exocron

This is my blog. There are many like it, but this one is mine.

Past CTF Challenges

This page contains all the past CTF challenges that I have authored. You can use these to practice, to try and correlate the pop culture references, or to just entertain yourself with the write-ups.

Oh Noes!

Spoilers galore! I use CSS to hide the spoilers, but it appears that your browser's CSS is disabled, or you are using a browser that does not support CSS. By scrolling past this paragraph, I am not responsible for emotional or physical distress caused by viewing the spoilers. The spoilers are not alive and, in fact, cannot speak. In the event that the spoilers do speak, you should not listen to them.

Here is some Lorem Ipsum to fill your screen so you don't accidently see the spoilers:

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum vel quam aliquam, blandit massa non, faucibus lacus. Nulla eget ultrices elit, id hendrerit odio. Aenean quis tortor dapibus, tempor orci nec, aliquet libero. Morbi vitae ligula at nulla finibus tempus sit amet eu purus. Aliquam cursus eros odio, commodo malesuada mi tincidunt ac. Etiam quis porttitor justo. Donec sagittis, lectus quis ullamcorper pretium, neque purus viverra urna, egestas commodo tortor odio at est. Sed malesuada suscipit erat quis pellentesque. Aliquam erat volutpat. Nullam sed risus lobortis arcu feugiat venenatis.

Nulla rutrum augue et libero varius, at dignissim ipsum ullamcorper. Quisque vitae lacus tincidunt, porttitor enim in, dignissim dolor. Phasellus mattis dui cursus dolor finibus efficitur. Sed at enim pellentesque, tempus elit id, venenatis magna. Praesent fermentum ut eros et molestie. Proin ultricies vestibulum dui, quis mollis odio imperdiet ut. Maecenas viverra eu lorem quis tempor. Pellentesque id purus ac diam suscipit fringilla. Fusce dui risus, semper eget dignissim vitae, porttitor ut lectus. Suspendisse volutpat eros nibh, eget placerat purus scelerisque nec. Vestibulum vitae erat vel dui accumsan hendrerit. Curabitur tincidunt sit amet augue et pulvinar. Cras mollis dictum ornare. Proin iaculis eget metus non lobortis. Vestibulum turpis nunc, posuere non vehicula eget, suscipit vel lorem. Fusce non nibh non sapien laoreet consectetur.

Aliquam feugiat enim a pharetra tincidunt. Donec id sem vitae felis scelerisque ullamcorper non maximus ipsum. Proin a nulla efficitur, varius ex sed, semper dolor. Vivamus mollis dignissim velit et lacinia. Donec id convallis mauris, consequat consectetur felis. Maecenas a massa in nisi vehicula placerat. Mauris lorem quam, pellentesque ut maximus non, lobortis a neque.

Quisque id est placerat, malesuada velit sit amet, tempus nunc. Sed sed eros scelerisque, pretium lorem vitae, tempor tortor. Fusce vitae faucibus nulla, et maximus dolor. Praesent lobortis, quam eu vehicula pharetra, turpis risus commodo lectus, et tempor diam odio ut dui. Sed tempus ut massa sit amet accumsan. Aenean facilisis ac leo consequat imperdiet. Nulla lectus lacus, sollicitudin ut ipsum vel, porta efficitur lacus. Aenean scelerisque iaculis ipsum rhoncus interdum.

Maecenas consequat placerat laoreet. Integer aliquam diam tortor, et facilisis quam lobortis a. Curabitur quis imperdiet augue. Mauris a diam vitae urna cursus dictum dictum ac tellus. Fusce tortor eros, egestas ut massa sit amet, euismod consectetur urna. Aenean in libero nec arcu fermentum placerat in nec ante. Vestibulum in nulla lectus. Aliquam sit amet volutpat nunc. Sed quis blandit erat, eget porttitor massa. Donec non iaculis ipsum, in tristique purus.

BSides Detroit 2013

BSides Chicago 2014

  • Things You Find On The Internet
    • File: network.pcap
    • Hint:
    • Flag: (from )
    • Writeup

CircleCityCon 2014

  • Codename: Golden Sun
    • File: Level1.apk
    • Hint:
    • Flag: (from )
    • Waiting for writeup…
  • Hello World
    • File: Level2.apk
    • Hint:
    • Flag:
    • Waiting for writeup…
  • OoooOOOOOOooooo
    • File: Level3.apk
    • Hint:
    • Flag: (from )
    • Waiting for writeup…
  • Agent Log
    • Original File: agent_503733697.zip (looks like the file that made it into the challenge is slightly different, but only in metadata; this is the file I submitted)
    • Hint:
    • Flag: (from )
    • Writeup (courtesy of @xn2o)
  • Ghost In The Tubes
    • File: 24_Ghosts_III.flac (having file size problems; working on it…)
    • Hint:
    • Flag: (from )
    • Writeup (courtesy of @memopadman)

Archived Comments:


Me

Nice post but I wanna know how do i fing this flag for CircleCityCon 2014 Level3? Any write-up?

Thx

exocron

Unfortunately, no one has created a writeup that I know of. I try not to post writeups for the challenges that I created because it’s better from a player’s perspective instead of an author’s. I’m fairly certain that all of my challenges at CircleCityCon got solved by at least one person, but since it’s been a year, I might write them up myself once I finish porting my blog over to a new system.

The goal of this challenge was to prevent players from using decompilers and using a bytecode-oriented tool instead. One of the pet peeves that I and the other Android challenge authors had from the previous year was that people were just tossing our challenges into dex2jar and running them on the PC, which works well for simple apps like these but doesn’t always work for the complicated apps of the real world. The dalvik bytecode has been slightly mutated to break most decompilers without breaking the functionality of the app. So, to start, you would want a tool that operates on dalvik bytecode, like smali. Once the class is baksmai’ed, it should be pretty obvious what to patch to get the flag.

About

I'm a programmer. I also enjoy reverse-engineering and I'm focused on information security. Hobbies include but are not limited to video games, laser tag, hardware hacking, comics, and Futurama. I live in the internet.

Archives

Categories

RSS Feeds

Meta