Event | Points | Solves | Categories | Task ID |
SHA2017 CTF | 100 | 331 | Binary | 4421 |
Eindbazen team member asby has by far been putting the most energy and time in creating the SHA2017 CTF. To honor his dedication and all his effort we created this challenge as an ode to him.
You can choose to reverse engineer this challenge or you can “asby” it. Good luck with the option you choose.
asby.tgz 7422948a4034252d45cee02753b3d13b
We download and extract the provided archive file. Looks like we are dealing with a Windows executable:
We start our Win7 VM and execute the program:
Interesting, apparently we have some kind of oracle that we can query to check whether our flag is correct or not. It even tells us up to which character our flag is correct so it should be trivial to brute-force the flag out of the program.
We run Python 2.7 using the cygwin
utility under Windows 7 to automate the flag extraction. The asby executable does not terminate after a wrong flag was entered, instead the user is prompted again to input a flag. We therefore execute the program and set the stdout
pipe to non-blocking. Now we are able to input a flag, read the response and input another flag. We also know that a wrong character will cause the program to output WRONG!
, which we can use to check whether or not we guessed the character correctly. We know that the flags are md5 digests and can therefore set our alphabet to 0123456789abcdef
. Lastly, we can already skip the first 5 characters as they are always flag{
.
The flag is: flag{024baa8ac03ef22fdde61c0f11069f2f}