👾
Elijah's CTF Blog
  • 👋Home
  • 🇲🇾Wargames.MY CTF 2024
    • Credentials (crypto)
    • Stones (rev)
    • Rick'S Algorithm (crypto)
    • Rick'S Algorithm 2 (crypto)
    • Hohoho 3 continue (crypto)
  • 🎄Advent of CTF 2024
    • Jingle Bell ROP (pwn)
    • help (pwn)
  • Backdoor CTF 24
    • [rev] Ratatouille
  • 🇭🇰HKCERT CTF 24
    • Shellcode Runner 3 + Revenge (pwn)
    • ISH (1) (pwn)
    • Cyp.ress (rev)
    • Void (rev)
  • 🇮🇹ECSC 2024
    • ➕OffTopic (crypto)
  • 🎩Greyhats WelcomeCTF 24
    • EE2026 (misc)
  • 🚆UIUCTF 24
    • Syscalls (pwn)
    • Summarize (rev)
    • X Marked the Spot (crypto)
    • Without a Trace (crypto)
    • Determined (crypto)
    • Naptime (crypto)
    • Snore Signatures (crypto)
  • 🪼Jelly CTF 24
    • Cherry (crypto)
    • the_brewing_secrets (crypto)
  • 👨‍🦯vsCTF 24
    • Dream (crypto)
    • Cosmic Ray V3 (pwn)
  • 😎AKASEC CTF 24
    • Warmup (pwn)
    • Good_trip (pwn)
    • Sperm Rev (rev)
    • Paranoia (rev)
    • Grip (rev)
    • Risks (rev)
    • Lost (crypto)
  • 😁L3AK CTF 24
    • oorrww (pwn)
    • angry (rev)
    • Related (crypto)
    • BatBot (web-misc)
    • Matrix Magic (crypto)
  • 🥹CDDC Qualifiers 2024
    • WASM (rev)
    • crashMe (pwn)
Powered by GitBook
On this page
  1. AKASEC CTF 24

Paranoia (rev)

im baby

Last updated 10 months ago

Below is the decompiled binary code:

undefined8 main(void)
{
  char cVar1;
  int iVar2;
  time_t tVar3;
  ulong local_20;
  
  tVar3 = time((time_t *)0x0);
  srand((uint)tVar3);
  for (local_20 = 0; local_20 < 0x12; local_20 = local_20 + 1) {
    // flag is a global var, which is a fake flag in the binary
    cVar1 = flag[local_20];
    iVar2 = rand();
    printf("%i ",(ulong)(uint)(iVar2 % 0x100 ^ (int)cVar1));
  }
  putchar(10);
  return 0;
}

It basically sets a seed using the current time by doing srand(time(NULL)), then every character in the flag is encoded using the next randomly generated value and given to the user.

We can use srand and rand by using the Python ctypes library. We set the seed using the current time, then connect to the server. For each character received from the server, we generate the same random value and reverse the encryption operation they performed (by repeating the XOR operation).

#!/usr/bin/python3
from ctypes import CDLL
from pwn import *

libc = CDLL("libc.so.6")

p = remote("20.80.240.190", 1234)
# p = process("./paranoia")

libc.srand(libc.time(0))

flag = ""

for i in range(0x24):
    x = libc.rand()
    x = x % 0x100
    y = p.recvuntil(b" ")
    y = y[:-1]
    y = int(y.decode(), 10)
    flag += chr(x ^ y)

print(flag)
# akasec{n0t_t00_m4ny_br41nc3lls_l3ft}
😎
15KB
paranoia
Paranoia binary file