An Utsusemi of Keramas

Tales of security research, penetration testing, red teaming, and general hacking shenanigans.

10 December 2017

SECCON 2017 CTF

by Keramas

CTF:
SECCON 2017


Challenge:
Run Me!

Category:
Programming



If you immediately recognize this script as something that is familiar to you, you are right!
It's a script for getting the nth number of the Fibonacci sequence (with some other stuff for our flag). One problem though--the number we need for the flag is SUPER big and it would take waaaay too long for your computer to finish running this.

While it's possible to optimize with memoize perhaps, luckily there are precomputed numbers already available on the net.



So here is the number we need. Looking at the script though we only need the first 32 digits, so I sloppily copied a bunch of numbers, and then threw it into a script to get the flag.




====================================

Challenge:
Putchar Music

Category:
Programming



Using the challenge title as a hint, I was mind-blown to discover Algorithmic Music, which takes single-line C programs to generate cool tunes!

The first step is to compile the code, and then use that file along with Sox to generate a .wav file that we can listen to.



Opening the wav file, it plays the iconic Star Wars theme song, which allows us to construct our flag:
SECCON{STAR_WARS}

====================================

Challenge:
JPEG file

Category:
binary



This challenge gives us a broken JPEG that does not display a proper image, and it's our job to fix it to reveal the flag.

After playing detective in hexedit, I couldn't find anything wrong with the header, but using jpeginfo it guided me to the spot in the hex that needed to be edited.



Conducting some tests by changing the 0xFC value I found in hexedit, which is right where all the actual image data begins, I confirmed that it was indeed the location it was indicating, and turning this into 0x00 allowed the image to display properly.



tags: CTF challenge