{"id":1696,"date":"2024-03-08T17:28:42","date_gmt":"2024-03-08T08:28:42","guid":{"rendered":"https:\/\/h4ck.kr\/?p=1696"},"modified":"2024-05-20T13:27:22","modified_gmt":"2024-05-20T04:27:22","slug":"gcc-ctf-2024-reverse-ransom","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=1696","title":{"rendered":"GCC CTF 2024 &#8211; reverse\/rAnSoM"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"501\" height=\"571\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-5.png\" alt=\"\" class=\"wp-image-1697\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-5.png 501w, https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-5-263x300.png 263w\" sizes=\"auto, (max-width: 501px) 100vw, 501px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Description<\/h2>\n\n\n\n<p>Jessie recently acquired new computers and set them up with Debian, ensuring to incorporate the most current security enhancements. Nevertheless, two weeks following this setup, she discovers that her secrets file has been encrypted.<\/p>\n\n\n\n<p>Find the content of the secrets file!<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Decompiled-src<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">start<\/h3>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"c\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">void __noreturn start()\n{\n  _BYTE *v0; \/\/ esi\n  int v1; \/\/ ecx\n\n  __asm { int     80h; LINUX - sys_open }\n  secret_fd = 5;\n  __asm\n  {\n    int     80h; LINUX - sys_read\n    int     80h; LINUX - sys_close\n  }\n  v0 = &amp;secret_content;\n  __asm { int     80h; LINUX - sys_newuname }\n  v1 = 0;\n  while ( *v0 )\n  {\n    *v0 = (edata.nodename[v1] ^ *v0) + 1;\n    ++v0;\n    if ( ++v1 >= 6 )\n      v1 = 0;\n  }\n  __asm { int     80h; LINUX - sys_creat }\n  enc_fd = 8;\n  __asm\n  {\n    int     80h; LINUX - sys_write\n    int     80h; LINUX - sys_close\n    int     80h; LINUX - sys_exit\n  }\n}<\/pre>\n<\/div>\n<\/div>\n\n\n\n<p>sys_newuname \uc2dc\uc2a4\ud15c \ucf5c\uc744 \uc774\uc6a9\ud558\uc5ec \uc0ac\uc6a9\uc790\uba85\uc744 \uac00\uc838\uc628\ub2e4.<br>6\ubc14\uc774\ud2b8\uc529 \ubc18\ubcf5\ud574\uc11c 18\ubc14\uc774\ud2b8\uc758 _edata\uc5d0 \uc800\uc7a5\ub41c\ub2e4.<br>\ubb38\uc81c \uc124\uba85\uc744 \ubcf4\uba74 \uc0ac\uc6a9\uc790\uba85\uc774 &#8220;debian&#8221;\uc774\uae30 \ub54c\ubb38\uc5d0 _edata\ub294 \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"python\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">xor_box = \\\n[0x64, 0x65, 0x62, 0x69, 0x61, 0x6e] * 3<\/pre>\n<\/div>\n<\/div>\n\n\n\n<p>0x64 = d,<br>0x65 = e,<br>0x62 = b,<br>0x69 = i,<br>0x61 = a,<br>0x6e = n<\/p>\n\n\n\n<p>18\ubc14\uc774\ud2b8\uc758 \uc6d0\ubb38\uc778 secrets.txt.\ub97c xor_box\uc758 1\ubc14\uc774\ud2b8\uc529 \uc21c\ud68c\ud654\uba74\uc11c XOR \uc5f0\uc0b0\ud558\uace0 1\uc744 \ub354\ud574\uc11c<br>write \uc2dc\uc2a4\ud15c \ucf5c\uc744 \uc774\uc6a9\ud574\uc11c secrets.txt.enc \uc554\ud638\ud654 \ud30c\uc77c\uc744 \uc800\uc7a5\ud55c\ub2e4.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">solve.py<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"python\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">with open(\"secrets.txt.enc\", 'rb') as f:\n    enc = f.read()\n\nxor_box = \\\n[0x64, 0x65, 0x62, 0x69, 0x61, 0x6e] * 3\n\nfor i in range(18):\n    print(chr((enc[i] - 1) ^ xor_box[i]), end='')<\/pre>\n<\/div>\n<\/div>\n\n\n\n<p>\uc554\ud638\ud654\ub41c secrest.txt.enc \ud30c\uc77c \ub0b4\uc6a9\uc73c\ub85c\ubd80\ud130 1\ubc14\uc774\ud2b8\uc529 1\uc744 \ube7c\uace0 XOR \uc5f0\uc0b0\uc744 \ud558\uba74 \uc6d0\ubb38 \ub370\uc774\ud130\ub97c \uad6c\ud560 \uc218 \uc788\ub2e4.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Result<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"raw\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">seo@seo:~\/Documents\/gcc_ctf_2024\/ransom$ python3 solve.py\nGCC{S1MPL3_0BFU!!}<\/pre>\n<\/div>\n<\/div>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"281\" height=\"189\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2024\/03\/image-6.png\" alt=\"\" class=\"wp-image-1698\"\/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Description Jessie recently acquired new computers and set them up with Debian, ensuring to incorporate the most current security enhancements. Nevertheless, two weeks following this setup, she discovers that her secrets file has been encrypted. Find the content of the secrets file! Decompiled-src start sys_newuname \uc2dc\uc2a4\ud15c \ucf5c\uc744 \uc774\uc6a9\ud558\uc5ec \uc0ac\uc6a9\uc790\uba85\uc744 \uac00\uc838\uc628\ub2e4.6\ubc14\uc774\ud2b8\uc529 \ubc18\ubcf5\ud574\uc11c 18\ubc14\uc774\ud2b8\uc758 _edata\uc5d0 \uc800\uc7a5\ub41c\ub2e4.\ubb38\uc81c \uc124\uba85\uc744&hellip;&nbsp;<a href=\"https:\/\/h4ck.kr\/?p=1696\" rel=\"bookmark\">\ub354 \ubcf4\uae30 &raquo;<span class=\"screen-reader-text\">GCC CTF 2024 &#8211; reverse\/rAnSoM<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[19],"tags":[24],"class_list":["post-1696","post","type-post","status-publish","format-standard","hentry","category-ctf-private","tag-reversing"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/1696","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1696"}],"version-history":[{"count":1,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/1696\/revisions"}],"predecessor-version":[{"id":1699,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/1696\/revisions\/1699"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1696"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1696"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1696"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}