Write-Up for the “…—…” challenge from InCTF Internationals 2019

tl;dr

1. Alert signals encoded in morse transfered to the Mi-Band
2. Traverse through the packets and find the appropriate BLE handles of the encoded message
3. Decode the morse encoded message

tl;dr 2 element overflow in Array when jit compiled

tl;dr

• Decoding the strings found in TCP stream 0.
• Analysing and extracting data sent via different ports of TCP.
• Using character-wise caesar from the extracted data.
• Zip cracking

Intended solution of PRetty stroNG challenge from InCTF Internationals 2019

tl;dr

• Recover sample outputs from PRNG
• reverse wrapper function
• find seed from outputs
• get the flag

Intended solution of Wannavmbe challenge from InCTF Internationals 2019

tl;dr

• Challenge is a VM.
• Reverse Instruction types and implementation.
• Understand that it has a fucntion which takes the base64 of CWD (Current working directory).
• Find the corrcect directory where it needs to be placed.

Intended solution of waRSAw challenge from InCTF Internationals 2019

tl;dr variant of LSB Oracle Attack on unpadded RSA

tl;dr

• Chrome history analysis
• File recovery from the memory dump
• Raw analysis of email content
• Environment variables analysis
• RAR password cracking
• Corrupted file analysis

tl;dr

• Master File Table Analysis
• Deleted file data recovery

tl;dr

1. Analysis of memory dump using Volatility framework.
2. Using mac_contacts plugin to get relevant data.
3. Base64 decode to get flag.

Solved by: stuxn3t

tl;dr

• Exploit code for a vulnerability in Firefox, found by saelo and coinbase security.
• IonMonkey does not check for indexed elements on the current element’s prototypes, and only checks on ArrayPrototype. This leads to type-confusion after inlining Array.pop.
• We confuse a Uint32Array and a Uint8Array to get a overflow in an ArrayBuffer and proceed to convert this to arbitrary read-write and execute shellcode.