https://tcode2k16.github.io/blog/ Recent content on Alan's Blog Hugo -- gohugo.io en Sun, 22 Nov 2020 21:00:41 +0000 https://tcode2k16.github.io/blog/posts/2020-11-22-a-hands-on-introduction-to-coq/ Sun, 22 Nov 2020 21:00:41 +0000 https://tcode2k16.github.io/blog/posts/2020-11-22-a-hands-on-introduction-to-coq/ Introduction I have been doing quite a bit of functional programming in haskell for the past few months as a part of my university study. That’s why I am delighted to see a relevant challenge come up in this year’s DragonCTF. The challenge involves proving a few mathematical theorems using Coq, a functional programming language / interactive theorem prover. I have heard of Coq before but have never got the time to learn it. https://tcode2k16.github.io/blog/posts/2020-07-27-cybrics-writeup/ Mon, 27 Jul 2020 19:23:51 +0800 https://tcode2k16.github.io/blog/posts/2020-07-27-cybrics-writeup/ Problem (rebyC, Hard, 406 pts) Author: Egor Zaytsev (@groke) I created a simple service that encrypts flag (and your data) with RC4! I bet you can’t the extract flag from there :) crcrcr-cybrics2020.ctf.su/ Source code: crcrcr.tar.gz Hint at 20:00 — When I wanna know how Python objects are stored in memory, I can do: terminal1: python3 >>> s = b"qweqweqweqwe"; terminal2: gcore `pidof python3` And then look at resulting core file, get xref to qweqweqeqwe, and try to find out how Python objects are stored in memory. https://tcode2k16.github.io/blog/posts/2020-07-26-3kctf-writeup/ Sun, 26 Jul 2020 22:15:56 +0800 https://tcode2k16.github.io/blog/posts/2020-07-26-3kctf-writeup/ pyzzle1 Problem A puzzle be a game, problem, or toy dat tests a personz ingenuity or knowledge. In a puzzle, tha solver is sposed ta fuckin put pieces together up in a logical way, up in order ta arrive all up in tha erect or funk solution of tha puzzle. challenge 2nd flag : change it from 3K-text to 3k{text} Solution By taking a look at the file and searching up some of the key terms like SimpleStatementLine, we quickly realize that the given file is a LibCST concrete syntax tree. https://tcode2k16.github.io/blog/posts/2020-03-15-confidence-ctf/ Sun, 15 Mar 2020 21:33:41 +0800 https://tcode2k16.github.io/blog/posts/2020-03-15-confidence-ctf/ GPIO Tap Problem We managed to intercept some traffic on the GPIOs, can you find out what was transmitted? c247763a9af9c6cd281b54b61c07957b800cfa1a8b9102eee95b2887b3626f36_gpio_tap.tar 332K Solution From the given image, we can deduce two important information: A HD44780 LCD display and a raspberry pi are used. The pin semantics are as the following: GPIO 23 → D4 GPIO 17 → D5 GPIO 18 → D6 GPIO 22 → D7 GPIO 24 → ENABLE GPIO 25 → RS We can use this knowledge along with the source code from the LiquidCrystal library to parse the tap. https://tcode2k16.github.io/blog/posts/picoctf-2019-writeup/general-skills/ Sat, 12 Oct 2019 13:06:10 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2019-writeup/general-skills/ The Factory’s Secret Problem There appear to be some mysterious glyphs hidden inside this abandoned factory… I wonder what would happen if you collected them all? Solution This writeup is by my teammate Andrew Chang 2Warm Problem Can you convert the number 42 (base 10) to binary (base 2)? Solution $ python >>> bin(42) '0b101010' flag: picoCTF{101010} Lets Warm Up Problem If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII? https://tcode2k16.github.io/blog/posts/picoctf-2019-writeup/forensics/ Sat, 12 Oct 2019 00:00:05 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2019-writeup/forensics/ Glory of the Garden Problem This garden contains more than it