Angry Guessing Game 200 [Volga CTF 2017]

Hi,

Today i'm sharing  my first write up which concerns Angry Guessing Game challenge of VolgaCTF 2017.

It's a reverse challenge, so if you don't like reverse, you can freely avoid the entire post, and continue browsing BBC category on xvideos.

Binary can be found at:  https://quals.2017.volgactf.ru/files/8ib4y67tbgohyapx8nvh06rwyit5imiu/guessing_game

So at first let's make a _file _to be aware of what we are going to reverse:

Okay, it's a stripped linux 64 bits binary, I don't really like Linux, 64 bits, and stripped binaries. Nevermind.

We run the binary to see what its actually about.

Well, it is a pretty simple program. Two rounds, of guessing a number. If you succeed, you get to the third round,and the binary will ask you a license key, that we obviously don't have but no problem, we are reverser.

Let's open IDA pro that we bought legally at 1K$.

And here, we are going to search for strings via "search text" option. We go to the string's xref And after few more investigations, we find out two blocks that corresponds to the good and bad license key. So we know where to search for the key generator. Few minutes later, we got this. Yay, we are near from the source, be ready for the battle, it will be hard. Be prepared to hold the gate my friends. It will be harr... WAIT WHAT...

Using OTP to crypt data in C

Dear no-existant public,

Let me introduce to you, the Vernam algorithm or most commonly named One Time Pad (OTP) encryption (note: I will use the term OTP, I waste less precious bytes using it).

OTP is an particular encryption method, it differs from the others cryptographics algorithm, such as public-key cryptography and symmetric-key cryptography. OTP is considered as an uncrackable cryptographic method, but like his name is referring, it uses the fact that the key cannot be used twice or more, otherwise the “uncrackable” OTP’s security is compromised.

OTP ‘secret’ hides in the evidence that the additions who forms a sum can’t be foundable.

? + ? = 100

it could be a numerous of combinations, like: 55+45, 65+35, 10+80 etc...

The first ? represent the cipher, the second ? the key/mask and the number 100 representing the crypted message.

I will provide an example to demonstrate how it really works, but before going ahead, you must know that PC deals only with numbers, in memory all is about hex/binary/dec numbers.

And each numbers can represent so many things, you are the only one to know what it really means (this sentence could be a little bit mysterious, but no need to be more precise, I will later in a future post explain that.)

Here is our example, let's take the word "NOOB" in ASCII (ASCII length: 0x00->0xFF)

N O O B 0x4E 0x4F 0x4F 0x42 <-- here is our cipher in hexadecimal + 0x46 0x55 0x43 0x4B <-- here is our key/mask randomly generated :)) F U C K = 0x94 0xA4 0x92 0x8D <-- here is our crypted message ” ¤ ’ ì

Note that if you use 16bits or more, you will get, it depends of your case, some weird foreign characters or some unprintable characters.

Voila, we just used OTP as an encryption method :-) .

To be 100% effective, OTP must respect three fundamentals rules:

- True randomness.

- Key must be used one time.

- Exchange security during the tranfer of your key.

Be respecting theses three rules, you can be sure that your OTP encryption cannot be cracked. But nowadays it’s quite difficult to realize a perfect OTP quickly.

To settle this post on OTP, let’s make an implementation in C, that could perform OTP on files !

