Sharifctf 2016

Posted: 7 Feb 2016 by Codehead
3 minute read

I hadn’t played SharifCTF before, but these guys put on a good competition.

Unfortunately I had other commitments, but I managed to spend a little bit of time looking at some of the challenges.

dMd was a reverse engineering challenge worth 50 points. A binary was provided with the description:

Flag is : The valid input.

file told me that the binary was an x86-64 ELF, so I threw it at my Fedora install and pulled up the disassembly in IDA.

Categories: CTF Hacking

Tagged as: #CTF #SharifCTF 2016 #Reverse Engineering

Posted: 7 Feb 2016 by Codehead
2 minute read

SRM was another 50 point reverse engineering challenge at SharifCTF 2016. A binary was provided with the following description:

The flag is : The valid serial number.

file reported that the binary was a PE32 for Windows. So I fired up a Win7 VM and pulled up the disassembly in IDA.

Running the binary resulted in a dialog asking for an email address and a serial number.

RM Initial Screen

We have hidden a message in png file using jar file. Flag is hidden message. Flag is in this format:

SharifCTF{flag}

Extracting the supplied tar.gz archive provided a PNG image:

AsianCheetah

Also included was Hide.jar, the Java code used to embed the flag in the image.