--- layout: post title: "DeconstruCT.F 2021 | REV | Scraps" date: 2021-10-03 13:37:00 +0700 tags: [ctf, writeup] --- <figure> <img src="https://cdn.discordapp.com/attachments/874145963407720513/894206917239513118/Group.png"> </figure> #### REV | Scraps (150 points | 100 solves) Challenge Description: ``` One of our coders have locked down an application that is scheduled to be released tommorow. Can you unlock the application as soon as possible. ``` **Solution:** Given an ELF 64 Binary files which can be reversed through static analysis from IDA Decompiler.<br> ```asm endbr64 push rbp mov rbp, rsp sub rsp, 40h mov rax, fs:28h mov [rbp-8], rax xor eax, eax mov rax, 564233656A4E485Ah mov rdx, 5139314D4D4A6A4Dh mov [rbp-30h], rax mov [rbp-28h], rdx mov rax, 394A7A4D6A4E5461h mov [rbp-20h], rax mov byte ptr [rbp-18h], 0 lea rax, [rbp-30h] mov rdi, rax ``` The flag is a stack strings that are assigned to RAX and RDX registers along in the address of certain RBP Offset. **Solver:** ```python import binascii import base64 def hexstack2ascii(s): return binascii.unhexlify(s)[::-1] arr = ["564233656A4E485A","5139314D4D4A6A4D","394A7A4D6A4E5461"] for stc in arr: print(base64.b64decode(hexstack2ascii(stc)).decode(),end="") ``` FLAG : **dsc{pU22L3_Pi3c32}**
Last changed by  
Sekte Gadeng
222

Read more

DeconstruCT.F 2021 | Forensic | Mike

Forensic | Mike (433 points | 11 solves) Challenge Description: Julia has come to you to ask for help. After spending too much time on his computer, Mike has gone insane, but no one knows why. Can you figure it out? Julia would really appreciate it. Here's how his desktop looked like. Weird how his system time doesn't change.. Wrap the flag that you find with dsc{<flag>}! We're given a file (desktop_wallpaper.png): Solution:

10/4/2021
DeconstruCT.F 2021 | OSINT | Dora the Explorer

OSINT | Dora the Explorer (474 points | 18 solves) Challenge Description: Hi, I am Dora the Explorer and I love exploring as you know ;) (after all 1+1=0), and I recently found this place which has an a very cool looking street art to it. Plus they posted about it on social media many a times. You all should see this too sometime!!! We're given a file (osint.jpg): Solution: View the given file and check the photo. If we look at the metadata there are locations that we can find.

10/4/2021
DeconstruCT.F 2021 | OSINT | AHF

OSINT | AHF (429 points | 11 solves) Challenge Description: We've been listening and we've heard this group can write decent code (ahem ahem), but what have they been listening to? We're given a file (team.pdf), which contains: Solution: The file provided is nothing strange, so we do a search for they team name (Team AtomHeartFather)

10/4/2021
DeconstruCT.F 2021 | OSINT | Flags...and Flags

OSINT | Flags...and Flags (250 points | 5 solves) Challenge Description: The Co-Founder Of Spike music loves flags, and he loves to hide them in plain sight. Find it! Solution: Do a search and find the account in instagram. We get two account,that is Neil Kavalakkat account and Rithik Jain account, who became the co-founder of spike. But there is nothing interesting in Neil Kavalakkat account, so after we realized in Rithik Jain's latest photo there is a qr code in his hand. Just decode the qr code and get the flag

10/4/2021
Read more from Sekte Gadeng
Published on HackMD