Sorry, We are not Recruiting!

We are not actively recruiting at this time. We may have spots open after CSAW.

(updated: 3/22/2018)


Wednesday, October 2, 2013

CSAW 2013 Qualifier - Reversing - CSAW Reversing 2013 2 - 200

This challenge was curious as it billed it self as being more difficult than the CSAW  Reversing 2013 1, and was worth double the points. Perhaps it was more difficult if you were using a debugger, but I always prefer static analysis.

To begin with, this program didn't even run properly, I guess this was due to all their tricks in making this "harder".

Repeating like I did in the previous challenge, I worked up from the end and quickly found a suspicious xor loop. This time though they stuffed the encoded data onto the heap.

Rather than repeat my previous write-up, I'll paste the memory dump and the decoded message. The last obvious trick I saw here is that they started the string with a null, which if someone had been working this through with a debugger, they may have been puzzled while there was a 0 length string being printed. Huzzah for disassembly!
e9 f5 cc bb alf
fd f7 d1 dc un{g
fa fc c8 d6 rebm
e9 ea c3 89 asi2
fc ed c3 d7 ttil
e1 fb cf d7 ibel
fa f8 c2 cf raht
b2 eb cf df :red
88 99 d7 cb   }p
88 99 aa bb <- key


flag{number2isalittlebitharder:P}

About Crimson Agents

Formed in 2013, Crimson Agents is a DC based recreational security team that competes in various computer security wargames and hacker jeopardy contests. Our team comprised of various professionals seeking to practice and enhance our skills in penetration testing, vulnerability development, computer network defense, forensics, and reverse engineering. In addition to exploitation based CTFs, we also compete in Wireless CTFs with several members who focus solely in this domain. Our sister team Threat Inc focuses on defensive exercises such as malware analysis, forensics, honeypots, and network captures. We reuse what we learn from our "Blue Team" research to make our "Red Team" operations more effective and vice-versa.