This is the write-up for the task "AVX2 Encoder" from TCTF (0CTF) Finals 2017.
We are given the following files:
avx2_encoder.exe: PE32+ executable (console) x86-64, for MS Windows
This is the write-up for the task "AVX2 Encoder" from TCTF (0CTF) Finals 2017.
We are given the following files:
avx2_encoder.exe: PE32+ executable (console) x86-64, for MS Windows
The idea is that in each task the key was checked character by character in the same way. | |
So we can make a pattern from assembly code and then extract all information with simple re.search() | |
The first task, Magic, was solved with angr though mainly because I didn't think about regexes in the first way. | |
There are two details that differ Enlightment from pevoius tasks (subtasks here): | |
1. All binaries were compiled with another options so all my regexes broke as well as angr solution. | |
Regexes are easily adjustable, but you can't use these solutions to solve previous tasks anymore. | |
2. Only in this task keys are sometime reversed. I decided not to find in the binary whether it reverses key or not, | |
instead I just tried to feed the key to the binary. If return code is not 0 then we need to reverse the key. |
from __future__ import print_function | |
from idautils import * | |
from idaapi import * | |
import hashlib | |
def step_forward(addr, n=1, checks=None): | |
if checks: | |
assert(n == len(checks)) |
I hereby claim:
To claim this, I am signing this object:
def brute(s): | |
q = string.ascii_letters + string.digits | |
for a in q: | |
for b in q: | |
for c in q: | |
print(a+b+c) | |
for d in q: | |
for e in q: | |
for f in q: | |
m = md5() |