One Article Review
| Source |  SkullSecurity |
|---|---|
| Identifiant | 8494291 |
| Date de publication | 2024-05-05 00:00:00 (vue: 2024-05-06 00:05:44) |
| Titre | BSIDESSF 2024 Rédactions: Turing complète (inversion / exploitation) BSidesSF 2024 Writeups: Turing Complete (Reversing / exploitation) |
| Texte | This is a write-up for turing-complete, turing-incomplete, and turing-incomplete64 from the BSides San Francisco 2024 CTF! turing-complete is a 101-level reversing challenge, and turing-incomplete is a much more difficult exploitation challenge with a very similar structure. turing-incomplete64 is a 64-bit version of turing-incomplete, which isn\'t necessarily harder, but is different. Let\'s look at the levels! turing-complete My ideas doc said “Turing Machine?” from a long time ago. I don\'t really remember what I was thinking, but what I decided was to make a simple reversing challenge with a finite tape and 4 operations - go left, go right, read, and write. All commands and responses are binary (1s and 0s), which is hinted at by the instructions being a series of binary bits. The actual main loop, in C, is quite simple: uint8_t tape[128]; // ...write the flag to the tape... for(;;) { uint8_t a = r(); if(a == 2) break; uint8_t b = r(); if(b == 2) break; if(a == 0 && b == 0) { ptr++; } else if(a == 0 && b == 1) { ptr--; } else if(a == 1 && b == 0) { printf("%08b", |
| Envoyé | Oui |
| Condensat | *** *ptr /home/ctf/flag 08b 0x3 0xc4 1000 101 128 132 2024 actual add addr address address: address; addresses after ago align all also amd64 another any approach appropriate are aren argument arguments aslr back backwards base based because being below big binary bit bits boring break; bsides bsidessf buffer but bypassed byte bytes calculate call calling can cases cat chain chain: challenge character check chr cleanly code command commands comments: compiled complete conclusion connect considered convention convert cookies copy crash ctf deal decided dep determine determined did didn difference different difficult doc don each earlier easily easy element else end enjoyed ensuing everything exact exactly example: exception: execution exit expected experimentation explain exploit exploitation fflush figure file finally find finite finnicky first flag forward francisco from full function functions get gets github going grab harder have here hinted hope host how ideas identically incomplete incomplete64 instead instructions isn it: join just keep kind know knowing known largely last later leak leaked left length let level levels libc like line loaded long look loop lot machine main make map memory might mode more most move mprotect much necessarily necessary need new nonsense notice now numbers offset one only open operations original other out overcome overwrite overwritten own parameter park part pass passes payload payload: point pointe pointer points polite pop popen port pretty previous print printf progressing protections provided ptr ptr++; pure puts quite quitting rcx rdi rdx read read/write really reference registers release reliably remember responses ret return reversing rewinds right rop rsi run said same san second security see segfault series service set shell should show similar simple simple: since skip small solution some sometimes source space specifically spend stack stack: start starting stash stdout store straight structure subtract system take tape tcpsocket tell that them then thing thinking third those time turing txt uint8 unused upto use using usual value value; variety vary version very want way well what where which why will words work worked working would write writeups: x86 your |b| “turing |
| Tags | Threat |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.