/den/face0xff/writeups
  • Introduction
  • 2023
    • FCSC 2023
      • Hola Amigo (reverse)
      • Picasso (reverse)
  • 2022
    • Root-Me 10K CTF
      • chef's kiss
    • FCSC 2022
      • httpd (pwn)
      • Hyper Packer (reverse)
      • Khal Hash (crypto)
    • Hackday Qualifications 2022
      • Cubik'cipher
    • DiceCTF 2022
      • cable management
  • 2021
    • Aero CTF 2021
      • Not received prize
    • FCSC 2021
      • Shared Notes (web, 500)
      • BattleChip (misc, 495)
    • UIUCTF 2021
      • phpfuck_fixed
  • 2020
    • FCSC Prequals 2020
      • Keykoolol (reverse, 500)
      • Macaron (crypto, 200)
      • Merry (crypto, 500)
      • SSEcret (reverse, 500)
      • Why not a sandbox? (pwn, 500)
    • European Cyber Week CTF Qualifiers 2020
      • Antirdroid
      • Windtalkers
    • DefCamp CTF 2020
      • dumb-discord, spy agency, cross me, syntax check
    • ångstromCTF 2020
      • RSA-OTP
  • 2019
    • ECW Quals 2019
      • S3cr37 4g3nt
    • X-MAS CTF 2019
      • FUNction Plotter
      • Emu 2.0
    • Square CTF 2019
      • Go Cipher
    • Byte Bandits CTF 2019
      • babycrypto
    • Securinets Prequals 2019
      • Beginner's Luck
    • STEM CTF 2019
      • QvR Code
      • REbase
    • Pragyan CTF 2019
      • Decode This
      • Save Earth
      • Super Secure Vault
    • CTFZone 2019
      • Agents
Powered by GitBook
On this page
  • Description
  • Solution

Was this helpful?

  1. 2019
  2. STEM CTF 2019

REbase

Binary RE, 400 points

Description

You receive an ELF binary which you must unlock with a key. Find the key and it will contain your flag.

Solution

So I read writeups about solving the challenge the "correct" way and I wanted to share my own solution which does not require any reverse engineering.

We are given a 64-bit ELF rebase. Let's see what's up with it:

╭─face0xff@aniesu-chan ~/stemctf  
╰─$ ./rebase
Usage: ./REbase flag
╭─face0xff@aniesu-chan ~/stemctf  
╰─$ ./rebase zzzzzz
6
tfh5tfh5
ZXFWtmKgDZCyrmC5B+CiVfsyXUCQVfsyZRFzDU4yX2YCD/F5Ih8=
Try Again :(
╭─face0xff@aniesu-chan ~/stemctf  
╰─$ ./rebase MCA{test}
9
ZXFWt2Kse2K8
ZXFWtmKgDZCyrmC5B+CiVfsyXUCQVfsyZRFzDU4yX2YCD/F5Ih8=
Try Again :(

So the binary asks for a flag in argument, and outputs

  • the length of the flag we provided

  • some kind of encrypted version of the flag we provided

  • something that is probably the encrypted version of the actual flag.

We can also notice starting our input with MCA{ makes the first characters of the two ciphers match up. Also, it looks like base64 but

With some groping around, we can find the password without actually reverse engineering the binary. It is just a bit long to do it manually (but still totally doable). I wrote a script to automatize the process (rebase.py).

I am not entirely sure about my script because the farthest it goes only yields this portion of the flag: MCA{Th15_wUz_EaZy_Pe@Zy_L3m0n_SqU33z. We can easily deduce the true flag from there, though.

╭─face0xff@aniesu-chan ~/stemctf  
╰─$ ./rebase MCA{Th15_wUz_EaZy_Pe@Zy_L3m0n_SqU33zy}
38
ZXFWtmKgDZCyrmC5B+CiVfsyXUCQVfsyZRFzDU4yX2YCD/F5Ih8=
ZXFWtmKgDZCyrmC5B+CiVfsyXUCQVfsyZRFzDU4yX2YCD/F5Ih8=
Congratulations!

Enjoy!

PreviousQvR CodeNextPragyan CTF 2019

Last updated 5 years ago

Was this helpful?