seems. You can also find the file in /problems/glory-of-the-garden_5_eeb712a9a3bc1998ffcd626af9d63f98 on the shell server. file Solution There’s addition text in the file that can be extracted with strings. $ strings garden.jpg | grep pico Here is a flag "picoCTF{more_than_m33ts_the_3y3cD8bA96C}" flag: picoCTF{more_than_m33ts_the_3y3cD8bA96C} unzip Problem Can you unzip this file and get the flag? file Solution just unzip the file to get flag. https://tcode2k16.github.io/blog/posts/picoctf-2019-writeup/binary-exploitation/ Sat, 12 Oct 2019 00:00:01 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2019-writeup/binary-exploitation/ handy-shellcode Problem This program executes any shellcode that you give it. Can you spawn a shell and use that to read the flag.txt? You can find the program in /problems/handy-shellcode_4_037bd47611d842b565cfa1f378bfd8d9 on the shell server. Source. Binary Source Solution The solution is basically the same as the shellcode challenge from last year (click the link for my writeup on that). Here’s the exploit script that I used: from pwn import * import sys argv = sys. https://tcode2k16.github.io/blog/posts/2019-06-08-hsctf-writeup-rev/ Sat, 08 Jun 2019 11:00:08 +0800 https://tcode2k16.github.io/blog/posts/2019-06-08-hsctf-writeup-rev/ A Byte Problem Written by: ItzSomebody Just one byte makes all the difference. a-byte Solution Looking at the code, we see that the flag has a length of 35: if ( (unsigned int)strlen(argv[1]) != 35 ) goto LABEL_11; ... LABEL_11: puts("u do not know da wae"); result = 0xFFFFFFFFLL; If the length is correct, the user input will be xored with 1 and then compared with a string loaded on the stack. https://tcode2k16.github.io/blog/posts/2019-06-08-hsctf-writeup/ Sat, 08 Jun 2019 10:15:05 +0800 https://tcode2k16.github.io/blog/posts/2019-06-08-hsctf-writeup/ Intro to Netcat Problem Written by: Ptomerty Hey there! This challenge is a quick introduction to netcat and how to use it. Netcat is a program that will help you “talk” with many of our challenges, especially pwn and misc. To begin, Windows users should download this file: Mirror 1 (may have DLL errors) Alternative download that might work Nmap download; will get flagged by school filters Extract the file, then open a command prompt and navigate to the directory using cd . https://tcode2k16.github.io/blog/posts/2019-05-19-rctf-writeup/ Sun, 19 May 2019 21:29:39 +0800 https://tcode2k16.github.io/blog/posts/2019-05-19-rctf-writeup/ draw - misc Problem I’m god’s child. Flag format: RCTF_[A-Za-z] cs pu lt 90 fd 500 rt 90 pd fd 100 rt 90 repeat 18[fd 5 rt 10] lt 135 fd 50 lt 135 pu bk 100 pd setcolor pick [ red orange yellow green blue violet ] repeat 18[fd 5 rt 10] rt 90 fd 60 rt 90 bk 30 rt 90 fd 60 pu lt 90 fd 100 pd rt 90 fd 50 bk 50 setcolor pick [ red orange yellow green blue violet ] lt 90 fd 50 rt 90 fd 50 pu fd 50 pd fd 25 bk 50 fd 25 rt 90 fd 50 pu setcolor pick [ red orange yellow green blue violet ] fd 100 rt 90 fd 30 rt 45 pd fd 50 bk 50 rt 90 fd 50 bk 100 fd 50 rt 45 pu fd 50 lt 90 pd fd 50 bk 50 rt 90 setcolor pick [ red orange yellow green blue violet ] fd 50 pu lt 90 fd 100 pd fd 50 rt 90 fd 25 bk 25 lt 90 bk 25 rt 90 fd 25 setcolor pick [ red orange yellow green blue violet ] pu fd 25 lt 90 bk 30 pd rt 90 fd 25 pu fd 25 lt 90 pd fd 50 bk 25 rt 90 fd 25 lt 90 fd 25 bk 50 pu bk 100 lt 90 setcolor pick [ red orange yellow green blue violet ] fd 100 pd rt 90 arc 360 20 pu rt 90 fd 50 pd arc 360 15 pu fd 15 setcolor pick [ red orange yellow green blue violet ] lt 90 pd bk 50 lt 90 fd 25 pu home bk 100 lt 90 fd 100 pd arc 360 20 pu home