Skip to content

Instantly share code, notes, and snippets.

🤔
?

Lense Lense

🤔
?
Block or report user

Report or block Lense

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@Lense
Lense / README.md
Last active Jul 12, 2018
CSAW quals 2015 forensics 400: Sharpturn
View README.md

First thing I did was figure out that it was a git repo, search Google for how to extract the code, and run git archive master | tar x -C code. It asks for 2 prime factors of a number which doesn't have exactly 2 prime factors, from which it can be assumed that something was wrong with the code.

Running git fsck (after more Google searching) showed 3 hashes not matching up, which means that the hash of the file contents (plus header metadata) didn't match the filename. I then read https://git-scm.com/book/en/v2/Git-Internals-Git-Objects (side-note: the Pro Git book is a fantastic introduction to and reference for git). 3 Files are corrupted: sharp.cpp in each of the 3 commits (see git log).

Then I tool a leap of faith and assumed that a single byte was wrong (corrupted, hence the SATA controller comment) in each blob, and wrote a script to brute force it. It worked for first one, and then doom had to remind me to propagate the changes: the first

@Lense
Lense / randomware.md
Last active Mar 6, 2018
SECCON 2016 quals: randomware
View randomware.md

randomware

SECCON 2016 quals

description

300 points
My PC suddenly got broken. Could you help me to recover it please?
NOTE: The disk can be virus-infected. DO NOT RUN any programs extracted from the disk outside of sandbox.
disk.qcow2.zip
Challenge files is huge, please download it first. Password will release after 60min.
password: h9nn4c2955kik9qti9xphuxti

View fix_bold.diff
diff --git a/st.c b/st.c
index fbcd9e0..4c49420 100644
--- a/st.c
+++ b/st.c
@@ -354,8 +354,6 @@ typedef struct {
int width;
int ascent;
int descent;
- int badslant;
- int badweight;
@Lense
Lense / brainfun.md
Last active Sep 23, 2016
CSAW quals 2016 brainfun
View brainfun.md

Challenge

Title: brainfun
Competition: CSAW quals 2016
Category: Forensics
Points: 150
Description: Scrambled Fun for Everyone! Author: fang0654 <brainfun.png>

Background

  • There's nothing hidden in the file other than the pixel data.
  • The image is 512x512, but can be scaled down 32x32 to match the blocks to
@Lense
Lense / challenge.md
Last active Jun 29, 2016
CSAW 2014 quals: weissman (RE300.2) writeup
View challenge.md

Extract the key!

Written by RyanWithZombies

Update: The key is not "flag{ don't trust the Cheshire cat!! he works for the Queen of Hearts }". Sorry about that. It's an artifact from an easier version of this challenge. You need to extract key.jpg.

HINT:

CSAWLZ is a completely custom format! You won't find decompressing tools on the internet. We made it just for you. :)

@Lense
Lense / README.md
Last active Dec 6, 2015
SECCON 2015--Find the prime numbers--Crypto200
View README.md
View sol
SOLARIZED HEX 16/8 TERMCOL XTERM/HEX L*A*B RGB HSB
--------- ------- ---- ------- ----------- ---------- ----------- -----------
base03 #002b36 8/4 brblack 234 #1c1c1c 15 -12 -12 0 43 54 193 100 21
base02 #073642 0/4 black 235 #262626 20 -12 -12 7 54 66 192 90 26
base01 #586e75 10/7 brgreen 240 #585858 45 -07 -07 88 110 117 194 25 46
base00 #657b83 11/7 bryellow 241 #626262 50 -07 -07 101 123 131 195 23 51
base0 #839496 12/6 brblue 244 #808080 60 -06 -03 131 148 150 186 13 59
base1 #93a1a1 14/4 brcyan 245 #8a8a8a 65 -05 -02 147 161 161 180 9 63
base2 #eee8d5 7/7 white 254 #e4e4e4 92 -00 10 238 232 213 44 11 93
base3 #fdf6e3 15/7 brwhite 230 #ffffd7 97 00 10 253 246 227 44 10 99
@Lense
Lense / CHALLENGE.md
Last active Sep 22, 2015
CSAW quals 2015 crypto 200: punchout
View CHALLENGE.md

We found these System/360 punch cards and we need to extract the data. We already read the data off for you.

It looks encrypted. Can you help?

HINT: This is actually encrypted. With technology and techniques that were available in 1965

HINT: https://gist.github.com/withzombies/40554f02d6c7055fb0bc punchout.tar.xz-24504ddc1e81092010497ee49fc52e1c

@Lense
Lense / solve_captured.py
Last active Aug 29, 2015
PlaidCTF 2015: curious writeup
View solve_captured.py
#!/usr/bin/env python
# https://github.com/pablocelayes/rsa-wiener-attack
import RSAwienerHacker
def int2ascii(n):
# Cut off 0x and L
h = hex(n)[2:-1]
# Convert each hex byte to ascii char
return "".join([chr(int(h[i:i+2], 16)) for i in range(0, len(h), 2)])
@Lense
Lense / server.py
Last active Aug 29, 2015
PlaidCTF 2015: parlor2 writeup
View server.py
#/usr/bin/env python
from Crypto.PublicKey import RSA, DSA
from Crypto.Random import random, atfork
from Crypto.Cipher import PKCS1_OAEP
import SocketServer,threading,os,time
import socket
from priv import privkey, privkey_enc
You can’t perform that action at this time.