File extension

Keynote:

  • gzip, tar, bmp

Tools:

  • stegsolve.jar: A steganographic image analyzer, solver and data extractor for challanges.

查看 c4 檔案類型

$ file c4

c4: gzip compressed data, from Unix

重新命名 c4 為 c4.gz

$ gzip -d c4

gzip: c4: unknown suffix -- ignored

$ mv c4 c4.gz
$ gzip -d c4.gz

解壓出一個 tar archive 的 c4,且 c4 裡面又包了 c4 ,為避免 overwrite ,改名再解壓

$ tar -zxvf c4

x c4: Refusing to overwrite archive
tar: Error exit delayed from previous errors.

$ tar -tvf c4
-rw-rw-r--  0 orange orange 345654 Jul 21 18:02 c4

$ mv c4 c4.tar
$ tar -zxvf c4.tar

x c4

$ file c4

c4: PC bitmap, Windows 3.x format, 480 x 240 x 24

此時 c4 為 bmp 圖片檔,隱約可以看到有字位於左下角

c4_bmp_in_ais3's_misc_question

利用 stegsolve.jar 去處理圖片,在 Red plane 2 模式時就可以清楚看到字了

c4_solved_bmp_in_ais3's_misc_question

Known-plaintext attack

Keynote:

  • cracking ZIP Files
  • you need to have one of the original files contained in the encrypted archive

Reference:

  • https://www.hackthis.co.uk/articles/known-plaintext-attack-cracking-zip-files

Tools:

  • pkcrack

一開始先確認 facebook.zip 為 zip 檔

$ file facebook.zip

facebook.zip: Zip archive data, at least v1.0 to extract

打開後發現有加密,試著看壓縮檔裡面有什麼檔案

$ unzip -l facebook.zip

Archive:  facebook.zip
  Length     Date   Time    Name
 --------    ----   ----    ----
       38  07-15-15 18:15   key.txt
        0  07-15-15 18:13   p960x960/
    26664  10-30-13 08:19   p960x960/851556_443281069111871_602278786_n.png
 --------                   -------
    26702                   3 files

藉由網路上的教學

you need to have one of the original files contained in the encrypted archive What you are going to do with it is you are going to compress it using the same compression method as the protected file. Remember this, otherwise it won’t work. So after you do that, move both your zip files, the encrypted one and the plaintext zip

去 google 找 851556_443281069111871_602278786_n.png

851556_443281069111871_602278786_n.png

壓縮該檔案(包含完整路徑)

$ zip -r plaintext.zip p960x960/851556_443281069111871_602278786_n.png
$ file plaintext.zip

Archive:  plaintext.zip
  Length     Date   Time    Name
 --------    ----   ----    ----
    26664  07-25-15 00:09   p960x960/851556_443281069111871_602278786_n.png
 --------                   -------
    26664                   1 file

執行 pccrack

pkcrack -C facebook.zip -c “p960x960/851556_443281069111871_602278786_n.png” -P plaintext.zip -p “p960x960/851556_443281069111871_602278786_n.png” -d decrypted.zip -a

解壓縮 decrypted.zip,裡面的 key.txt 就放著 flag

RSA Cracking

Keynote:

  • a 768 bit RSA crack when all you have is the file you want to decrypt, and the public key

Reference:

  • http://m0x39.blogspot.tw/2012/12/0x00-introduction-this-post-is-going-to.html
  • http://blog.orange.tw/2014/10/hack-in-box-2014-ctf-writeup-keygenme.html

Tools:

  • rsatool.py: https://github.com/ius/rsatool.git
  • Factordb: http://www.factordb.com
  • rsacrack.py:
usage: cat file python rsacrack.py -d [private key exponent] [public key modulus]
  • p = randomly chosen prime
  • q = randomly chosen prime
  • n = modulus for public and private keys(n=pq)
  • f(n)=(p-1)(q-1) :: f(n) counts the number of positive integers less than or equal to n that are relatively prime to n
  • e = exponent (chosen as 1 < e < f(n) && greatest common divisor of (e, f(n)) = 1… so e and f(n) are coprime) this is the public key exponent
  • d = e^-1(mod f(n)) or (de) = 1 mod f(n) — this is the private key exponent

在 rsa.py 裡已經有 public key 的 n, e ,藉由 Factordb 找出 p,q 兩個大質數

使用 rsatool.py 找出 private key 的 n, d

$ python rsatool.py -p 800644567978575682363895000391634967 -q 83024947846700869393771322159348359271173 -n 66473473500165594946611690873482355823120606837537154371392262259669981906291 -e 65537
Using (p, q) to initialise RSA instance

n =
92f6a717a4ca87fbb4e008b2ba036d8fc5ca22c8bb61060fef170ce6792ec573

e = 65537 (0x10001)

d =
480c35d4888c65e8073f81e424ff42c28879294c3c4954a295bf3880decf0659

p = 800644567978575682363895000391634967 (0x9a32d32db1c5be9aeac5de0daa5017)

q =
f3fd0751a4697130a74c96ce57bad29305

p.s 83024947846700869393771322159348359271173 (0xf3fd0751a4697130a74c96ce57bad29305)

使用 rsacrack.py

$ cat flag.enc | python rsacrack.py -d 480c35d4888c65e8073f81e424ff42c28879294c3c4954a295bf3880decf0659 92f6a717a4ca87fbb4e008b2ba036d8fc5ca22c8bb61060fef170ce6792ec573 | strings
AIS3{rsaaaaaaaaA_orz}

p.s

n = 0x92f6a717a4ca87fbb4e008b2ba036d8fc5ca22c8bb61060fef170ce6792ec573 = 66473473500165594946611690873482355823120606837537154371392262259669981906291

Reference:

Keynote:

  • filename

Reference:

  • https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher

Tools:

  • Vigenere Cipher Decoder http://www.dcode.fr/vigenere-cipher
  • Vigenère Cipher Codebreaker http://www.mygeocachingprofile.com/codebreaker.vigenerecipher.aspx

藉由第一個連結找出可能的 key length,再由第二個連結,設定 key size 後找出所有的可能,並搜尋 “the key is” 找出可辨識的字串

vigenere_key_length_in_ais3's_crypto_question

vigenere_decode_in_ais3's_crypto_question

64bit assembly code

Keynote:

  • little endian
  • xor

Tools:

  • ida64
  • XOR Calculator online https://xor.pw/
  • Hex to ASCII text converter http://www.rapidtables.com/convert/number/hex-to-ascii.htm

主要觀察 check1, check2, gg function

check1:

stupid_v2_check1_func_in_ais3's_binary_question

check2:

stupid_v2_check2_func_in_ais3's_binary_question

gg:

stupid_v2_gg_func_in_ais3's_binary_question

在 check1 時,to_reg function 會將 input 存入 rdx,key 的值為 0DDDDAAAADADADDAAh,經過運算:

key = (input) XOR 0DDDDAAAADADADDAAh

進入 check2 ,call gg function 並且 ax = 0 時即可進到正確的段落 “Yeah, It’s a flag !!! …”

進入 gg function,分兩次檢查 key 的值,總之 key 的值要為 0BFB7B8CEh 和 0BCB4DEC4h 的連接

key = (input) XOR 0DDDDAAAADADADDAAh
    = 0BCB4DEC4BFB7B8CEh

所以可得 input 值為 06169746e656d6564h 並拿去轉成 ascii,注意 little endian,反向讀取:

dementia

得到一個癡呆 :)

flag: AIS3{dementia}