This CTF was hosted by USIU on 2nd of March this year , it had 3 categories mainly; cryptography , blockchain , and steganography. This is a writeup of how I went about to solve the Blockchain category which had a total of 4 challenges. Me and my team urchinsec got 2nd position on this one 😃

WannaCry One - Address

Some OSINT required for this one , I went to my browser and searched Which address has transacted the most in WannaCry? and I got something accurate

I opened the blockchain link to check on more information on the address, but the flag was the address :

FLAG : Aspire{12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw}

WannaCry Two - Exit

Tasked with finding the address which was sent 9.03851401 BTC on the year 2017 on August. Using the blockchain link I found while looking for address, I then start going through the previous transactions , and I was able to get the address that received the BTC transacted , like DAMN all that money 🥲

FLAG : Aspire{16dfTuSx4f78eQ81PzTgBtBDyZ7QhNZ8Vy}

Ether One - Publisher

This was kinda easy , Given the address , we were to find the flag that was published at some point* but notice that it's a smart contract deployed on ethereum rinkeby testnet, So first thing I do is visit Rinkeby Testnet Explorer

I was able to get a list of transactions that were done , and I tried looking at each one of the transactions done and I found something interesting at each one of them

I change the last value of data from hex to text and I get Neither me too

I kept switching each transaction topic , till I got a different text value , which was the flag when enclosed in Aspire{}

Flag : Aspire{Block Chain Rocks}

Ether Two - Function

Given an address and we are told that it has a function that returns the flag , interesting ! I decide to search the address on the rinkeby testnet explorer and I got just a history of when the contract is created , so i decided to check on contracts and decompyled it to bytecode since the hint says there is a function which returns the flag

# Palkeoramix decompiler. 

def storage:
  flag is uint256 at storage 0

def flag() payable: 
  return flag

#
#  Regular functions
#

def _fallback() payable: # default function
  revert

flag is uint256 at storage 0 Okay now I was a bit confused at first then I decided to open the transaction and check the input data , I converted the input data from hex to UTF-8 and WOW I get the flag 😐

FLAG : Aspire{Solidity you gotta love it}

I hope this was / is resourceful