Monday, April 28, 2014

CONFidsence DS Teaser CTF 2014 - Writeup

This is a short writeup for the "CONFidsence DS Teaser CTF 2014". I didn't have too much time, so could solve only 2 of the 5 tasks. Here are the solutions:

Stegano50

This was a PDF file, with something hidden. I used pdfwalker from the Origami toolkit (on REMnux) to open it. After browsing the Objects, I found a hint, it said look for morse code. If we decoded the Base64 encoded string at the Keywords, it wasn't the flag :)


So I moved forward, and extracted a few streams decoded, and found the one contained the actual text seen when opening the file.



It contained additional stuff:

/F17 24.7871 Tf -397.717 -321.542 Td [(NoFlagHere!)-406(N)-1(oFlagHere!)-406(NoFlagHere!)]TJ

(...)

/F16 9.9626 Tf 579.515 466.917 Td [(Close)-333(-)-334(but)-333(still)-333(not)-334(here)-333(!)]TJ

(...)

/F16 9.9626 Tf 546.704 989.603 Td [(BABA)-333(BBB)-334(B)1(A)-334(BBA)-333(ABA)-333(AB)-334(B)-333(AAB)-333(ABAA)-333(AB)-334(B)-333(AA)-333(BBB)-333(BA)-334(AAA)-333(BBAABB)-333(AABA)-333(ABAA)-334(AB)-333(BBA)-333(BBBAAA)-333(ABBBB)-333(BA)-334(AAAB)-333(ABBBB)-333(AAAAA)-333(ABBBB)-333(BAAA)-334(ABAA)-333(AAABB)-333(BB)-333(AAABB)-334(AA)1(AAA)-334(AAAAA)-333(AAAAB)-333(BBA)-333(AAABB)]TJ

This AB stuff looked like a morse code. The dashes represented the end of the letters. Let's beautify it:

BABA BBB BA BBA ABA AB B AAB ABAA AB B AA BBB BA AAA BBAABB AABA ABAA AB BBA BBBAAA ABBBB BA AAAB ABBBB AAAAA ABBBB BAAA ABAA AAABB BB AAABB AAAAA AAAAA AAAAB BBA AAABB

-.-. --- -. --. .-. .- - ..- .-.. .- - .. --- -. ... --..-- ..-. .-.. .- --. ---... .---- -. ...- .---- ..... .---- -... .-.. ...-- -- ...-- ..... ..... ....- --. ...--

I used the following website to decode: http://www.lexilogos.com/keyboard/morse.htm

CONGRATULATIONS,FLAG:1NV151BL3M3554G3

Crypto100

This was interesting custom Lotto script. After analysing it, it had 3 main issues which led to solution:

1. It used AES in ECB mode, which means that the same plaintext's ciphertext will always be the same.
2. The following function, generated the same salt with very high (~20%) probability (I didn't get into the details why).

e.g.: it made 999# --> 999#000000000000

def randomExtend(block):
limit = 10**(16-len(block))
# salt
rnd = random.randrange(0, limit)
# mix it even more
rnd = (rnd ** random.randrange(10, 100)) % limit
# append it to the block
return block + ('%0'+str(16-len(block))+'x')%rnd

3. We could see unlimited number of plaintext - ciphertext pairs.

With that if we have enough samples, we will find for each number the salt with all 0s, which will repeat again later, and because of ECB it will be the same, so we will now the actual number, if we build up a database. I made a script, which did this task. At the end I got the flag, cause I won enough times: