Post

Re01 / WhiteHat Grand Prix 06 – Quals / 200pts.

Posted
By expend20 2 min read

Hi all, this is my quick write-up for Re01 challenge in WhiteHat Grand Prix 06 – Quals [1]

We’re given by output.png and whitehat.exe [2]. The logic of whitehat.exe can be simplified to next steps.

  1. Reading input file data (which is not given).
  2. Split data into chunks of 0x1000 size each. There is 14 full sized chunks and the last one has 0xc9a bytes.
  3. Chunks are swapped with each other (except the last one) based on their first bytes values. So, we can revert this easily from output file. output.png is output file, it’s given to us.
  4. Then programs extracts bytes which are located at 0xA offset of each chunk. First and last values of chunks are compared to hardcoded values. If they don’t match we’re exiting.
  5. Then it performs several mathematical checks on remaining bytes using pow(). If checks are passed then we’re calculating hash from all chunks.
  6. Computed hash is compared against ascii Flag valued after some additions with hardcoded values. If it match program will print the flag which itself is also a result of the same hashing function.
  7. The program then overwrites 0xa values in each chunks and saves that data as output output.png.

So, we have output data but the most interesting values to us are overwritten, we should bruteforce them. Let’s see the constraints.

The first part is interval comparison

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

  if ( (*chunks)[0xA] != 7 || chunks[13][0xA] != 12 )
    return 1;
  for ( idx = 1; idx <= 6; ++idx )
  {
    v16 = chunks[idx][0xA] - 52;
    if ( v16 > 9u )
      return 1;
  }
  for ( idx2 = 7; idx2 <= 11; ++idx2 )
  {
    v16 = chunks[idx2][0xA] - 77;
    if ( v16 > 9u )
      return 1;
  }
  if ( chunks[12][0xA] - 34 > 9 )
    return 1;

As I said before, first and last values are hardcoded, others should fit to predefined ranges.

Mathematical constrains based on pow():

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

  v4 = pow((long double)chunks[1][0xA], 3.0);
  v5 = pow((long double)chunks[2][0xA], 3.0) + v4;
  v16 = (signed int)(pow((long double)chunks[3][10], 3.0) + v5);
  if ( v16 != 0x62 )
    return 1;
  v6 = pow((long double)chunks[4][0xA], 3.0);
  v7 = pow((long double)chunks[5][0xA], 3.0) + v6;
  v8 = pow((long double)chunks[6][0xA], 3.0) + v7;
  v16 = (signed int)(pow((long double)chunks[7][0xA], 3.0) + v8);
  if ( v16 != 0x6B )
    return 1;
  v9 = pow((long double)chunks[9][0xA], 3.0);
  v10 = pow((long double)chunks[10][0xA], 3.0) + v9;
  v11 = pow((long double)chunks[11][0xA], 3.0) + v10;
  v16 = (signed int)(pow((long double)chunks[12][0xA], 3.0) + v11);
  if ( v16 != 0xBFu )
    return 1;

I wrote a z3 solver at first [3]. It produced ~3k input files in something like ~1.5h which satisfied constraints but the final check based on hash was not passed. So, I decided to write bruteforcer in C [3]. We actually have 9^12 values to brute, which equals to 282429536481. C version took something around ~15m to check all the solutions, and finally found one valid input.

References.

  1. CTFtime.org / WhiteHat Grand Prix 06 – Quals
  2. Input files
  3. Solution files
CTF
tb ctf write-up
This post is licensed under CC BY 4.0 by the author.