Philippe Teuwen doegox

## GreHack2019_CTF_challenge.md

      
              1 file
            
          
              0 forks
            
          
              2 comments
            
          
              4 stars
            
          
                nreboud
                / GreHack2019_CTF_challenge.md
            
            
              Last active
              June 21, 2024 04:10
            
              
                GreHack2019 CTF challenge - White-box
              
          
    GreHack2019 CTF challenge

One of the challenges of the GreHack2019 CTF was a white-box.
The White-box has been pushed to the SideChannelMarvels Project.
1. White-box? What is that?

White-box cryptography is presented here : http://www.whiteboxcrypto.com/. If you are not fammilair with the concept, Brecht Wyseur itroduced it well in "white-box cryptography: hiding keys in software", MISC magazine, April 2012
2. GreHack2019 White-box

The GreHack2019 CTF white-box is very classic AES128 white-box implementation. The fact that it implements an AES can be found by having a look to the code and by identifying the 11 rounds or by simply looking to the input sample "Who Is Rijndael".

  
## ghidra-community.md

      
              1 file
            
          
              5 forks
            
          
              1 comment
            
          
              59 stars
            
          
                adulau
                / ghidra-community.md
            
            
              Last active
              November 11, 2023 13:16
            
              
                Ghidra community - collection
              
          
    Introduction

As the Ghidra open source community is growing, trying to document the new projects around Ghidra. Feel free to fork the gist and propose improvements.
CPU support


New 6502 language module for Ghidra
Atmel AVR helpers for Ghidra - ATmega328p
Processor definitions for DMG and CGB in Ghidra - Gameboy CPU (LR35902) (WiP)
ghidra based disassembly of the x68000's IPL.


## permissions.txt
android.permission.ACCESS_ALL_DOWNLOADS
android.permission.ACCESS_BLUETOOTH_SHARE
android.permission.ACCESS_CACHE_FILESYSTEM
android.permission.ACCESS_CHECKIN_PROPERTIES
android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY
android.permission.ACCESS_DOWNLOAD_MANAGER
android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED
android.permission.ACCESS_DRM_CERTIFICATES
android.permission.ACCESS_EPHEMERAL_APPS
android.permission.ACCESS_FM_RADIO

## attack.php
<?php

/*
 * This code is copied from
 * http://www.warpconduit.net/2013/04/14/highly-secure-data-encryption-decryption-made-easy-with-php-mcrypt-rijndael-256-and-cbc/
 * to demonstrate an attack against it. Specifically, we simulate a timing leak
 * in the MAC comparison which, in a Mac-then-Encrypt (MtA) design, we show
 * breaks confidentiality.
 *
 * Slight modifications such as making it not serialize/unserialize and removing

## anonymous
/*************
 * lasers.js *
 *************
 *
 * Time to unleash the killer lasers! Each laser will kill you
 * unless you have the appropriate color. Too bad you can't
 * see which color corresponds to which laser!
 */

function getRandomInt(min, max) {

## anonymous

/*****************
 * bossFight.js *
 *****************
 *
 * NO FARTHER, DR. EVAL!!!!
 * YOU WILL NOT GET OUT OF HERE ALIVE!!!!
 * IT'S TIME YOU SEE MY TRUE FORM!!!!
 * FACE MY ROBOT WRATH!!!!!
 */

## hb-test.py
#!/usr/bin/env python2
"""
Author: takeshix <takeshix@adversec.com>
PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
"""

import sys,struct,socket
from argparse import ArgumentParser
	android.permission.ACCESS_ALL_DOWNLOADS
	android.permission.ACCESS_BLUETOOTH_SHARE
	android.permission.ACCESS_CACHE_FILESYSTEM
	android.permission.ACCESS_CHECKIN_PROPERTIES
	android.permission.ACCESS_CONTENT_PROVIDERS_EXTERNALLY
	android.permission.ACCESS_DOWNLOAD_MANAGER
	android.permission.ACCESS_DOWNLOAD_MANAGER_ADVANCED
	android.permission.ACCESS_DRM_CERTIFICATES
	android.permission.ACCESS_EPHEMERAL_APPS
	android.permission.ACCESS_FM_RADIO
	<?php

	/*
	* This code is copied from
	* http://www.warpconduit.net/2013/04/14/highly-secure-data-encryption-decryption-made-easy-with-php-mcrypt-rijndael-256-and-cbc/
	* to demonstrate an attack against it. Specifically, we simulate a timing leak
	* in the MAC comparison which, in a Mac-then-Encrypt (MtA) design, we show
	* breaks confidentiality.
	*
	* Slight modifications such as making it not serialize/unserialize and removing
	/*************
	* lasers.js *
	*************
	*
	* Time to unleash the killer lasers! Each laser will kill you
	* unless you have the appropriate color. Too bad you can't
	* see which color corresponds to which laser!
	*/

	function getRandomInt(min, max) {

	/*****************
	* bossFight.js *
	*****************
	*
	* NO FARTHER, DR. EVAL!!!!
	* YOU WILL NOT GET OUT OF HERE ALIVE!!!!
	* IT'S TIME YOU SEE MY TRUE FORM!!!!
	* FACE MY ROBOT WRATH!!!!!
	*/
	#!/usr/bin/env python2
	"""
	Author: takeshix <takeshix@adversec.com>
	PoC code for CVE-2014-0160. Original PoC by Jared Stafford (jspenguin@jspenguin.org).

	Supportes all versions of TLS and has STARTTLS support for SMTP,POP3,IMAP,FTP and XMPP.
	"""

	import sys,struct,socket
	from argparse import ArgumentParser