Showing posts from September, 2020

Tokyo Westerns CTF 2020 - writeups.

[*]-challenges     [+] (Rev - 126 pts) Reversing iS Amazing     [+] (Rev - 224 pts) Tamarin Our Team Invaders ended up at 21th position in `Tokyo Westerns CTF 2020` conducted by ` TokyoWesterns team `. [Rev] Reversing iS Amazing It is a warmup chall, Given a rsa file, a 64 bit executable. Decompiled the executable with ghidra. As the binary is dynamically linked, we still have the external library function calls. BIO_new_mem_buf d2i_PrivateKey_bio EVP_PKEY_get1_RSA RSA_private_encrypt Those are openssl library API calls, by going through the documentation and code. in the binary it has an EVP key, Cipher text. The binary is creating a RSA private key from EVP Key , then encrypting our input and checking with cipher text. Dumped the EVP Key, Cipher text from the binary. Written a decrypting code with same api calls (as we have

Alles CTF 2020 Writeups

[*]-challenges     [+] (Rev - 137 pts) Flag Service Revolution     [+] (Rev - 113 pts) prehistoric mario Our Team Invaders ended up at 21th position in `Alles CTF - 2020` conducted by ` Alles team `. The Reverse challs are interesting First one is Nintendo GameCube file, second one is a Apk game [Rev] Flag Service Revolution Given a boot.dol file, a Nintendo GameCube file. Opened it with the dolphin-emu. Then searched how we can disassemble the .dol files and found this used ghidra This is a stripped and statically linked binary, it's hard to trace the functions. Searched for strings appearing on app -> `Cross References` - `main function FUN_8003d4c4 `. The decompiled code of ghidra is too messy with the stripped func names, var names. An