I hadn’t played SharifCTF before, but these guys put on a good competition.

Unfortunately I had other commitments, but I managed to spend a little bit of time looking at some of the challenges.

dMd was a reverse engineering challenge worth 50 points. A binary was provided with the description:

Flag is : The valid input.

file told me that the binary was an x86-64 ELF, so I threw it at my Fedora install and pulled up the disassembly in IDA.

SRM was another 50 point reverse engineering challenge at SharifCTF 2016. A binary was provided with the following description:

The flag is : The valid serial number.

file reported that the binary was a PE32 for Windows. So I fired up a Win7 VM and pulled up the disassembly in IDA.

Running the binary resulted in a dialog asking for an email address and a serial number.

A nice little Stego challenge from SharifCTF

Challenge:

We have hidden a message in png file using jar file. Flag is hidden message. Flag is in this format:

SharifCTF{flag}

Files:

cheetah.tar.gz

Extracting the supplied tar.gz archive provided a PNG image:

Also included was Hide.jar, the Java code used to embed the flag in the image.

After ignoring the project for many years, I still get messages from people who use and enjoy Codehead’s Bitmap Font Generator. It’s great to hear the feedback and I’m glad to see that the tool is still useful. However, I don’t have time to update the code and add the features that people want.

It seems that rather than letting the code fester and fade on my HDD, it would be better to set it free and allow people to pull it apart, laugh at the warty bits and hack their own features into it.

So I’ve pushed the code to GitHub under the BSD 3-clause licence.

Enjoy! (and please don’t laugh at my code too much)

Due to work commitments, I didn’t get to spend too much time on this CTF which was a shame because they put out some nice challenges. Here are the ones I did get to have a crack at:

A faithful replica of a typical 90s webpage, complete with a searing neon colour scheme and Netscape buttons. Browsing the site, I noticed from the URL that the pages were being served through the main index.php script with a ‘page’ parameter. Lets change that page parameter to something we’d like to see: Ping! 20 points.

Get the solution to today’s and tomorrow’s Wordle puzzle.   An OpenGL battletech environment.   A tool for creating bitmapped fonts for use in graphical applications.   A tool for testing out OpenGL blending and alpha functions.   A stupid hack to make TotemBall (XBox 360 Live Arcade game) a bit easier.

One of the big problems OpenGL runs into after you’ve got your first few polygons flying around the screen is the lack of a standard method for generating text within the API. A few techniques have evolved to tackle the problem: Pre-generated string textures The simplest and fastest method, a texture is pre-built for each piece of text that needs to be displayed. This is quick to render at run time, but isn’t very flexible or efficient.

Recently my Ubuntu Apache server crashed during a busy period on the site, one of the last events logged was:

[error] server reached MaxClients setting, consider raising the MaxClients setting.

The default for MaxClients in apache2.conf is 100. The log suggested raising this value, many sites I Googled up suggested raising the value too. There’s also a fair amount of confusion about the correct setting for StartServers, MinSpareServers and MaxSpareServers values.