https://tcode2k16.github.io/blog/posts/2019-04-15-wpictf-s3l3ct-writeup/ Mon, 15 Apr 2019 14:29:45 +0800 https://tcode2k16.github.io/blog/posts/2019-04-15-wpictf-s3l3ct-writeup/ Problem Points: 400 Solves: 3 Are you smarter than an AI? https://drive.google.com/open?id=1Inoxm1Wyiq6keSVwBt9zU5aRbRaScuTq made by calper-pq Solution Getting started For this challenge, you are given three npy files: X.npy, Y.npy, and key.npy. With some googling, I found that npy files can be loaded with numpy: import numpy as np data_x = np.load('./X.npy') data_y = np.load('./Y.npy') data_key = np.load('./key.npy') print data_x.shape print data_y.shape print data_key.shape ❯ python main.py (10000, 50, 50, 3) (10000,) (296, 50, 50, 3) Judging from the shape of the data, I made an educated guess that X. https://tcode2k16.github.io/blog/posts/2019-04-08-midnightsunctf-polyshell-writeup/ Mon, 08 Apr 2019 10:33:06 +0800 https://tcode2k16.github.io/blog/posts/2019-04-08-midnightsunctf-polyshell-writeup/ Problem Category: programming Points: 482 Solves: 22 You might be cool, but are you 5 popped shells cool? settings Service: nc polyshell-01.play.midnightsunctf.se 30000 Author: ZetaTwo Solution Getting started Let’s first connect to the service to see what the challenge is about: $ nc polyshell-01.play.midnightsunctf.se 30000 Welcome to the polyglot challenge! Your task is to create a shellcode that can run on the following architectures: x86 x86-64 ARM ARM64 MIPS-LE The shellcode must run within 1 second(s) and may run for at most 100000 cycles. https://tcode2k16.github.io/blog/posts/2019-03-11-utctf-writeup/ Mon, 11 Mar 2019 08:28:09 +0800 https://tcode2k16.github.io/blog/posts/2019-03-11-utctf-writeup/ [basics] re - 100pts Problem I know there’s a string in this binary somewhere…. Now where did I leave it? by balex calculator Solution ❯ strings calculator | grep flag utflag{str1ng5_15_4_h4ndy_t00l} flag: utflag{str1ng5_15_4_h4ndy_t00l} simple python script - 750pts Problem simple python script I wrote while not paying attention in graphics by asper wtf.py Solution inputs contains five sha1 hashes. You can get the hashes by adding a print statement in the source code. https://tcode2k16.github.io/blog/posts/2019-02-03-nullcon-hackim-writeup/ Sun, 03 Feb 2019 12:35:13 +0800 https://tcode2k16.github.io/blog/posts/2019-02-03-nullcon-hackim-writeup/ Captcha Forest Problem A baby captcha just for you. nc misc.ctf.nullcon.net 6001 Solution For this challenge, we need to solve 200 captchas that are using the Bill Cipher mappings. Here is an example captcha: The first step is to find out which symbol corresponds to which letter in the alphabet. I did a quick google search and found this: Now with a one-to-one mapping, we can move on to solve the captchas. https://tcode2k16.github.io/blog/posts/2019-01-27-codegate-qualifier-writeup/ Sun, 27 Jan 2019 10:32:13 +0900 https://tcode2k16.github.io/blog/posts/2019-01-27-codegate-qualifier-writeup/ MIC check Problem Let the hacking begins ~ Decode it : 9P&;gFD,5.BOPCdBl7Q+@V’1dDK?qL Solution The text is encoded with base85, and you can decode it using tools such as CyberChef. flag: Let the hacking begins ~ 20000 Problem nc 110.10.147.106 15959 Download Solution For this problem, you are given a single binary along with 20000 .so libraries. A quick look at the binary reveals that it is just a wrapper for calling the . https://tcode2k16.github.io/blog/posts/2018/35c3ctf-writeup/ Sun, 30 Dec 2018 11:17:12 +0800 https://tcode2k16.github.io/blog/posts/2018/35c3ctf-writeup/ box of blink Problem As every year, can you please decode this for me? Solution For this challenge, we are given