HITB Amsterdam '14 CTF bin100 write-up

[c3c]

Hey guys,

Here's a write-up on the binary 100 challenge from the HITB CTF in Amsterdam by team hDs.
http://cedricvb.be/post/reverse-engineering-the-hitb-binary-100-ctf-challenge/

Cheers /c

[pawlos]

@c3c Thanks. I see there is no folder for HITB yet. Do you know what other tasks was there?

[c3c]

There were six categories as far as I can remember (Web, Crypto, Binary, Network, Special, Misc).
I only can remember a few of them

• web100: a website made with Flask with debugging turned on. the debugger gives you a python shell which allows for arbitrary code execution
• web200: a website with heavily obfuscated JavaScript
• bin100: this one, a binary that prints lyrics, and at the end of the iterations the key
• bin200: a binary compiled for the SuperH architecture which allows to calculate an authentication code for a message (accalc). you get a code and have to find out the corresponding message
• crypto100: you have to look at a signature scheme of a fictitious company. turns out they simply put private key bits into the signature depending on what message you're signing. the key is to generate enough messages+signatures to get the full private key out. after that you can forge your own message signatures
• net100: you get a pcap dump which contains an authentication code somehow. you have to find out what it was. (something with NTP)

There were also other assignments of which I cannot remember what category they were in:

• a latin lorem ipsum text, which contains a secret code. Split on the correct markers (double spaces), and the first characters of each line give you the message (or something like that, I didn't do this one)
• picking a lock
• making a wiretap without the link going down

[pawlos]

@c3c Added d2948d9
As far as for other tasks I will try to gather some more info and add them too (when time permits :])

[abpolym]

@c3c @pawlos I've contacted the HITB Team/CTF organisers. If I get a response, I'll add the missing tasks.