FluxArchiv (Part 1) (Category: Reversing) Author(s): sqall These funny humans try to exclude us from the delicious beer of the Oktoberfest! They made up a passcode for everyone who wants to enter the Festzelt. Sadly, our human informant friend could not learn the passcode for us. But he heard a conversation between two drunken humans, that they were using the same passcode for this intercepted archive file. They claimed that the format is is absolutely secure and solves any kind of security issue. It’s written by this funny hacker group named FluxFingers. Real jerks if you ask me. Anyway, it seems that the capability of drunken humans to remember things is limited. So they just used a 6 character passcode with only numbers and upper-case letters. So crack this passcode and get our ticket to their delicious german beer! Here is the challenge: https://ctf.fluxfingers.net/static/downloads/fluxarchiv/hacklu2013_archiv_challenge1.tar.gz FluxArchiv (Part 2) (Category: Reversing) Author(s): sqall These sneaky humans! They do not just use one passcode, but two to enter the Festzelt. We heard that the passcode is hidden inside the archive file. It seems that the FluxFingers overrated their programming skill and had a major logical flaw in the archive file structure. Some of the drunken Oktoberfest humans found it and abused this flaw in order to transfer hidden messages. Find this passcode so we can finally drink their beer! (only solvable when FluxArchiv (Part 1) was solved) Here is the challenge: https://ctf.fluxfingers.net/static/downloads/fluxarchiv/hacklu2013_archiv_challenge1.tar.gz Inside archive we found ELF x64 binary and FluxArchiv.arc, without much thinkings I jumped into revesing, after while I have logic for password checking, it wasn't pretty. But back to beging. Given binary should extract/delete/list/add file to archive with custom format. archive File starts with header consisting a magic (FluXArChiV13) and raw sha1 of some mangled password 0000000: 46 6c 75 58 41 72 43 68 69 56 31 33 37 29 42 df FluXArChiV137)B. 0000010: 27 12 82 45 05 d8 17 1f 4f 0b cb 14 15 3d 39 ba '..E....O....=9. So first step was to figure out hashing algorithm it turns out to be double sha1 with shuffled bytes, fortunetly orded of bytes was always the same and given by simple formula j = ((i << 3) -i) % 0x14 so whole pass checking looks like this: p = sha1(sys.argv[3]) f.seek(12); f.read(0x14) == sha1(''.join([ p[((i<<3)-i)%0x14] for i in range(0,0x14)])) it dosn't look revertible so we have to brute force, firstly I didn't read tasks description (dohh) and spend some time trying to bypass it, so lets code some brute forcer, of course i spent on this too much time, typing memcpy rather than memcmp, it's clear sign that one couldn't do ctf during work time ;p - but after all this stupid mistakes i manage solve it, way too late. (code at http://lokalhost.pl/ctf/hacklu2013_FluxArch1.c) Second part was much more fun, after compleate reversing archive format and writing parser for it I started to analyze what can I do to get flag, but before it we should talk a bit about format of the archive: beside header described above archive is build for follow structures struct FILEHDR_LIST { long fl_magic; // 5473314C58756C46h - FluXL1sT long next_fl; struct FILEHDR[8] }; struct FILEHDR { long baseChunkOff; long nChunks; char name[0x60]; char md5[0x10]; }; struct CHUNK { long next_chunk; // acctualy next chunks is at next_chunk * 0x410 char data[0x408]; } To make thinks harder(not realy) all fields was encrypted with single RC4, key was sha1 from input password (PWF41L) Next things left to do was, to sort all avaible chunks and headers by offset to find slack space. I wasn't disapointed there is many space we should devide it to chunks and decode it in few chunks we can find Mentor menifestum, and the flag append to it: Flag: D3letinG-1nd3x_F4iL Acctualy I wish I was that smart, I forgot to divide slack space into chunks, and got garbage Since I was enoyed with my mistakes I give it out to Redford and he fished it nicely, taking more aggresive approche, ie deviding file into chunks and decoding them separatly, but to my defense I did finished it with cold head after CTF;] (code for part2 @ http://lokalhost.pl/ctf/hacklu2013_FluxArchiv2.py) -- mak Dragon Sector