This past weekend, I briefly participated in PlaidCTF. Unfortunately, with other life priorities interfering, I was not able to play the entire weekend, but I was able to solve one challenge in the time available. The writeup is presented below.
This challenge was presented as a package containing source code and a Linux binary, which you can download here.
This was a taint-tracking variant of ML (Meta Language). I had never programmed in ML before, but the syntax appeared relatively simple to work out via the examples. Running the “failing” examples shows the nature of the challenge – we need to reveal a “private” value:
Fortunately, we can leak a single bit of data via an if statement:
From here, it is a simple matter of brute forcing the flag, bit-by-bit. Fortunately, the source code of the challenge lets us know the length of the flag (36 chars):
You can find the Python script used here. The “%d” placeholder. in “fuck.dog” is the value of the variable y.
As always, thankyou to the PlaidCTF organisers for putting together a well-structured and varied CTF. With any luck, see you all in the DEF CON CTF Qualifier, and in FAUST CTF.