# HW0 CTF writeup R11922138 CTF Account: eric070021 ### 1. Let's meet at class Thank R11922015 for hinting to me the title of the challenge implies how to attack(MITM)   I deploy meet in the middle attack on the hint. The key space will then reduce from 10^12 to 10^6 since I do this challenge after TA has released one key. Constructing a dictionary in which keys are the result of xor of key1 and key2 and values are a tuple of key1 and key2. Then, I match the xor of key3, key4, and key5 with the key of the dictionary. If matching, I get all five keys.   After acquiring all the keys, I decrypt the flag by multiplying the mod inverse of keys under p with enc. Then, cast the flag from long to bytes and I get the flag. Below is the screenshot of running my python script.  ### 2. Welcome   By observing the C code, I find the flag is in the global data area of the program. The program can read 100 bytes of a file and output it to standard input. With "seek_file" function, I can read the whole binary file and store it on my pc, and use the command "readelf" to read the flag.   First, use "open_file" to open chal. Second, use "read_file" to read 100 bytes to the buffer. Third, use "write_file" to dump the buffer to standard input. Last, use "seek_file" to move the pointer 100 bytes forward. Repeating the above procedure until reading the whole file. Run the below command to get the section header (chal_remote is chal in the server) ``` readelf -S chal_remote ``` Section header:  Dump the data section (25) ``` readelf -x 25 chal_remote ```  ### 3. Nine - revenge Thank R11922015 for hinting to me find the written language of this exe file   First I use PEiD to analyze the programming language of this exe file. PEid shows the file is written by C#.    Then, I use dnSpy, a tool that can decompile C# binary file, on the exe file. I find a function named flag() which produces the flag.    I copy the algorithm which calculates the flag and use a online C# compiler to run the algorithm and I successfully get the flag.