself.

Solution: 9c09f8416a2206221e50b98e346047b7

Post a Comment