X-NUCA 2018 WriteUp by X10Sec

前言

上一年年底划水的比赛，忘记发 WriteUp 了，补发一下。

Crypto - Warm Up

先用 wireshark 打开数据包文件分析看见了常见的 P,N,Q 参数。

N 大于 512bit 不可分解因数求解 e 也并不是小指数。

接着往下分析包发现两个使用相同模数N加密的密文

This is a message distribute system. Please tell me your name: 
Alice
Hi Alice, your N is: 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
And your exponent is: 7669
Last but not least, your secret is: 22917655888781915689291442748409371798632133107968171254672911561608350738343707972881819762532175014157796940212073777351362314385074785400758102594348355578275080626269137543136225022579321107199602856290254696227966436244618441350564667872879196269074433751811632437228139470723203848006803856868237706401868436321225656126491701750534688966280578771996021459620472731406728379628286405214996461164892486734170662556518782043881759918394674517409304629842710180023814702447187081112856416034885511215626693534876901484105593275741829434329109239483368867518384522955176807332437540578688867077569728548513876841471
You will know the secret after I give you P,Q.
See you next time!

This is a message distribute system. Please tell me your name: 
Dave
Hi Dave, your N is: 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
And your exponent is: 6947
Last but not least, your secret is: 20494665879116666159961016125949070097530413770391893858215547229071116025581822729798313796823204861624912909030975450742122802775879194445232064367771036011021366123393917354134849911675307877324103834871288513274457941036453477034798647182106422619504345055259543675752998330786906376830335403339610903547255965127196315113331300512641046933227008101401416026809256813221480604662012101542846479052832128788279031727880750642499329041780372405567816904384164559191879422615238580181357183882111249939492668328771614509476229785062819586796660370798030562805224704497570446844131650030075004901216141893420140140568
You will know the secret after I give you P,Q.
See you next time!

想到 rsa共模攻击（以前做过类似的题目）
参考 https://www.anquanke.com/post/id/84

这里贴下解密脚本：

from libnum import n2s,s2n
from gmpy2 import invert
def egcd(a, b):
  if a == 0:
    return (b, 0, 1)
  else:
    g, y, x = egcd(b % a, a)
    return (g, x - (b // a) * y, y)
def main():
  n = 25118186052801903419891574512806521370646053661385577314262283167479853375867074736882903917202574957661470179148882538361560784362740207649620536746860883395110443930778132343642295247749797041449601967434690280754279589691669366595486824752597992245067619256368446164574344449914827664991591873150416287647528776014468498025993455819767004213726389160036077170973994848480739499052481386539293425983093644799960322581437734560001018025823047877932105216362961838959964371333287407071080250979421489210165485908404019927393053325809061787560294489911475978342741920115134298253806238766543518220987363050115050813263
  #dave
  c1 = 22917655888781915689291442748409371798632133107968171254672911561608350738343707972881819762532175014157796940212073777351362314385074785400758102594348355578275080626269137543136225022579321107199602856290254696227966436244618441350564667872879196269074433751811632437228139470723203848006803856868237706401868436321225656126491701750534688966280578771996021459620472731406728379628286405214996461164892486734170662556518782043881759918394674517409304629842710180023814702447187081112856416034885511215626693534876901484105593275741829434329109239483368867518384522955176807332437540578688867077569728548513876841471
  #alice
  c2 = 20494665879116666159961016125949070097530413770391893858215547229071116025581822729798313796823204861624912909030975450742122802775879194445232064367771036011021366123393917354134849911675307877324103834871288513274457941036453477034798647182106422619504345055259543675752998330786906376830335403339610903547255965127196315113331300512641046933227008101401416026809256813221480604662012101542846479052832128788279031727880750642499329041780372405567816904384164559191879422615238580181357183882111249939492668328771614509476229785062819586796660370798030562805224704497570446844131650030075004901216141893420140140568
  #dave
  e1 = 7669
  e2 = 6947
  s = egcd(e1, e2)
  s1 = s[1]
  s2 = s[2]
  if s1<0:
    s1 = - s1
    c1 = invert(c1, n)
  elif s2<0:
    s2 = - s2
    c2 = invert(c2, n)

  m = pow(c1,s1,n)*pow(c2,s2,n) % n
  print n2s(m)

if __name__ == '__main__':
  main()

