Category: Binary
Points: 200 Description:
h4x0r, after 10e^46578398239 blinks of the cursor on his windows 98 machine, managed to create something worth selling. Now, you would expect him to open source it but then how will he upgrade his Castle? Now you and I don't buy softwares do we? And this "Enter the Registration Key" prompt makes you and I want to tear your hairs apart. Your job is to get that #$&%$##@ key. This should be easy for us but we want you to have the fun.
You can find the software here
Get cracking!
Solves:
我不太會逆向,只好用些笨方法。開了題目給的程式後,反正不知道key就亂敲看錯誤訊息,敲完後可看到這串「Invalid key. Please retry」,接著開OllyDgb分析那隻project.exe。
首先右鍵把View->切換成project1,再右鍵Search for->Binary string,直接Unicode搜「Invalid」,一搜就中,最後右鍵Analysis->Analyze code,往上看就發現key了。
練習來源:
自解
Points: 500 Description:
h4x0r realized that his software had a vulnerability and has fixed the software now. After using it free for so much time, no one wants to buy it. Just get us the key again.
You can find the software here
Get cracking!
Solves:
用了上面同樣的方法去分析,有找到應該是key的東西,不過試了「N3f`N3f`4」、「XN3f`~」、「N3f`N3f」都沒成功,感覺還是得改code,這塊還不太會,跳過。
Points: 50 Description:
One day, after getting tired of being made fun of by all the other hackers, he decided to finally take a look at BASH. His first thoughts were "Bash? Bash Windows? Oh those violent script kiddies!". After finishing hundreds of online tutorials, he accidentally (obviously)found a flag. His next status update was " The script kiddies will never be able to get the flag from this password protected binary.
How dare he call you and us "script kiddies"?! Take him down. Here is the file . For 32bit users - file
Solves:
首先strings binary50後,可在字串中找到一些有趣的資訊:
接著根據提示的Password,一個個去嘗試,如「./binary50 Advicemallard」,若密碼錯誤就會顯示「Nothing to see here」,直到試到「./binary Masternamer」即可得flag。
練習來源:
自解
Points: 100
Description:
Solve it . As simple as that !
Here is the source code of that binary .
Flag is the md5 of secret string.
Download the binary file . For 32bit users - file
Solves:
抱著不是太大的期望直接strings那隻buffer竟然就直接看到flag了,只好默默的關掉ida pro...
練習來源:
自解
Category: Crypto
Points: 400
Description:
Now, this is an open challenge. h4x0r has created his own encryption algorithm and has decided to challenge all the hackers in the world. He has made the code public here.
He challenges you to find the text he has encrypted and promises to reward you handsomely if you manage to do so. To make things simpler he has also given you the hint that the text he has encrypted is only alphanumeric.
The text encrypted using the above algorithm is:
168 232 100 162 135 179 112 100 173 206 106 123 106 195 179 157 123 173
The flag is the MD5 of the decrypted text.
HINT: Sometimes the most direct approach gives the answer
Solves:
這題看完果斷覺得自己解沒搞頭,查了別人writeup說那份encrypt code裡的關鍵點是:
有用了php裡的rand(array,number) function,code裡的array給10,number註解說是ASCII的最大值,這裡應該是指可列印字符的最大值,也就是32 ~ 127,故可知key值是介於10 ~ 127之間。
然後就是寫程式讓
count(plain text) == count(cipher text)即可得知原文為何。
不過這題我還不是很理解就是。
練習來源:
Backdoor CTF - Crypto 400
參考資料:
1.PHP array_rand() 函数
2.
ASCII 控制字符(美國標準資訊交換標準碼)
Points: 250
Description:
While poking around H4x0r's security systems , two text files containing 16*32 array of hexadecimal charecters . Neither adding nor subtracting the files from each other helped . H4x0r seems fond of bases lower than decimal . Unless you manage to crack this , he will succeed in his evil plans to rule the world .
HINT : H4x0r loves binary representation and of course does the opposite of what everyone else does. So when everyone else uses XOR he... If after this you still are stuck, this might help you: for some reason he thinks pigs are related to ciphers!
Solves:
題目看完不知道從何下手,看hint也只知道過程中可能會用到XNOR和pigpen cipher,不過關鍵的第一步沒頭緒後面還是沒搞頭。同樣找不到writeup,跳過。
Points: 75
Description:
Decrypt this string 'RIVXR ITWZV OHVFM HVBMV HFVHC GLHEG RZHVR VS'
Flag is the MD5 of decoded string.
