TAMUctf - RE (Band Aid)

This was a great CTF competition because it had a lot of great beginner challenges. I loved this challenge, even though I did some stupid things that made it take a lot longer than it should.

The Challenge

TAMUctf Challenge Window

I download the executable onto my Windows machine and place it into my shared folder with Kali.

So first, let’s run it.

root@kali:~/Documents/CTF/TAMU# ./e0dd79b3d9b05e80 
 this code needs a band aid

Okay, not a lot to go off of. I wanted to get an idea of what’s in the program and how it flows, so next up is disassembling it on Ida. I let it detect the file type (x64 ELF), scan the file, and direct me to the main function. I zoom out to see the full view.

TAMUctf Ida View 1

So we can see that we have a main fuction that prints the string “ this code needs a band aid “, performs a comparison between the value of the register EBP+constant (which is loaded with 0xD6 + 0x1 = 0xD7) and 0x124B, and then calls function f2(void) if EBP+constant is greater than 0x124B, or jumps to the exits.

Clearly, 0xD7 is not greater than 0x124B, so we have to rewrite the assembly code so that we don’t take the jump by replacing 0x124B with a number smaller than 0xD7. I chose 0xD6.

You can patch a program in several ways. You can do this by going to Edit -> Patch Program -> Change byte… I found the 4B 12 (since it was in Little Endian format), and replaced it with D6 00

TAMUctf Ida View 2

Then you can commit your changes at Edit -> Patch Program -> Apply patches to input file.

Let’s run it!

root@kali:~/Documents/CTF/TAMU# ./e0dd79b3d9b05e80
 this code needs a band aid 
result 
L/R8ejlvVP4+JvgvsSI+JaLn6YCArf5fTAIfUwMNCrJ8HkRkQLEB5RH5COF1+9mSQoGY8wG23AtDyM0OEgm+zFCTibFOgieixjrv5OHAIB+akOahMWoyt/qAGnK9ZsLsv20apyzlH0llafbfQ0MkurU/c8O3Xj3m0VL1GOjHk14=
LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlDV3dJQkFBS0JnUUNjVDRaalluR2lNWXRFZDcrL1l0RmdHRTNlZ1RrV0Jpd2hXQ240MUxQU1lzdXErNE9RCnBuQk1ZUjVZdExiOTRXTzdpNnZHYU9PTnNzSE5kWUFkblJETThpTFN2L3JUMHVPdGdTd2RaTmlMQzduNmdILzgKOFJqRlFFTGptSldRemdzWDhDVXFkWm80SnJNZkJTbXd3RFlBNUJtMGI3Nmd6bXFoK3lMWGErdW5PUUlEQVFBQgpBb0dBYWNhUy9adzNvM2Q5Yy9iSkpqMDd6SmlGMFdXRytQVnlWWm93eFBkRFBNS29hbXRMYTg2RnZkb1d6QloyCm9yVXNaVlN1Q0ZVZ2I5b2d0ZVdtcmVPRTR1d0FQK0RGKzJpU1h0MlZxTEdJZ29ieDZib0YrTktjMXNvUUFEaFQKNkw2emZNSzFNVzZwSDVYUGNVNUg4QU1TWUREYVFxeEVtWEp0azg4OUxJTVpVUUVDUVFDNDRYVjRqdEwwcjFkcQpjY1ByTlIrTEp4UjExMkJPMEhXLzduRVEwQUtUbUhIZ2EvbmV1ejMycHF1TVNRM2xodXRTNW5kanNzdmJ3dHJuCjNWdVhKRUJaQWtFQTJIQ1E0bE12MHI5Y3B2b2lCTVR0cDlYS2dIeU5Vbmd3dE1SODZ6VE0vK1dudlhTWjlDZk8KWXhyMlVvd2daMTlPNXpCZDFrVGRZQnNMbFVoL2syekI0UUpBWWtMeVBIRXNqZi9qWmgreEVZSGFrZ3JqUlA2RApvV0FLTlVoMXI0bmUxTE5oVXZZUWgrRGN2Z3MzZ2dnUjZyd2F0cVRuTDRZSDgzVk5BNDhTN3ZIRmdRSkFkeFZvCkFiNDNQOExkM1ZrZVFuVi9OS3FpSWhObFJneXU3Nlp6L0kwdWhWVDc5M2NpQlgycFJrbmRZUW1NQXBRanUzdVgKQlg4YU5maHJaUlZnYStLWXdRSkFYY1RKemE3ODNFeVk1YmxTZWIvWlJGYzZjdnFERDlRSDRXRVQ1b000ZjFnWgprZlI3Ti9qcEc4b09sZkl5d2o1RStaaHJaSTlEY1RmQjVnQWlFRHFrQmc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==
LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FDY1Q0WmpZbkdpTVl0RWQ3Ky9ZdEZnR0UzZQpnVGtXQml3aFdDbjQxTFBTWXN1cSs0T1FwbkJNWVI1WXRMYjk0V083aTZ2R2FPT05zc0hOZFlBZG5SRE04aUxTCnYvclQwdU90Z1N3ZFpOaUxDN242Z0gvODhSakZRRUxqbUpXUXpnc1g4Q1VxZFpvNEpyTWZCU213d0RZQTVCbTAKYjc2Z3ptcWgreUxYYSt1bk9RSURBUUFCCi0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQ==

