upload babyrev challenge

polygl0ts · Aug 26, 2021 · 0dde13b · 0dde13b
1 parent 3f94bde
commit 0dde13b
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 0 deletions.
diff --git a/20210824_babyrev/babyrev b/20210824_babyrev/babyrev
diff --git a/20210824_babyrev/solver.py b/20210824_babyrev/solver.py
@@ -0,0 +1,55 @@
+from string import ascii_uppercase, ascii_lowercase
+
+check = [0x5f,0x40,0x5a,0x15,0x75,0x45,0x62,0x53,0x75,0x46,0x52,0x43,0x5f,0x75,0x50,0x52,0x75,0x5f,0x5c,0x4f]
+
+# Reverse memfrob() XOR
+decrypted_check = []
+for c in check:
+    decrypted_check.append(c^42)
+
+
+
+# Finds the number of shifts for each position
+def find_shifts():
+    shifts = []
+    for i in range(20):
+        a = 4*i
+        while(True):
+            if is_prime(a):
+                shifts.append(a % 26)
+                break;
+            a += 1
+    return shifts
+
+# Returns True if n is prime, else returns False
+def is_prime(n):
+    if n > 1:
+        # check for factors
+        for i in range(2,n):
+            if (n % i) == 0:
+                return False
+        else:
+            return True
+
+        # if input number is less than
+        # or equal to 1, it is not prime
+    else:
+        return False
+
+
+shifts = find_shifts()
+
+flag = "corctf{"
+
+for i in range(20):
+    c = decrypted_check[i]
+    if c >= 65 and c <= 90 :
+        flag += ascii_uppercase[(c - 65 - shifts[i]) % 26]
+    elif c >= 97 and c <= 122:
+        flag += ascii_lowercase[(c - 97 - shifts[i]) % 26]
+    else: 
+        flag+=(chr(c))
+flag += "}"
+
+print(flag)
+
diff --git a/README.md b/README.md
@@ -50,3 +50,23 @@ Some tools/commands we used:
   * set debug level from cmdline: `./x.py DEBUG`
   * use `sendlineafter()` to consume all input and clear the input buffer
   * create `ELF` object and set `libc.address`, then refer to `libc.symbols['system']`
+
+
+## 2021-08-24
+
+The challenge babyrev comes from [corCTF](https://2021.cor.team/) and is about reverse engineering.
+
+We follow the same steps as in the hackmeeting held the 06-08-2021.
+Once the binary is opened in ghidra/ida/radare2 it is pretty easy to grasp the goal of the challenge, the binary expects the flag as input.
+
+Tools we used to reverse the binary :
+
+  * ghidra
+  * [man-pages](https://www.kernel.org/doc/man-pages/)
+  * python3
+
+The team then tried other ways of getting the flag :
+ * use of [angr](https://angr.io/) to solve the challenge with symbolic execution
+ * use of [afl++](https://github.com/AFLplusplus/AFLplusplus) to solve the challenge by fuzzing a decompiled version where a crash was added if the flag was correct.
+
+