One Article Review
| Source |  w00tsec |
|---|---|
| Identifiant | 8300165 |
| Date de publication | 2014-10-24 03:50:16 (vue: 2023-01-11 16:56:00) |
| Titre | Hack.lu 2014 CTF Write Up: At Gunpoint |
| Texte | Hack.lu's 2014 CTF took place on October 21-23. The event was organized by fluxfingers, and this year's challenges were really enjoyable, huge props to them. I played with my friends from TheGoonies - after winning the Brazilian CTF Pwn2Win we are now getting better organized to become more competitive. There are quite a few write ups around and I decided to post about a few tasks which we had a different solution from other teams.Task: At Gunpoint (Reversing - 200)You're the sheriff of a small town, investigating news about a gangster squad passing by. Rumor has it they're easy to outsmart, so you have just followed one to their encampment by the river. You know you can easily take them out one by one, if you would just know their secret handshake. Download provided: gunpoint_2daf5fe3fb236b398ff9e5705a058a7f.datFile utility showed us that it was a GameBoy ROM. Having former Console Hackers on the team came handy during this challenge as we already knew in advance which tools to use and what to look for. We used TLayer TileMolester from the legendary SnowBro to gather information about the graphics and the font data. Firstly, we switched the Codec to 1bpp and found the font used by the game. We were about to create a character table when, after switching the Codec to 2bpp planar (GameBoy's native Codec), we found something interesting: After some offset adjustment (using +, -, Shift + left and Shift + right) we got this image: We submitted the key "tkCXDtheQDNRN", but it wasn't accepted. I wanted to confirm that those tiles were disposed in a linear way, so I kept analyzing the ROM.The GameBoy's screen has a resolution of 20x18 tiles. In order to check if the order of the tiles (and the flag) was correct, I performed a relative search using Darkl0rd's Monkey-Moore: |
| Envoyé | Oui |
| Condensat | 0x00 0x0965 0x0979 0x15 0x16 0x17 0x28 0x29 0x30 0x31 0x3c 0x3d 1bpp 200 2014 20x18 2bpp 2daf5fe3fb236b398ff9e5705a058a7f 6th @angealbertini: abcdefghijklmnopqrst*uvwxyz about above accepted actually adjustment advance after already analyzing and anyway apparently are around become better bgmap brazilian break break: but by fluxfingers bytes came can challenge char character check clearly codec combination compare competitive confirm considering console containing correct create ctf ctf pwn2win we data datfile decided different display displaying disposed download during easily easy editor elegant emulator encampment ends enjoyable event few figure figured find first firstly flag followed font for former found friends from game gameboy gangster gather getting going got graphics grid gunpoint hack hackers had half handshake handy has have having hex highlighted huge image:we imagine indeed information inputted instead intentional interesting:after investigating just kept key key:i knew know left legendary letter like limits line linear look member monkey moore:let more mouse native news none not now october off offset one order organized other our out outsmart passing performed place planar played pointer post props provided: gunpoint quite reach really relative resolution responsible reversed reversing right river rom rumor s challenges screen screenshot search second secret section see sequentially sheriff shift should showed small snowbro to solution solutions some someone something squad still strange submitted sure switched switching table take task: at tasks tastless team teams that the thegoonies their them there these they third this those tile tilemolester tiles tiles:let time tkcxdjheqdnrn tkcxdtheqdnrn tlayer took tools town until up: ups use and used using using darkl0rd usual utility waiting wanted was wasn way were what when which who why width winning with would write year you |
| Tags | |
| Stories | |
| Notes | ★★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.