Writeup – Pupper (PlaidCTF)

This past weekend, I briefly participated in PlaidCTF. Unfortunately, with other life priorities interfering, I was not able to play the entire weekend, but I was able to solve one challenge in the time available. The writeup is presented below.


This challenge was presented as a package containing source code and a Linux binary, which you can download here.

This was a taint-tracking variant of ML (Meta Language). I had never programmed in ML before, but the syntax appeared relatively simple to work out via the examples. Running the “failing” examples shows the nature of the challenge – we need to reveal a “private” value:

Fortunately, we can leak a single bit of data via an if statement:

From here, it is a simple matter of brute forcing the flag, bit-by-bit. Fortunately, the source code of the challenge lets us know the length of the flag (36 chars):

You can find the Python script used here. The “%d” placeholder. in “fuck.dog” is the value of the variable y.

As always, thankyou to the PlaidCTF organisers for putting together a well-structured and varied CTF. With any luck, see you all in the DEF CON CTF Qualifier, and in FAUST CTF.

About Norman

Sometimes, I write code. Occasionally, it even works.
This entry was posted in Bards, Computers, Jesting. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.