Saturday, January 30, 2016

Microcorruption CTF (I)

Microcorruption hosts a nice reverse engineering CTF game, based on the MSP430 micro controller.

Just a note: I will write just a simple draft of the solution, which I hope will be enough to guide you through the exercises without spoiling the fun.
If a more detailed analysis is what you want let me know it in the comment section.

Ok, lets wear our "i <3 asm" T-shirt and we are ready to go!

0 - Tutorial

Just follow the instructions :)

1 - New Orleans

The lock asks for a password...looking at the assembly we can easily find the check_password procedure. We break at its beginning and inspect it a bit to find that it compares the given password to an hardcoded one (starting at location 0x2400)



2 - Sidney

Similar to the previous one, but this time the password is hardcoded in the code and check in words (2 bytes) NOTE: little endian, so the hardcoded bytes should be switched

3 - Hanoi

3) Hanoi: this was a tricky one, because the function test_password_valid doesnt really help us. Infact what really happens is that the login function tests if the 17th byte of the password is equal to 0x5c, although the text says that the password should be between 8 and 16 characters (we could call this a backdoor)

4 - Cusco

This is similar to the previous one, but without any backdoor. Looking at the code we can see that an input of 0x30 (48) bytes is accepted, even though the instructions state that it should be at most 16. In a classic stack smash fashion we provide a long input (more than 16 bytes) and let it finish: an invalid access occurs in the return of the login function, meaning that our input has overwritten the return address in the stack. To solve the exercise we put in 16 random bytes and the last 2 (which overwrite the address) as the start of the unlock_door function

5 - Reykjavik

New approach, this time the code is stored encrypted. First we stop just after the call to enc so that we can see the decrypted code in memory at address 0x2400 and disassemble it. What it does is simply to print a message, get the password and check the first two byte against an hardcoded value
Posted by at

1 comment:

  1. UnknownMarch 25, 2019 at 1:16 PM

    Beware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; (keyloggershacker@gmail.com) who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.

    ReplyDelete

Subscribe to: Post Comments (Atom)