This post continues on from the last, where I will post two more writeups.
Many of the challenges in this CTF were gated behind LuciferVM, an OVA package which contained a VMWare Virtual Machine and VMDK Disk file. To access these challenges, I mounted the VMDK to my CTF sandbox host.
Firstly, I used qemu-img to convert the vmdk file to a “raw” file. I then used the “fdisk -l” tool to identify the partitions on the disk:
Then, I used losetup to build a loop device, which splits the file into it’s two partitions (loop0p1 and loop0p2):
Then, knowing (from other challenges) that the second partition was LUKS encrypted and the password was “WelcomeBack,Hackerman”, I could use cryptsetup and mount to open the partition as usual, giving me /mnt/lucifer01.
This gives us access to the challenges inside LuciferVM.
Worth a Thousand Words
This challenge was presented as a series of 3 images, as a part of LuciferVM. You can download the three files here.
This is your classic image steganography challenge, and the usual techniques apply. The flag comes in three parts. The first part (kinda) can be identified via a strings command:
The second part can be extracted out via binwalk from 2.jpg:
The third images is a little trickier. “file” turns up nothing, but opening the file in a hex editor shows a mangled PNG header. We can repair the image by inserting a new header from a legitimate PNG image, and then fixing up the image width (according to the hint about a 16:9 aspect ratio). This gives us the following picture:
We can take the QR code on the display to zxing.org, and after a little bit of tweaking (it doesn’t like mismatched colours around the image edge?) it reveals our flag:
Putting all three pieces of the flag together yields an easy 200 [?] points.
The Never Ending Crypto
Those of you who also participated in last year’s challenge will remember the Never Ending Crypto. This was a fantastic challenge, testing one’s perseverance as they slogged through ciphertext after ciphertext, starting again at each error. Seeing this pop up again stirred something in the frozen depths of my heart, so I had a go.
This year’s was a little lighter touch – there are only 50 levels, and at each stage, you are invited to submit a plaintext which the challenge server will encrypt, then you will be asked to decrypt a corresponding ciphertext. The cipher in this case was a character shift and substitution cipher.
A little bit of Python scripting later, and we have our flag (soz, I forgot to save a screenshot).
In summary, I enjoyed this year’s TUCTF challenge as much as last year’s. As always, thanks to the asciioverflow / TU team for putting this event together, and well done for having another quality event. I eagerly hope to see, and participate in, next year’s TUCTF, and next year’s Never Ending Crypto.