Skip to content

Instantly share code, notes, and snippets.

@xct

xct/solve.py Secret

Last active November 20, 2022 22:22
Show Gist options
  • Save xct/9b60d9255afe400dd0ce7bb774e613ec to your computer and use it in GitHub Desktop.
Save xct/9b60d9255afe400dd0ce7bb774e613ec to your computer and use it in GitHub Desktop.
SquareCTF 2022 Yara Challenge "Yet Another Reversing Activity"
#!/usr/bin/env python3
import subprocess
# Author: @xct_de
# Challenge: https://2022.squarectf.com/challenge?yet-another-reversing-activity
flag = ""
flag = "flag{" # checkpoint
baseline = ""
for j in range(32):
l = len(flag)
for i in range(0x20,0x7F,1):
# write flag file, bruting last char
f = open('./out', 'w')
f.write(flag + chr(i))
f.close()
# count instructions
p = subprocess.Popen("valgrind --tool=callgrind /usr/bin/yara -C flag.yarc out 2>&1 | grep refs | cut -d ' ' -f11", stdout=subprocess.PIPE, shell=True)
output = p.communicate()[0].rstrip(b"\n")
output = int(output.decode().replace(",",""))
if i == 0x20:
baseline = output
# count as hit if more than a few instructions difference (valgrind is not perfect)
elif abs(baseline-output)>10:
flag += chr(i)
print(f"Found: {chr(i)} ({output})")
print(f"Flag: {flag}")
break
if l == len(flag):
print("Whoops, try again")
break
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment