Here you are given an unknown data packet the unknown file linked below. Can you figure out what it is and extract the flag?
Provide the flag in the answer box below. The flag has the form flagsometext where sometext consists of two or more English words separated by , for example, flaghelloworld. Note that you need to include the tag flag in your answer, so if the flag you obtained is flaghelloworld then enter exactly flaghelloworld in the answer box.
Restriction: There are no restrictions on the allowed methods to solve this challenge.
Challenge file: unknown
The flag is encrypted in the ELF binary linked below. The password to unlock the decryption key was lost, so you would have to find a way to bypass the password authentication to unlock the flag.
Note that some parts of the binary are linked to the decryption key, so modifying those parts may corrupt the key. Instead, inject a new code section and perform your patch there.
Provide the flag in the answer box below. The flag has the form flagsometext where sometext consists of two or more English words separated by, for example, flaghelloworld. Note that you need to include the tag flag in your answer, so if the flag you obtained is flaghelloworld then enter exactly flaghelloworld in the answer box.
Restriction: You must use code injection and entry point modification to solve this challenge. You may use gb or other debuggers to investigate the binarys runtime behaviour but you are not allowed to use a debugger to extract the flag; some antidebugging features are present in the binary to discourage this.
Challenge file: reentry
reentry writeup
Please provide details of how you obtained the solution to the previous question reentry. Please make sure you include the assembly instructions that you used to generate the injected code section.
The flag is masked in the ELF binary linked below. Can you find a way to unmask it?
Some parts of the binary are linked to the decryption key to unmask the flag, so modifying those parts may corrupt the key. But GOT entries are not protected; use that to your advantage.
Provide the flag in the answer box below. The flag has the form flagsometext where sometext consists of two or more English words separated by , for example, flaghelloworld. Note that you need to include the tag flag in your answer, so if the flag you obtained is flaghelloworld then enter exactly flaghelloworld in the answer box.
Restriction: You must use code injection and GOT modification to solve this challenge.
You may use gdb or other debuggers to investigate the binarys runtime behaviour but you are not allowed to use a debugger to extract the flag; some antidebugging features are present in the binary to discourage this.
Challenge file: gotmod
gotmod writeup
Please provide details of how you obtained the solution to the previous question gotmod. Please make sure you include the assembly instructions that you used to generate the injected code section.
Guess the magic word and the magic number to capture the flag!
Provide the flag in the answer box below. The flag has the form flagsometext where sometext consists of two or more English words separated by , for example, flaghelloworld. Note that you need to include the tag flag in your answer, so if the flag you obtained is flaghelloworld then enter exactly flaghelloworld in the answer box.
Restriction: There are no restrictions on the allowed methods to solve this challenge.
Hint: This challenge was designed with the goal of encouraging a staticanalysisbased solution in mind, so there are some basic defences against debugging e.g. using gdb that would stop a naive attempt to debug it. But you are free to explore whatever solutions that work for you. If you use a decompiler like Ghidra, beware of potential overlapping code blocks, and make sure you examine the disassembly output as well, rather than relying solely on Ghidras decompiler. It is also possible to use code injection or binary editing to modify some parts of the code, but be careful not to corrupt the binary too much as the flag may not be printed correctly as a result. Tracing where the user input goes to in the binary may help you deobfuscate the binary. Challenge file:
guessme write up
Explain the methods you used to find the flag in the previous question guessme.