Compare commits
5 Commits
fe3992f758
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 666511e258 | |||
| f80a532888 | |||
| 473cbf2002 | |||
| 6587b460d6 | |||
| 018262bdaa |
@@ -1,10 +1,12 @@
|
||||
FROM --platform=linux/arm64 alpine:3.20
|
||||
FROM alpine:3.20
|
||||
|
||||
RUN apk add --no-cache gdb strace
|
||||
|
||||
WORKDIR /challenge
|
||||
COPY main ./main
|
||||
COPY license ./build/license
|
||||
RUN chmod +x ./main
|
||||
|
||||
COPY license ./license
|
||||
|
||||
|
||||
CMD ["/challenge/main"]
|
||||
CMD ["/bin/sh"]
|
||||
@@ -1,5 +1,6 @@
|
||||
import random
|
||||
import sys
|
||||
import os
|
||||
|
||||
def generate_flag(length):
|
||||
characters = list("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
|
||||
@@ -13,7 +14,7 @@ def custom_op_xor(value, amount):
|
||||
return (((value << amount) ^ 0xFF) >> amount)
|
||||
|
||||
|
||||
manglers = [
|
||||
hard_manglers = [
|
||||
(lambda value: custom_op_xor(value, 5), lambda value: f"trunc_xor({value}, 5)"),
|
||||
(lambda value: custom_op_xor(value, 3), lambda value: f"trunc_xor({value}, 3)"),
|
||||
(lambda value: custom_op_xor(value, 2), lambda value: f"trunc_xor({value}, 2)"),
|
||||
@@ -26,7 +27,17 @@ manglers = [
|
||||
# (lambda value: value, lambda value: f"{value}")
|
||||
]
|
||||
|
||||
def mangle(value):
|
||||
easy_manglers = [
|
||||
(lambda value: value + 1, lambda value: f"{value} + 1"),
|
||||
(lambda value: value - 1, lambda value: f"{value} - 1"),
|
||||
(lambda value: value * 2, lambda value: f"{value} * 2"),
|
||||
(lambda value: value ^ 0xAB, lambda value: f"({value} ^ 0xAB)"),
|
||||
(lambda value: value, lambda value: f"{value}")
|
||||
]
|
||||
|
||||
|
||||
|
||||
def mangle(value, manglers):
|
||||
result = b""
|
||||
c_manglers = []
|
||||
|
||||
@@ -42,11 +53,18 @@ def mangle(value):
|
||||
|
||||
return (result, c_manglers)
|
||||
|
||||
def get_check_code(flag_part, user_part, c_mangler):
|
||||
variations = [
|
||||
f"custom_jmp_neq({flag_part} ^ 0x7C, {c_mangler(user_part)}, label_false);",
|
||||
f"custom_jmp_neq({flag_part}, {c_mangler(user_part)} ^ 0x7C, label_false);"
|
||||
]
|
||||
def get_check_code(flag_part, user_part, c_mangler, difficulty):
|
||||
|
||||
if difficulty == "HARD":
|
||||
variations = [
|
||||
f"custom_jmp_neq({flag_part} ^ 0x7C, {c_mangler(user_part)}, label_false);",
|
||||
f"custom_jmp_neq({flag_part}, {c_mangler(user_part)} ^ 0x7C, label_false);"
|
||||
]
|
||||
else:
|
||||
variations = [
|
||||
f"if({flag_part} != {c_mangler(user_part)}) {{ return false; }}"
|
||||
]
|
||||
|
||||
return random.choice(variations)
|
||||
|
||||
def main():
|
||||
@@ -64,6 +82,8 @@ def main():
|
||||
if flag_seed.lower() != "false":
|
||||
random.seed("totallysecurepadding" + flag_seed + "sonoonecanguesstheflag!")
|
||||
|
||||
difficulty = os.getenv("DIFFICULTY", "EASY")
|
||||
|
||||
# Generate a secret
|
||||
secret = generate_flag(flag_len)
|
||||
secret = flag_format.replace("FLAG_GOES_HERE", secret)
|
||||
@@ -71,7 +91,7 @@ def main():
|
||||
eprint(f"Generated Flag: {secret}")
|
||||
|
||||
# Change the bytes of the secret
|
||||
mangled_secret, c_manglers = mangle(secret)
|
||||
mangled_secret, c_manglers = mangle(secret, easy_manglers if difficulty == "EASY" else hard_manglers)
|
||||
|
||||
# Shuffle the secret, but keep track of the order
|
||||
# We need this so we know the real location of the characters to compare
|
||||
@@ -89,7 +109,7 @@ def main():
|
||||
|
||||
checks = []
|
||||
for i, c_mangler in enumerate(c_manglers):
|
||||
checks.append(get_check_code(f"MANGLED[{i}]", f"userflag[{secret_shuffleorder[i]}]", c_mangler))
|
||||
checks.append(get_check_code(f"MANGLED[{i}]", f"userflag[{secret_shuffleorder[i]}]", c_mangler, difficulty))
|
||||
|
||||
random.shuffle(checks)
|
||||
check = "\n".join(checks)
|
||||
@@ -108,7 +128,7 @@ def main():
|
||||
static volatile uint8_t MANGLED[] = "{mangled_secret}";
|
||||
|
||||
bool check(char* userflag, uint8_t len) {{
|
||||
custom_jmp_neq(len ^ 0x7C, {len(secret)}, label_false);
|
||||
{f"custom_jmp_neq(len ^ 0x7C, {len(secret)}, label_false);" if difficulty == "HARD" else f"if (len != {len(secret)}) {{ return false; }}"}
|
||||
|
||||
{check}
|
||||
|
||||
|
||||
@@ -109,6 +109,8 @@ int main(int argc, char** argv) {
|
||||
fprintf(f_readme, "This doesn't just run on any hardware, I don't know how they did it\n");
|
||||
fprintf(f_readme, "but it only works on my %s processor\n", hwinfo.model_name);
|
||||
fprintf(f_readme, "running linux (version %s) with %s kb of RAM\n", hwinfo.os_version, hwinfo.mem_total);
|
||||
fprintf(f_readme, "I also included a dockerfile so you can run all that shi easier.\n");
|
||||
fprintf(f_readme, "Just unzip that thang and run docker build . -t local-dev and then docker run -it local-dev in the folder you unzipped to.\n");
|
||||
fprintf(f_readme, "You'll find a way, slime. I'm sorry that I can't give you any more details\n");
|
||||
fprintf(f_readme, "this is the last message I could get out before they... you know... ⛓️👮♂️\n");
|
||||
fprintf(f_readme, "\n");
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <dlfcn.h>
|
||||
#include <unistd.h>
|
||||
|
||||
static FILE *(*real_fopen)(const char *path, const char *mode) = NULL;
|
||||
|
||||
@@ -38,3 +39,19 @@ FILE *fopen(const char *path, const char *mode) {
|
||||
|
||||
return real_fopen(path, mode);
|
||||
}
|
||||
|
||||
FILE *tmpfile(void) {
|
||||
char path[] = "./tmpfile_XXXXXX";
|
||||
int fd = mkstemp(path);
|
||||
if (fd == -1) {
|
||||
fprintf(stderr, "proc_redirect: mkstemp failed\n");
|
||||
abort();
|
||||
}
|
||||
fprintf(stderr, "proc_redirect: tmpfile created at %s\n", path);
|
||||
FILE *f = fdopen(fd, "w+");
|
||||
if (!f) {
|
||||
close(fd);
|
||||
abort();
|
||||
}
|
||||
return f;
|
||||
}
|
||||
Reference in New Issue
Block a user