193s

/9j/4ecIRXhpZgAASUkqAAgAAAANAA4BAgAgAAAAqgAAAA8BAgAFAAAAygAAABABAgAJAAAA0AAAABIBAwABAAAAAQAAABoBBQABAAAA2gAAABsBBQABAAAA4gAAACgBAwABAAAAAgAAADEBAgAPAAAA6gAAADIBAgAUAAAA+gAAABMCAwABAAAAAQAAAGmHBAABAAAAigEAACWIBAABAAAAnqoAAKXEBwB8AAAADgEAAOSrAABTT05ZIERTQyAgICAgICAgICAgICAgICAgICAgICAgAFNPTlkAAFNMVC1BNTVWAABeAQAAAQAAAF4BAAABAAAAU0xULUE1NVYgdjEuMTAAADIwMTE6MDk6MTggMTk6NTE6NTQAUHJpbnRJTQAwMzAwAAAGAAEAFgAWAAIAAQAAAAMANAAAAAABBQAAAAEBAAAAABABgAAAAAkRAAAQJwAACw8AABAnAACXBQAAECcAALAIAAAQJwAAARwAABAnAABeAgAAECcAAIsAAAAQJwAAywMAABAnAADlGwAAECcAACUAmoIFAAEAAABMAwAAnYIFAAEAAABUAwAAIogDAAEAAAADAAAAJ4gDAAEAAABABgAAMIgDAAEAAAACAAAAMogEAAEAAABABgAAAJAHAAQAAAAwMjMwA5ACABQAAABcAwAABJACABQAAABwAwAAAZEHAAQAAAABAgMAApEFAAEAAACEAwAAA5IKAAEAAACMAwAABJIKAAEAAACUAwAABZIFAAEAAACcAwAAB5IDAAEAAAAFAAAACJIDAAEAAAAAAAAACZIDAAEAAAAQAAAACpIFAAEAAACkAwAAfJIHAESmAACsAwAAhpIHAEAAAADwqQAAAKAHAAQAAAAwMTAwAaADAAEAAAABAAAAAqAEAAEAAACwBAAAA6AEAAEAAAAIAwAABaAEAAEAAABoqgAAAKMHAAEAAAADAAAAAaMHAAEAAAABAAAAAaQDAAEAAAAAAAAAAqQDAAEAAAAAAAAAA6QDAAEAAAAAAAAA

193s

#!/usr/bin/env python

# t: flag[i]
# check(t^0x7f, i, c_flag)
#
# def check(c, i, c_flag):
#   return bc + 2239 * c == c_flag[i]
#   ( bc = c )

# c = (c_flag[i] - bc) / 2239

193s

#include <stdio.h>
#include <windows.h>

#include "ropsettings.h"
#include "x86opcodes.h"

#include <iostream>
#include <fstream>
#include <string>
#include <sstream>

193s

                                              07-Aug-15 13:13:44 --- QUESTION LIST
+-----+---------------------------------------+---------+---------------------------------------+-------------+--------+------+
| No. |               Challenge               |  Author |                  Tags                 | Point Value | Solved | Open |
+-----+---------------------------------------+---------+---------------------------------------+-------------+--------+------+
|   1 | magic_eye.dat                         | Yen     | stego,forensics                       |      50     |   NO   | YES  |
|   2 | moonwalk                              | Kajer   | forensics,reversing                   |      50     |   NO   | YES  |
|   3 | Enhance                               | Nodus   | misc,forensics,CSI                    |      50     |   NO   | YES  |
|   4 | ffbank                                | Kajer   | neckbeard,network,scripting           |     100     |   NO   | YES  |
|   5 | much_nothing                         

193s

#!/usr/bin/env python
from pwn  import *
from ebil import *

exec ebil('./ropasaurusrex', remote=('katagaitai.orz.hm', 1025))
JUNK = p(0xdeadbeef)

if LOCAL: libc = ELF('/lib/i386-linux-gnu/libc.so.6')
else:     libc = ELF('libc-2.19.so')

193s

#!/usr/bin/env python
from pwn  import *
from ebil import *

#exec ebil('./cfy', remote=('188.40.18.73', 3313))
exec ebil('./cfy', remote=('0.0.0.0', 1025))
x86_64()

# "%s\n" : 0x400a01

193s

#!/usr/bin/env python
from pwn  import *
from ebil import *
from termcolor import colored

def run(payload, length=None):
  if length: prefix = '(%d/%d)>' % (len(payload), length)
  else:      prefix = '(%d)>'    % (len(payload))
  print colored(prefix, attrs=['bold']),
  print colored(repr(payload), color='magenta')

193s

#!/bin/sh

file1=$(mktemp -t a)
file2=$(mktemp -t a)

hexdump -C $1 > $file1
hexdump -C $2 > $file2
diff $file1 $file2

193s

unsigned long tempering(unsigned long y) {
  /* Tempering */
  y ^= (y >> 11);
  y ^= (y << 7) & 0x9d2c5680UL;
  y ^= (y << 15) & 0xefc60000UL;
  y ^= (y >> 18);
  return y;
}

unsigned long TemperingMaskB = 0x9d2c5680;

193s

/* 
   A C-program for MT19937, with initialization improved 2002/1/26.
   Coded by Takuji Nishimura and Makoto Matsumoto.

   Before using, initialize the state by using init_genrand(seed)  
   or init_by_array(init_key, key_length).

   Copyright (C) 1997 - 2002, Makoto Matsumoto and Takuji Nishimura,
   All rights reserved.