Those equal signs on the end definitely look like Base64 encoding. Let’s decrypt. The first string didn’t encrypt to anything but gibberish, but the next two were interesting.

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQCcT4ZjYnGiMYtEd7+/YtFgGE3egTkWBiwhWCn41LPSYsuq+4OQ
pnBMYR5YtLb94WO7i6vGaOONssHNdYAdnRDM8iLSv/rT0uOtgSwdZNiLC7n6gH/8
8RjFQELjmJWQzgsX8CUqdZo4JrMfBSmwwDYA5Bm0b76gzmqh+yLXa+unOQIDAQAB
AoGAacaS/Zw3o3d9c/bJJj07zJiF0WWG+PVyVZowxPdDPMKoamtLa86FvdoWzBZ2
orUsZVSuCFUgb9ogteWmreOE4uwAP+DF+2iSXt2VqLGIgobx6boF+NKc1soQADhT
6L6zfMK1MW6pH5XPcU5H8AMSYDDaQqxEmXJtk889LIMZUQECQQC44XV4jtL0r1dq
ccPrNR+LJxR112BO0HW/7nEQ0AKTmHHga/neuz32pquMSQ3lhutS5ndjssvbwtrn
3VuXJEBZAkEA2HCQ4lMv0r9cpvoiBMTtp9XKgHyNUngwtMR86zTM/+WnvXSZ9CfO
Yxr2UowgZ19O5zBd1kTdYBsLlUh/k2zB4QJAYkLyPHEsjf/jZh+xEYHakgrjRP6D
oWAKNUh1r4ne1LNhUvYQh+Dcvgs3gggR6rwatqTnL4YH83VNA48S7vHFgQJAdxVo
Ab43P8Ld3VkeQnV/NKqiIhNlRgyu76Zz/I0uhVT793ciBX2pRkndYQmMApQju3uX
BX8aNfhrZRVga+KYwQJAXcTJza783EyY5blSeb/ZRFc6cvqDD9QH4WET5oM4f1gZ
kfR7N/jpG8oOlfIywj5E+ZhrZI9DcTfB5gAiEDqkBg==
-----END RSA PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcT4ZjYnGiMYtEd7+/YtFgGE3e
gTkWBiwhWCn41LPSYsuq+4OQpnBMYR5YtLb94WO7i6vGaOONssHNdYAdnRDM8iLS 
v/rT0uOtgSwdZNiLC7n6gH/88RjFQELjmJWQzgsX8CUqdZo4JrMfBSmwwDYA5Bm0
b76gzmqh+yLXa+unOQIDAQAB
-----END PUBLIC KEY-----

We’re getting somewhere! Now cue me spending a day casually ignoring the first part of the cipher that didn’t translate and looking through the assembly code furiously to figure out what to use the RSA keys on. Sigh.

Anyway, it finally hits me that what I’m supposed to decrypt was staring me in the face this whole time. I save the result of the base64 decryption to a file named ‘ciphertext’, run it through the OpenSSL RSA decrypter, and I’m done…?

root@kali:~/Documents/CTF/TAMU# openssl rsautl -decrypt -inkey privatekey < encrypted > decrypted
RSA operation error
140471716147392:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error:../crypto/rsa/rsa_pk1.c:241:
140471716147392:error:04065072:rsa routines:rsa_ossl_private_decrypt:padding check failed:../crypto/rsa/rsa_ossl.c:487:

Cue me spending another half a day trying to figure out how to get the padding right. I’m learning guys, but the process is painful. I spend half a day looking through StackOverflow for someone’s solution for this error. Not once does it occur to me to just look at the man files. Never assume StackOverflow has answered everything, rookie mistake. At last it occurred to me that I should look up the manual page.

-pkcs, -oaep, -ssl, -raw
the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP, special padding used in SSL v2 backwards compatible handshakes, or no padding, respectively. For signatures, only -pkcs and -raw can be used.

Ah.

root@kali:~/Documents/CTF/TAMU# openssl rsautl -decrypt -inkey privatekey < encrypted > decrypted -raw
root@kali:~/Documents/CTF/TAMU# cat decrypted 
gigem{pirate_iter_v2_660c6b7aed3b905b}

Man pages are your friends.