reversing – Reversing Code

VolgaCTF 2017 – time_is

29 Marzo, 2017Written by Nox

I solved this challenge with my teammate @javierprtd. Category: Exploiting. Points: 150. Binary: time_is. By executing the binary, we can see.

$ ./time_is 
Enter time zones separated by whitespace or q to quit
hola
hola: 05:54
Enter time zones separated by whitespace or q to quit
%x.%x.%x.%x.%x.%x.%x.%x.%x 
5.66666667.70a3d70b.2ce33e7.e40.bac364a0.350c30aa.2400010.78: 05:54
Enter time zones separated by whitespace or q to quit

$ ./time_is

Enter time zones separated by whitespace or q to quit

hola

hola: 05:54

Enter time zones separated by whitespace or q to quit

%x.%x.%x.%x.%x.%x.%x.%x.%x

5.66666667.70a3d70b.2ce33e7.e40.bac364a0.350c30aa.2400010.78: 05:54

Enter time zones separated by whitespace or q to quit

Well, format string vulnerability found The binary read from stdin using __getlimit function, and the unique limiter is ‘\n’.

    v3 = __getdelim(&lineptr, &n, 10, stdin);

1	v3 = __getdelim(&lineptr, &n, 10, stdin);

The __printf_chk function is used for printing in stdout and checking if the […]

Exploiting asm, CTF, reverse engineering, reversing, x86_x64

XiomaraCTF 2017 – mint

10 Marzo, 2017Written by Nox

Leave a Comment

In this challenge debugging was unneccesary . If I execute it, this is the output:

$ ./mint 
^^^^^^^^^^^^^^ Welcome to My Mini Text editor (Mint)  ^^^^^^^^^^^^^^^^^^^^^^^^
[1] Add text
[2] Edit text
[3] Display text
[4] Exit
Enter ur option :

$ ./mint

^^^^^^^^^^^^^^ Welcome to My Mini Text editor (Mint) ^^^^^^^^^^^^^^^^^^^^^^^^

[1] Add text

[2] Edit text

[3] Display text

[4] Exit

Enter ur option :

We can add a text, edit and show it. The vulnerability So, I add a text, the max length is 0x30, but if edit the text, there are two options:

Enter ur option :2
[1] Append text
[2] Overwrite

Enter ur option :2

[1] Append text

[2] Overwrite

When I choose the first option, we can […]

Exploiting exploiting, reversing

FwhibbitCTF 2017 – Bomb

9 Marzo, 2017Written by Nox

Leave a Comment

Category: Reversing. Points: 450. We need an 8 digits code to disable the bomb. That code is used to operate with two arrays of bytes. Any mistake will make the bomb to explode.

#first array of bytes
aof = [0xF7, 0xFC, 0xB5, 0x83, 0x81, 0xA7, 0x83, 0x89, 0xBD, 0xFD, 0xBF, 0x9E, 0xFA, 0xA6, 0x9A, 0xF4, 0x84, 0xA2]

#second array of bytes
aof2 = [0xBB, 0xA8, 0xEA, 0x84, 0xD7, 0xCA, 0x80, 0x80, 0xEE, 0xA9, 0xB9, 0xDB, 0x91, 0xF0, 0x9D, 0xFB, 0x81, 0xE2, 0xF7, 0xFD, 0xE4, 0x80, 0x86, 0xF1, 0xCC, 0xC5, 0xE5, 0xA9, 0xEF, 0xC0, 0xA6, 0xE3, 0xC8]

#first array of bytes

aof = [0xF7, 0xFC, 0xB5, 0x83, 0x81, 0xA7, 0x83, 0x89, 0xBD, 0xFD, 0xBF, 0x9E, 0xFA, 0xA6, 0x9A, 0xF4, 0x84, 0xA2]

#second array of bytes

aof2 = [0xBB, 0xA8, 0xEA, 0x84, 0xD7, 0xCA, 0x80, 0x80, 0xEE, 0xA9, 0xB9, 0xDB, 0x91, 0xF0, 0x9D, 0xFB, 0x81, 0xE2, 0xF7, 0xFD, 0xE4, 0x80, 0x86, 0xF1, 0xCC, 0xC5, 0xE5, 0xA9, 0xEF, 0xC0, 0xA6, 0xE3, 0xC8]

My solution is below: The code is 8 digits long, every digit goes from 0 to 9, that code is used to operate with […]

Reversing angr, reverse engineering, reversing, x86_x64