tl;dr

• Extract higher bits of secret using input manipulation
• Extract lower bits of secret using the highers bits and input manipulation

A brief write-up detailing solutions of Reversing Challenges from InCTF Internationals 2020

A brief write-up of the intended solution of P1ayground challenge from InCTF Internationals 2020

tl;dr

• Challenge is based on function hooking at runtime.
• On reversing you will find 4 functions at the same address but executing different code(basically hooked at runtime).
• Jump inside each function, reverse the algorithms to pass the checks.
• Ignore the FAKE flag check.

tl;dr

• Passing corrupted ciphertext to get the symmetric key leak
• Fastbin link corruption
• Exploiting double free and UAF in the heap

tl;dr

• Use format String to get into secret service.
• Get libc leaks by overwriting mapped bit of a free chunk.
• Overwrite the Thread Local Block , thus overwriting canary to get buffer overflow.

tl;dr

• Extract keylogger script from the memory dump.
• Extract the master key from the packet capture.
• Reverse the script to get the flag.

tl;dr

• Extract Invalid Login timestamp from the windows registry.
• Extract the timestamp of when a JPEG was opened.
• Extract Google Chrome’s last run time which was pinned to taskbar from windows registry.

tl;dr

• Extract process last run time from the windows registry.
• Extract process run count from the windows registry.

tl;dr

• Decrypt the encrypted GPG file found in Outlook Express with the private key stored on the device.
• Decrypt the firefox saved passwords and log in to the website that the terrorist used.

tl;dr

1. Find the co-relation between variables in the LFSR equation
   1. d == out (75%)
   2. a == b (75%)
   3. c^d == out (75%)
   4. (d!= out) => (c==1) always
2. Solve for the seed using 2000 output bits
3. Try out which among the four possible combinations decrypt the flag