Use files in this gist to make your own solve of these fun challenges by zdeveau! The extra challenge is that you must do it using only static analysis in radare2. To make things a bit easier on you we will use Jupyter (Labs) Notebooks.
Install the python (tested with python-3.10) packages you will need (a full tested pip freeze is in requirements.txt also):
pip3 install jupyterlab r2pipe
patat: wrap: true ...
If you haven't yet: please build and install r2 from git now : git clone https://github.com/radare/radare2; cd radare2 ; ./sys/install.sh. And also pip install r2pipe.
Download the target binary file at https://bit.ly/2ZtEJSH This is a 'FORDBOARD' vi-firmware device; here's the datasheet for a LPC1768 https://bit.ly/2XHemb5
This is a writeup of the solutions to the Advent Calendar of Advanced Cyber Fun 2018. If you're not familiar, this is an advent-themed challenge so there was one new challenge each day from Dec 1st to Dec 24th. The challenges focused on exotic networking features. Usually, successfully connecting would win but sometimes challenge-response was necessary too.
The Advent Calendar of Advanced Cyber Fun 2018 was organized by @_takeshix and @lod108 and a big special thanks to them -- this was a ton of xmas fun!
I'll quote the challenge description that they posted on https://xmas.rip here:
Sometimes it's hard to remember all of those silly port numbers. And there is this restriction of 65535 ports, but santa wanted to host this year's wishlist protocol on TCP 24122018! Wouldn't it be great to access services based on their name, and not their port number?! So Santa is hosting the wishlist service with the help of old school technology: RFC1078. Send him your wishlist!
Writeup, from: https://github.com/JonathanBeverley , https://github.com/kensalter , https://github.com/BenGardiner
Notes:
r2 -d antir2
[...]
[0x004008c0]> aaa
| #!/usr/bin/env python | |
| import string | |
| import sys | |
| def getPoint(c): | |
| if c == 0: | |
| return [0, 0, 0] | |
| elif c == 255: | |
| return [255, 255, 255] | |
| elif chr(c) in string.printable: |
| // Run in the JavaScript console of the hterm browser window | |
| // Clear all existing settings - you probably don't want to do this. | |
| // Preferences are now stored in "chrome.storage.sync" instead of | |
| // "window.localStorage" so if you clear your preferences the changes | |
| // will be propagated to other devices. | |
| //mosh_client_.io.terminal_.prefs_storage.clear(); | |
| mosh_client_.io.terminal_.prefs_.resetAll(); | |
| mosh_client_.io.terminal_.prefs_.set('enable-bold', true); |
| #!/bin/bash | |
| function echo_and_exec() | |
| { | |
| echo "Executing $@" ; "$@" | |
| } | |
| function set_exec() | |
| { | |
| if [ -z "${DRYRUN}" ]; then |