01 Feb 2016 @ 7:29 PM 

Given file is x64 ELF binary. Opened it up in IDA and code looks pretty straight forward.
If you have HexRays 64, things are pretty easy.
decompiledCode accepts couple of numbers as input, XORs them together, initiates srand() with the final value and creates 30 rand() values. Rand values are converted into strings and calculates MD5 of them and compares with a hardcoded hash value “5eba99aff105c9ff6a1a913e343fec67”.

Now this is a pretty straight forward bruteforce.

#include <openssl/md5.h>
#include <stdio.h>

int main()
{
	MD5_CTX ctx;
	unsigned char out[MD5_DIGEST_LENGTH];
	int n=0;
	char hash[128] = {0};
	int i = 1;
	int sum = 0;
	int temp;
	int seed;
	int count;
	int rnd;
	char ssra[128] = {0};
	while (1)
	{		
		if (i > 0xffff)
			break;
		i++;
		temp = i;
		sum = 0;
		while (temp)
		{
			sum++;
			temp &= (temp - 1);
		}

		if (sum == 10)
		{
			seed = i;
			srand(seed);
			MD5_Init(&ctx);
			for(count=0;count<30;count++)
			{
				rnd = rand() % 1000;
				sprintf(ssra, "%d", (unsigned int)rnd);
				rnd = strlen(ssra);
				MD5_Update(&ctx, ssra, rnd);
			}

			MD5_Final(out, &ctx);
			for(n=0; n<MD5_DIGEST_LENGTH; n++)
			{
				sprintf(&(hash[2*n]), "%02x", out[n]);
			}
			if ( strcmp(hash, "5eba99aff105c9ff6a1a913e343fec67") == 0 )
			{
				printf("Got: %d\n", i);
			}
		}
	}
	
	return 0;
}


dan@ubuntu:~/nullc$ ./zorro_bin
Welcome to Pub Zorro!!
Straight to the point. How many drinks you want?1
OK. I need details of all the drinks. Give me 1 drink ids:59306

You choose right mix and here is your reward: The flag is nullcon{nu11c0n_s4yz_x0r1n6_1s_4m4z1ng}

Posted By: Dan
Last Edit: 01 Feb 2016 @ 07:29 PM

EmailPermalink
Tags
Categories: CTF, HackIM2016


 

Responses to this post » (None)

 
Post a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


 Last 50 Posts
Change Theme...
  • Users » 1
  • Posts/Pages » 19
  • Comments » 41
Change Theme...
  • VoidVoid « Default
  • LifeLife
  • EarthEarth
  • WindWind
  • WaterWater
  • FireFire
  • LightLight

About



    No Child Pages.