During the last week, I participated in the Break In CTF. Unfortunately, I completely neglected to take notes or save binaries, therefore, I can only provide a single writeup, based on the only binary I saved.
Simple Secret 2
This challenge is presented as a Linux binary, which you can download here.
Upon initial analysis, we can see that this binary takes an input string, processes it somehow, then compares it against an existing string:
If this check succeeds, the program then makes an HTTP GET request to the CTF server, which retrieves the flag.
Going a bit further, we can investigate the “input processing” function, at 0x400BB6:
The rand() call is a little worrying – if it turns out that input is somehow combined with random input, we’ll need to either patch this out, or use an LD_PRELOAD hook to make the results of this static for testing purposes.
Our next step is to study this a bit further at runtime using gdb, to break on the strcmp call, to see if we can see anything obvious:
Quickly, we can see that we got trolled, and it’s simply comparing our input against a static string. With this string in hand, we try to run the program again, giving us the flag:
As always, I would like to thank the organisers of the Break In CTF for organising this event. Looking on their website, it appears they run events quite frequently, and in a well organised manner – congratulations to the team for pulling this off. I enjoyed this event (what little time I could spend on it), and look forward to the next one.
grgsm_livemon Headless (+ misc. thoughts)
During this weekend, I also spent some time playing around with my bladeRF. While I am by all accounts a noob, I’ve quickly found this device to be quite versatile, but the interface with which to speak to it (i.e. gnuradio) is rather significant.
I am currently working on understanding the GSM stack, and as part of this, I have modified the grgsm_livemon code to work in headless mode, with no dependency on Qt. You can download this code here.
(It turns out that the Python generated by gnuradio-companion is generally pretty old).
I look forward to exploring more of the SDR world, and posting more about what I learn.
See you all next week in AlexCTF.