🚩
HACKBOOK OF A HACKER
  • README
  • CTF Writeups
    • Intigriti Challenges
      • 1223
    • ASIS CTF quals 2022
      • Beginner Ducks
    • CSAW 2022
      • Dockreleakage
      • My Little Website
      • Word Wide Web
    • Cybersecurityrumble CTF 2022
      • Crymeplx
      • Revmeplx
    • HTB University CTF 2023
      • Rev
        • Windowsofopportunity
    • Metared 2022
      • 1x02..ware
      • Backwards
    • Reply CTF 2022
      • Dungeons And Breakfast
    • Teamitaly CTF 2022
      • Flag Proxy
    • MOCA CTF 2024 Quals
      • RaaS [WEB]
  • Smart Contracts Security
    • Code 4 Rena
      • High Risk Findings
        • Anyone Can Pass Any Proposal
        • Arithmetic Rounding
        • Can Vote Multiple Times By Transferring NFT In Same Block As Proposal
        • Never Ending Proposal
        • Reusing Signatures
        • Signature Verification Can Be Bypass With Zero Address
        • Untyped Data Signing
        • Wrong Calculation Of Apr
      • Low Risk Non Critical
        • Dont Check If Some Entity Actually Exists
      • Medium Risk Findings
        • Bypass Signature Validity Check
        • Copy Of Lack Of Verification In Hashes
        • Function May Run Out Of Gas Leading To Loss
        • Incorrect Initialization Of Smart Contracts With Access Control Issue
        • Invalid Signature Lead To Access Control
        • Lack Of Checks If One Entity Get Hacked
        • Lack Of Verification In Hashes
        • Missing Upper Limit
        • Missing Zero Address Checks
        • Possible Dos Because Unbounded Loop Can Run Out Of Gas
        • Too Much Trust To Certain Roles
        • Unreversable Actions
        • Useless Nft
  • T.I.L.
    • 16 09 22
Powered by GitBook
On this page
  1. CTF Writeups
  2. Metared 2022

Backwards

REV | 244 pts - 25 solves

Description:

We have a.out ELF, and enc.enc, some encrypted data. Opening a.out in Ghidra we clearly see in the main function that it's taking some files in input, and applying AES-CFB-128 encryption.

  local_10 = fopen(*(char **)(param_2 + 8),"r");
  local_18 = fopen(*(char **)(param_2 + 0x10),"w");
  local_68 = 0x6979656b73696874;
  local_60 = 0x6461627972657673;
  local_58 = 0;
  local_75 = 0x74657375746e6f64;
  local_6d = 0x69736968;
  local_69 = 0;
  AES_set_encrypt_key((uchar *)&local_68,128,&local_178);
  local_17c = 0;
  do {
    sVar1 = fread(local_38,1,0x10,local_10);
    local_1c = (int)sVar1;
    AES_cfb128_encrypt(local_38,local_48,(long)local_1c,&local_178,(uchar *)&local_75,&local_17c,1);
    sVar1 = fwrite(local_48,1,(long)local_1c,local_18);
    local_20 = (undefined4)sVar1;
  } while (0xf < local_1c);
  return 0;

Looking at the arguments of AES_cfb128_encrypt() function we see that it takes key at 4th parameter, IV at 5th parameter, but easier we could just patch the last arguments that appear to be encryption mode: 0x1 to encrypt, 0x0 to decrypt.

So patch this instruction:

0010126e 6a 00  PUSH  0x1

to:

0010126e 6a 00  PUSH  0x0
$ ./a.out.patched enc.enc flag && file flag
flag: PNG image data, 603 x 500, 8-bit/color RGBA, non-interlaced

The decrypted enc.enc it's a png file.

eog flag
CTFUA{ReVvVv}
Previous1x02..wareNextReply CTF 2022

Last updated 1 year ago