May the Force be with you !
HINT: Wait a sec! was that Force or Source!
Solves:
一開始想說丟凱薩看看,跑出來果然都沒東西,再仔細看hint,感覺應該是用某種方式直接去看就好,所以我把它每五個換一行去猜是不是玩藏頭詩,畢竟分數頗低,不過看起來也是錯的,網路上也找不到writeup就先跳過。
Category: Forensics
Points: 150
Description:
H4x0r decided he needs one more extra layer of advanced security. His access key is a QR code, and keeps the only copy in his wallet. But when leaving his castle he fell into the moat and the QR code got wet and disfigured. Now he cant get back into his own castle and desperately needs a real hacker's help. His post on craigslist says so. This is your chance to get into his head.
Here is the disfigured QR code:-
The Flag is md5 of last 13 characters of password hidden in the QR.
H4x0r promises to reward 150 h4x0rcoins anyone who gives him the password.
HINT: Hmmm... Can't I just try and reverse the fading somehow?
Solves:
這題我用photoshop先把曲線條成自動,接著再針對中間比較模糊的地方稍微調整一下他的亮度跟對比,再透過小畫家手動塗黑比較模糊的部分:
接著會發現其實這張並不是一個正確的QR code,原因在於左下角的方框長的要和左上、右上一樣,所以可以合理的推測:圖片有一半是被黑白反轉了。
所以我們要做的就是拿調整好的圖片,和整張顏色反轉的圖片做合併:
=>
接著丟到可以分析QR code的
線上工具後,可得網址為「http://sdslabs.co.in」,再看hint有說md5最後13個字元,所以直接「echo -n sdslabs.co.in | md5」即可得flag。
練習來源:
自解
Points: 300
Description:
H4x0r has now learnt that simple text authentications are not the in thing today. Also since voice authentication is all the rage nowadays thanx to siri, he decided to get one for his castle. But he messed it big time and now has a audio file which he himself can't seem to decipher. So now he needs your help to get into his own castle.
You can find the file here.
Find the hidden passphrase, the flag is the MD5 of the passphrase.
HINT: It is a audioWAVE. Sometimes you might have to see things instead of hearing them.
Solves:
首先將siri_audio.zip解壓縮後會得到一個wav檔,直接丟去
Audacity分析,會顯示如下圖的畫面,若稍微有學過點電子學,可知道這波形很明顯是一個0、1訊號:
如果不太理解,最簡單的判斷方式就是想像一個0->1或1->0的過程是一個完整的週期,我們要算的是一個週期的值是什麼,而0->1這個週期的結果是0;1->0的結果是1。
所以從第一個週期開始至最後的結果依序為「011000100110000101101011011001000110111101110010」
接著利用Binary to ASCII的
線上工具去轉換,可得「bakdor」,最後直接MD5 :
「echo -n bakdor | md5」即可得flag。
練習來源:
ctfs/write-ups-2013
參考資料:
1.
基本傳輸原理類比信號與數位信號波形時域分析
Points: 250
Description:
h4x0r is fed up with all your attacks on his castle and has decided to retaliate by attacking us back. He sent us a mail with this image as a warning. Hope you can figure out his warning message:-
MD5 of the message is the answer.
Solves:
首先會拿到如下圖片:
利用
stegsolve將圖片不斷調整色階,會發現圖片在調成Gray bits時,左上角出現一串非常小的字,如下圖:
接著把分析成Gray bits的這張照片存檔,並透過
get.py把左上角那串字以0、1方式表示(沒顏色0,有顏色1),會得到如下字串:
「011011010110111101100100011001010111001001101110011101110110000101110010011001100110000101110010011001010000000000000000000000000000」
再來把這串餵給有Binary to ASCII的
線上工具去轉換,可得「modernwarfare」,最後直接MD5 :
「echo -n modernwarfare | md5」即可得flag。
#echo -n 為取消行末的的換行符號
練習來源:
ctfs/write-ups-2013
參考資料:
1.
隐写术总结
2.
图像处理(Python Library Image)
3.
echo命令的使用
如欲閱讀更多CTF Writeups,請見
CTF Write-ups練習
