Friday, March 01, 2019

Challenges for February 2019 SecTalks London

Snow Leopard Cub Looking Curious by Eric Kilby from flickr (CC-SA)

I ran another round of London SecTalks CTF.

There were 12 regular challenges, and 1 super-hard bonus challenge. Only 10/13 got at least one solve during the event, so maybe difficulty or number of challenges were a bit too high.

Challenge files and code used to generate them available on github.

There are no answers below, but some serious hints which might make it too easy.

For previous rounds, see posts about September 2017, November 2017, May 2018, July 2018, and October 2018 CTFs.

from_future_import_flag (5 points)

It was a simple program which could tell you the flag if you run it in year 2020.

Censored SVG (10 points)

A simple HTML file with SVG image on it. The image contains flag covered with some censoring square. SVG image is base64 encoded for one small layer.

Hello RISC-V (15 points)

A simple binary which will give you the flag if you run it. It only runs on RISC-V, so you'll need to figure out a way to do so.

Crystal (20 points)

Password validator binary compiled from Crystal. Binary contains a lot of extra stuff, but validating function shouldn't look all that strange.

Powerpoint (25 points)

PowerPoint PPTX file encrypted with XOR. Flag is on the slides.

RISC-V Verify (30 points)

RISC-V binary validating password. It might be easier to run static analysis, but you should still understand basics of RISC-V assembly. Or you could run gdb on RISC-V emulator.

OCaml (35 points)

Password validator binary compiled from OCaml. OCaml uses unusual integer representation, so it's extra layer of confusion.

It had zero solves during the event.

LOLHEX (40 points)

English text encoded by hex encoding, but which of 16 digits is which is scrambled. Simple statistical analysis should do here.

Imba (45 points)

Password validator written in Imba. It will tell you if you get your flag right. It can be solved by static analysis (data driving logic is easy to see), or in-browser, possibly by by attaching DOM breakpoints.

It had zero solves during the event.

Catzip (50 points)

For mandatory meme challenge. It's a zip format made by gzipping something, then turning it into a PNG containing cat emojis. There's two cat emojis, 8 per row, so you can probably guess where it's going.

FPGA (55 points)

A slight variant of challenge from previous time. It's a small circuit, and you need to find inputs which give positive result. This time circuit has NAND, AND, NOR, OR, and XOR gates.

It's highly advisable to use Z3 or similar for it.

Monoalphabetische Chiffrierung (60 points)

German text encoded with monoalphabetic cipher, and then turned into Unicode Fraktur.

It's actually very easy, as punctuation, capitalization, digits etc. were not really scrambled.

LOL64 (100 points)

For super hard bonus challenge, it's English text encoded by Base64 variant, but which of 64 digits is which is scrambled.

Understandably, it had zero solves during the event.

It's definitely solvable in principle, but I'm not really sure how to write such solver. It can be seen as breaking a key of 64 6-bit parts, so 512 bits total. Knowing that it's all ASCII and simple statistical methods get a lot of those bits, but from that point on it would take some creative statistical analysis. Big difficulty is just size of the key, and how a single error in decoding can mess up all following statistical analysis, and cost a lot of time.

I'm sure there are also some ways to circumvent this whole process, and find exact encoded text from some simple statistical properties, but I didn't try it this way as it's less fun.

No comments:

Post a Comment