USIU CTF 2022 BLOCKCHAIN CATEGORY

This CTF was hosted by USIU on 2nd of March this year , it had 3 categories mainly; cryptography , blockchain , and steganography. This is a writeup of how I went about to solve the Blockchain category which had a total of 4 challenges. Me and my team [urchinsec](https://twitter.com/urchinsec_) got 2nd position on this one 😃 ![](https://i.imgur.com/qCnfTuW.png) ### WannaCry One - Address ![](https://i.imgur.com/Z1OkvtD.png) Some OSINT required for this one , I went to my browser and searched `Which address has transacted the most in WannaCry?` and I got something accurate ![](https://i.imgur.com/fPV1WA0.png) I opened the blockchain link to check on more information on the address, but the flag was the address : ``` FLAG : Aspire{12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw} ``` ### WannaCry Two - Exit ![](https://i.imgur.com/Om94PHX.png) Tasked with finding the address which was sent 9.03851401 BTC on the year 2017 on August. Using the blockchain link I found while looking for address, I then start going through the previous transactions , and I was able to get the address that received the BTC transacted , like DAMN all that money 🥲 ![](https://i.imgur.com/rvBwpgM.png) ``` FLAG : Aspire{16dfTuSx4f78eQ81PzTgBtBDyZ7QhNZ8Vy} ``` ### Ether One - Publisher ![](https://i.imgur.com/iV890nm.png) This was kinda easy , Given the address , we were to find the flag that was published at some point* but notice that it's a smart contract deployed on ethereum rinkeby testnet, So first thing I do is visit [Rinkeby Testnet Explorer](https://rinkeby.etherscan.io/) ![](https://i.imgur.com/up9juDc.png) I was able to get a list of transactions that were done , and I tried looking at each one of the transactions done and I found something interesting at each one of them ![](https://i.imgur.com/mdpZkB8.png) I change the last value of data from hex to text and I get `Neither me too` ![](https://i.imgur.com/O7N7Hsg.png) I kept switching each transaction topic , till I got a different text value , which was the flag when enclosed in `Aspire{}` ![](https://i.imgur.com/KMBQHic.png) ``` Flag : Aspire{Block Chain Rocks} ``` ### Ether Two - Function ![](https://i.imgur.com/HdueXNa.png) Given an address and we are told that it has a function that returns the flag , interesting ! I decide to search the address on the rinkeby testnet explorer and I got just a history of when the contract is created , so i decided to check on contracts and decompyled it to bytecode since the hint says there is a function which returns the flag ![](https://i.imgur.com/1hHUuoj.png) ```solidity= # Palkeoramix decompiler. def storage: flag is uint256 at storage 0 def flag() payable: return flag # # Regular functions # def _fallback() payable: # default function revert ``` `flag is uint256 at storage 0` Okay now I was a bit confused at first then I decided to open the transaction and check the input data , I converted the input data from hex to UTF-8 and WOW I get the flag 😐 ![](https://i.imgur.com/0XB5npE.png) ``` FLAG : Aspire{Solidity you gotta love it} ``` --- I hope this was / is resourceful :+1: , check me on twitter at [tahaafarooq](https://twitter.com/tahaafarooq) ![](https://media.giphy.com/media/3pZ9KPT56sy3xd375H/giphy.gif)