#include <stdio.h> #include <stdlib.h> #include <string.h> #include <time.h> int generate_decryption(unsigned char*buffer_xored, unsigned char*buffer_mask, unsigned char*buffer, int len_c) { fprintf(stdout,"**Decrypting**\r\n"); int i; for(i=0; i<len_c; ++i) { buffer[i]=buffer_mask[i]-buffer_xored[i]; } buffer[len_c]='\0'; return 0; fprintf(stdout,"**Decryption finished**\r\n"); } int generate_encryption(char *cipher, unsigned char *mask, unsigned char *xored, int len_c) { fprintf(stdout,"**Encrypting**\r\n"); int i; for(i=0; i<len_c; ++i) { xored[i]=mask[i]+cipher[i]; } xored[len_c]='\0'; fprintf(stdout,"**Encryption finished**\r\n"); return 0; } int generate_mask(int len_c,unsigned char *mask) { fprintf(stdout,"**Generating mask**\r\n"); srand (time(NULL)); int i; for(i=0; i<len_c; ++i) mask[i]=rand()% 255 + 1; mask[len_c]='\0'; fprintf(stdout,"**Mask generated**\r\n"); return 0; } int xorr(char *path_file_to_xor) { FILE *FileToBeRead; FILE *FileCreated; FILE *FileToBeCreated; long filelen=0; char * tobexored=0; unsigned char *mask; unsigned char *xord; FileToBeRead = fopen(path_file_to_xor,"rb"); if(FileToBeRead) { fseek (FileToBeRead, 0, SEEK_END); filelen = ftell (FileToBeRead); fseek (FileToBeRead, 0, SEEK_SET); tobexored = malloc (filelen); if (tobexored) { fread (tobexored, 1, filelen, FileToBeRead); } fclose (FileToBeRead); } mask=(unsigned char*)malloc(sizeof(char)*filelen+1); xord=(unsigned char*)malloc(sizeof(char)*filelen+1); generate_mask(filelen,mask); generate_encryption(tobexored,mask,xord,filelen); FileCreated=fopen("this_is_the.mask","wb"); if(FileCreated) { fwrite(mask, sizeof(char),filelen,FileCreated); fprintf(stdout,"**Mask file created**\r\n"); fclose(FileCreated); } else fprintf(stderr,"failed to create mask\r\n"); FileToBeCreated=fopen("xored","wb"); if(FileToBeCreated) { fwrite(xord, sizeof(char), filelen, FileToBeCreated); fprintf(stdout,"**Xored file created**\r\n"); fclose(FileToBeCreated); } else fprintf(stderr,"failed to create xored file\r\n"); free(tobexored); free(xord); free(mask); fprintf(stdout,"SUCESSFULLY OPERATED XOR OPERATION \r\n"); return 0; } int unxorr(char *xored_path, char *path_mask) { FILE *XoredFileToRead; FILE *MaskFileToRead; FILE *THEEND; long filelen=0; unsigned char * buffer_xored=0; unsigned char * buffer_mask=0; XoredFileToRead = fopen(xored_path,"rb"); if(XoredFileToRead) { fseek (XoredFileToRead, 0, SEEK_END); filelen = ftell (XoredFileToRead); fseek (XoredFileToRead, 0, SEEK_SET); buffer_xored = malloc (filelen); if (buffer_xored) { fread (buffer_xored, 1, filelen, XoredFileToRead); } fclose (XoredFileToRead); } else fprintf(stderr,"failed to read xored file"); MaskFileToRead = fopen(path_mask,"rb"); if(MaskFileToRead) { fseek (MaskFileToRead, 0, SEEK_END); filelen = ftell (MaskFileToRead); fseek (MaskFileToRead, 0, SEEK_SET); buffer_mask = malloc (filelen); if (buffer_mask) { fread (buffer_mask, 1, filelen, MaskFileToRead); } fclose (MaskFileToRead); } else fprintf(stderr,"failed to read mask file"); unsigned char *buffer=(unsigned char*)malloc(sizeof(char)*filelen+1); generate_decryption(buffer_xored, buffer_mask,buffer,filelen); THEEND = fopen("orignal","wb"); if(THEEND) { fwrite(buffer, sizeof(char),filelen,THEEND); fprintf(stdout,"**File has been successfully decrypted*\r\n"); fclose(THEEND); } else fprintf(stderr,"failed to create file\r\n"); free(buffer_mask); free(buffer_xored); free(buffer); return 0; } int main(int argc, char **argv) { if(argc > 2) { if(strcmp(argv[1],"-xor") == 0) { xorr(argv[2]); } else if(strcmp(argv[1],"-unxor") == 0) { unxorr(argv[2],argv[3]); } else { fprintf(stderr,"\r\n Usage : \r\n-xor <FILE TO BE XORED PATH> *an .mask will be created in the same directory as your originally file*\r\n-unxor <XORED FILE PATH> <.MASK PATH>\r\n"); return 0XD3ADB33F; } } else { fprintf(stderr,"\r\n Usage : \r\n-xor <FILE TO BE XORED PATH> *an .mask will be created in the same directory as your originally file*\r\n-unxor <XORED FILE PATH> <.MASK PATH>\r\n"); return 0XD3ADB33F; } return 0; }