IJCTF 2021

Sanity [100 pts] - Reverse Engineering

Description

Just testing your sanity

Solution

This problem actually drove me insane at first. Like anyone else I submitted the flag. Then again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again, and again. Then bam my dumb ass realized the variable key exists and that can't be nothing right.

Key = 00 00 00 00 00 00 0a 06 18 2f 08 0c 3b 2c 0f 01 1d 2b 1f 3e 0f 004 3a 05 04 2d 39 06 06 00 10 08 05 01 11 4c 00 00 00 00 Flag = IJCTF{simple_sanity_check_for_babies}

Code (Pay attention to line 26)

undefined8 main(void) {
  undefined *__s2;
  int iVar1;
  ulong uVar2;
  size_t sVar3;
  ulong uVar4;
  size_t asStack192 [3];
  undefined local_a8 [103];
  byte local_41;
  undefined *local_40;
  long local_38;
  
  asStack192[0] = 0x10118c;
  asStack192[1] = strlen(flag);
  local_38 = asStack192[1] - 1;
  asStack192[2] = 0;
  uVar2 = (asStack192[1] + 0xf) / 0x10;
  local_40 = (undefined *)(asStack192[1] + uVar2 * 0x1ffffffffffffffe);
  int local_2c = 0;
  while( true ) {
    uVar4 = SEXT48(local_2c);
    asStack192[uVar2 * 0x1ffffffffffffffe] = 0x101238;
    sVar3 = strlen(flag,*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
    if (sVar3 <= uVar4) break;
    local_41 = key[local_2c] ^ flag[local_2c];
    local_40[local_2c] = key[local_2c] ^ flag[local_2c];
    local_2c = local_2c + 1;
  }
  asStack192[uVar2 * 0x1ffffffffffffffe] = 0x101249;
  puts("Whats the flag?",*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
  asStack192[uVar2 * 0x1ffffffffffffffe] = 0x101264;
  __isoc99_scanf(&DAT_00102066,local_a8);
  __s2 = local_40;
  asStack192[uVar2 * 0x1ffffffffffffffe] = 0x10127a;
  iVar1 = strcmp(local_a8,__s2,*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
  if (iVar1 == 0) {
    asStack192[uVar2 * 0x1ffffffffffffffe] = 0x10128a;
    puts("Correct!",*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
  }
  else {
    asStack192[uVar2 * 0x1ffffffffffffffe] = 0x101298;
    puts("Wrong!",*(undefined *)(asStack192 + uVar2 * 0x1ffffffffffffffe));
  }
  return 0;
}

Line 26 was my key that we would xor the two and my code to do this was quite simple

key = "00 00 00 00 00 00 0a 06 18 2f 08 0c 3b 2c 0f 01 1d 2b 1f 3e 0f 004 3a 05 04 2d 39 06 06 00 10 08 05 01 11 4c 00 00 00 00".split(" ")
flag = "IJCTF{simple_sanity_check_for_babies}"
new_flag = ""
for i in range(0, len(flag)):
    tmp = ord(flag[i]) ^ int(key[i],16)
    new_flag += chr(tmp)
print(new_flag)

Flag: IJCTF{you_did_not_fall_for_it_right?}

Link to Solutions

I did not write them but most are not posted on CTF time so decided to add the links for future reference.

https://github.com/1GN1tE/CTF_Writeups/tree/main/Writeups/IJCTFgithub.com

writeUps/IJCTF2021 at master · Pycatchown/writeUpsGitHub

write-ups/IJCTF.2021/pwn at main · nobodyisnobody/write-upsGitHub

IJCTF 2021Utaha's CTF Note

​