Flag: FLAG{g00d_Luck_&_Hav3_Fun}

Web - ezdotso

<?php
$param = array();
parse_str($_SERVER['QUERY_STRING']);
if (isset($action)){
    switch($action){
        case "php_info":
        echo call_user_func_array("php_info",$param);
        break;
        case "cmd":
        if(isset($cmd)){
            if(is_string($cmd)){
                if (strlen($cmd)>9){
                    die();
                }
                $pat1 = "/[^0-9a-zA-Z /*]/";
                if (preg_match($pat1, $cmd)>0){
                    die();
                }
                $pat2 = "/^[a-zA-Z]+ [0-9a-zA-Z/*]+$/";
                if (preg_match($pat2, $cmd)==0){
                    die();
                }
                system("busybox " . $cmd);
            }
        } 
        break;
        default:
        echo call_user_func_array("hello",$param);
        break;
    }
}else{
    show_source(__FILE__);
}

直接走 cmd 的流程，要求 cmd 不超过 9 位，要求正则 /[^0-9a-zA-Z /*]/
的匹配结果为 0, 要求 /^[a-zA-Z]+ [0-9a-zA-Z/*]+$/ 的匹配结果不为 0

可以知道 cat /flag 刚好满足上述要求

直接使用 /?action=cmd&cmd=cat%20/flag 带入 URL 中得到 flag

Flag: flag{dc76b51c-01bb-46dc-a549-5d336a8c3430}

Reverse - Code Interpreter

指令解释类的逆向题目

流程：读入 code 文件到 ptr 堆块，读入 3 个数字到 bss 段，sub_400806 对 ptr 内的指令进行解释、执行处理，处理完返回，判断满足 4 个条件，输出 flag。

根据 sub_400806，对 code 文件进行人工解释，可以得到

输入: num1,num2,num3

090404 [4]^=[4]
090000 [0]^=[0]
080100 [1]=num1
080201 [2]=num2
080302 [3]=num3
060104 [1]>>=4
050115 [1]*=0x15
070001 [0]=[1]
040003 [0]-=[3]
016bcc7e1d num4=0x1d7ecc6b
080103 [1]=num4
040001 [0]-=[1]
02
0a0400 [4]|=[0]
090000 [0]^=[0]
080100 [1]=num1
080201 [2]=num2
080302 [3]=num3
060308 [3]>>=8
050303 [3]*=3
070003 [0]=[3]
030002 [0]+=[2]
017c797960 num4=0x6079797c
080103 [1]=num4
040001 [0]-=[1]
02
0a0400 [4]|=[0]
090000 [0]^=[0]
080100 [1]=num1
080201 [2]=num2
080302 [3]=num3
060108 [1]>>=8
070001 [0]=[1]
030002 [0]+=[2]
01bdbdbc5f num4=0x5fbcbdbd
080103 [1]=num4
040001 [0]-=[1]
02
0a0400 [4]|=[0]
00

结果需要满足：
[4]==0
num1&0xff==0x5e
num2&0xff0000==0x5e0000
num3&0xff==0x5e

根据结果需要满足的条件，写个脚本爆破一下

a=0
while True:
    if (a/3)%0x100000==0: print (a/3)/float(0x1000000)
    a+=3
    num2=0x6079797c-a
    b=(0x5fbcbdbd-num2)&0xffffffff
    if num2&0xff0000==0x5e0000 and (a/3)>>24==0 and b>>24==0:
        num1=(b<<8)+0x5e
        num3=((a/3)<<8)+0x5e
        if ((num1>>4)*0x15-num3)&0xffffffff==0x1d7ecc6b:
            print 'X-NUCA{%s%s%s}' % (hex(num1)[2:],hex(num2)[2:],hex(num3)[2:])
            break
    if (a/3)>0x1000000:
        print 'err'
        break

得到 Flag

Flag: X-NUCA{5e5f5e5e5f5e5e5f5e5e5f5e}

Reverse - Strange Interpreter

有点像 看雪国庆CTF墓碑之墙 那题，也是 llvm 混淆的，不过这题简单多了。

采用旧方法，用之前那个脚本，把流程图画出来

从后往前推，在 0x412385 的代码段，可以看到 dword_6130D0 和 byte_613050 进行比较

byte_613050 的值为：012345abcdefghijklmnopqrstuvwxyz

那么在 0x412385 的位置下断，输入假 flag: 012345abcdefghijklmnopqrstuvwxyz

可以看到，前半部分的真 flag 出来了，将它拼接到假 flag 里，继续输入 X-NUCA{5e775e5e7klmnopqrstuvwxyz

后半部分的也出来了，接着验证一下 flag

验证成功

Flag: X-NUCA{5e775e5e775e5e775e5e775e}

Source: impakho.com | Author:impakho

相关推荐: CVE-2017-2416 GIF表情引发的远程代码执行

ImageIO 适用于：iPhone 5 及更新机型、iPad 第 4 代及更新机型、iPod touch 第 6 代及更新机型 影响：处理恶意制作的图像可能会导致任意代码执行 说明：内存损坏问题已通过改进输入验证得到解决。 CVE-2017-2416：腾讯科…