Description: “we got hold of this file,se what you can do with it.”

bin300/chall5 is a different challenge from the previous 2. This one is an Android .apk applicaton file containing a Flash file that generates a serial based on the input username.

The first step for this challenge is to disassemble the target .swf file into ActionScript. For this step I used this website to do it online.

The code contains the function Check_Serial which takes the username and serial as inputs. Check_Serial calls the function process which eventually leads to the function h_Binary. h_Binary contains many constants which, when searched for on google, reveal that they are from MD5 code. The rest of this function also matches up with MD5 code so we can label this as the MD5 sum function. Once it gets the MD5 sum of the input username it gets the MD5 sum of the MD5 sum of the username and appends it to the end of the previous MD5 sum. In code it would look like this: serial = md5(username) + md5(md5(username))

From this string it takes the substring between bytes 16 and 32 as the serial and compares it with the user’s input serial to determine if the username/serial combination is valid. If the combination is valid it gives you a URL to visit to get the flag.

The following C# code can be used to generate the serial for a given username:

using System;
using System.Text;
using System.Security.Cryptography;

namespace bin300
{
    class Program
    {
        static void Main(string[] args)
        {
            if(args.Length != 1)
            {
                Console.WriteLine("usage: {0} [username]", AppDomain.CurrentDomain.FriendlyName);
                Environment.Exit(0);
            }
        
            string name = args[0];
            string serial = "";

            serial = GenerateSerial(name);

            Console.WriteLine("Name: {0}", name);
            Console.WriteLine("Serial: {0}", serial);

            Console.WriteLine("Get flag at: http://atast-ctf.net/flag.php?n={0}&s={1}", name, serial);

        }

        static string GenerateSerial(string name)
        {
            MD5 md5 = MD5.Create();
            var s = BitConverter.ToString(md5.ComputeHash(Encoding.UTF8.GetBytes(name))).Replace("-", "").ToLower();
            s = s + BitConverter.ToString(md5.ComputeHash(Encoding.UTF8.GetBytes(s))).Replace("-", "").ToLower();

            return s.Substring(16, 32);
        }
    }
}

Flag: Apk_Flag_FounD

Note: This challenge was reused as chall5.
Download: http://atast.ctf.su/files/bin300.zip
Download (chall5 version): http://www.atast-ctf.net/new/ctf/downloads/challs.zip

About these ads