[No cON Name Facebook CTF Quals 2013] Writeups

ACCESS LEVEL 1

Open crypto.js file, copy the parameter of eval() function and execute it in firebug, we will get:

So, to get the goodboy, we must find a number res such that:

((((res * (3 + 1 + 3 + 3 + 7)) >>> 6) / 4) ^ 4153) == 0

We will run the following command in firebug to get res:

((4153 * 4) << 6) / (3 + 1 + 3 + 3 + 7);

It returns res = 62539.294117647056, and 62540 is the value we are looking for. Because the function numberical_value() is very simple, and we can modify every unit of the return value, so we can easily get the valid input to make numberical_value() returns 62540. For example:

AAAAAAAAABAAAAAAAAAuAAAAAAAAAAAAAAAAAAAAAAA

Flag:

Congrats! you passed the level! Here is the key:
23f8d1cea8d60c5816700892284809a94bd00fe7347645b96a99559749c7b7b8

ACCESS LEVEL 2

After installing and running the .apk file in BlueStacks, we noticed that every time we click on the button, a random image is displayed on the screen.

We can easily see that they are part of a complete QRCode image, so we try to see all of it by extracting the .apk with WinRAR and go to “resraw” folder.

This folder contains 17 images, and one of them is just a troll picture, so we have 16 image, with the same size: 97×97 pixels. 16 = 4*4, so the size of complete QRCode sshould be 388×388 (388 = 97*4). Using Photoshop, set grid size to 97×97, we can easily arrange all 16 images and get the complete QRCode:

Scan it will give us flag:

788f5ff85d370646d4caa9af0a103b338dbe4c4bb9ccbd816b585c69de96d9da

ACCESS LEVEL 3

This challenge requires us to enter each character of the password, if entered correctly, a sign ‘*‘ is displayed, otherwise the program will exit immediately.

Open it in IDA, follow the string “Type to win, only what I want to read…” and we will be here:

Very simple! It reads a char from the user, compare it with another hardcoded char, if they differ, then we get badboy. var_8 is a counting variable, which will be increased here:

Seeing the line at 0x40114E, we know that the length of password is 9, and we can easily get it by reading the value of facebookctf_rocks:

So it must be “x20x53x55x52x50x52x49x53x45x21”, or “ SURPRISE!” in plain text.

Just enter this password and we’ll get flag:

-> Congratulations! The key is:
| 9e0d399e83e7c50c615361506a294eca22dc49bfddd90eb7a831e90e9e1bf2fb

Leave a Reply

Your email address will not be published. Required fields are marked *