a huge csv file that seems to consist of electronic signals collected by an oscilloscope: ❯ cat blink.csv | sed 30q #Model,MDO3014 #Firmware Version,1.26 # #Waveform Type,DIGITAL,,,,,,,,,,,,, #Point Format,Y,,,,,,,,,,,,, #Horizontal Units,s,,,,,,,,,,,,, #Horizontal Scale,0.004,,,,,,,,,,,,, #,,,,,,,,,,,,,, #Sample Interval,4e-09,,,,,,,,,,,,, #Record Length,1e+07,,,,,,,,,,,,, #Gating,0.0% to 100.0%,,,,,,,,,,,,, #,,,,,,,,,,,,,, #Vertical Units,V,V,V,V,V,V,V,V,V,V,V,V,V,V #Threshold Used,1.65,1.65,1.65,1.65,1.65,1.65,1.65,1.65,1.65,1.65,1.65,1.65,1.65,1.65 #,,,,,,,,,,,,,, #,,,,,,,,,,,,,, #,,,,,,,,,,,,,, #,,,,,,,,,,,,,, #,,,,,,,,,,,,,, #Label,OE,LAT,CLK,E,D,C,B,A,B2,B1,G2,G1,R2,R1 #TIME,D13,D12,D11,D10,D9,D8,D7,D6,D5,D4,D3,D2,D1,D0 -1. https://tcode2k16.github.io/blog/posts/2018/tuctf-writeup/ Mon, 26 Nov 2018 08:09:55 +0800 https://tcode2k16.github.io/blog/posts/2018/tuctf-writeup/ Shella Easy Problem Difficulty: easy-ish Want to be a drive-thru attendant? Well, no one does… But! the best employee receives their very own flag! whatdya say? nc 52.15.182.55 12345 shella-easy Solution Let’s take a look at the main function: int __cdecl main(int argc, const char **argv, const char **envp) { char s; // [esp+0h] [ebp-48h] int v5; // [esp+40h] [ebp-8h] setvbuf(stdout, 0, 2, 0x14u); setvbuf(stdin, 0, 2, 0x14u); v5 = -889275714; printf("Yeah I'll have a %p with a side of fries thanks\n", &s); gets(&s); if ( v5 ! https://tcode2k16.github.io/blog/posts/2018/dctf-final-writeup/ Fri, 09 Nov 2018 14:22:42 +0200 https://tcode2k16.github.io/blog/posts/2018/dctf-final-writeup/ subscribers Intro This is the first blockchain problem that I encountered in a CTF. Although I previously have some idea as to how blockchains work, I am still a complete beginner to ethereum contract programming. Just like how the Dog or Frog problem from PicoCTF 2018 is a great introduction for me to machine learning, I learned a lot about blockchains and ethereum contract programming during the 24hrs. The challenge Two pieces of information are given to the players. https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/web-exploitation/ Sun, 14 Oct 2018 15:38:43 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/web-exploitation/ Inspect Me Problem Inpect this code! http://2018shell2.picoctf.com:35349 Solution You can do view source code in your browser to get the flag. Here are the source code for index.html, mycss.css, and myjs.js: <!doctype html> <html> <head> <title>My First Website :)</title> <link href="https://fonts.googleapis.com/css?family=Open+Sans|Roboto" rel="stylesheet"> <link rel="stylesheet" type="text/css" href="mycss.css"> <script type="application/javascript" src="myjs.js"></script> </head> <body> <div class="container"> <header> <h1>My First Website</h1> </header> <button class="tablink" onclick="openTab('tabintro', this, '#222')" id="defaultOpen">Intro</button> <button class="tablink" onclick="openTab('tababout', this, '#222')">About</button> <div id="tabintro" class="tabcontent"> <h3>Intro</h3> <p>This is my first website! https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/cryptography/ Sun, 14 Oct 2018 11:38:43 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/cryptography/ Crypto Warmup 1 Problem Crpyto can often be done by hand, here’s a message you got from a friend, llkjmlmpadkkc with the key of thisisalilkey. Can you use this table to solve it?. Solution This is a classic Vigenère cipher. You can use this to decode the message. flag: picoCTF{SECRETMESSAGE} Crypto Warmup 2 Problem Cryptography doesn’t have to be complicated, have you ever heard of something called rot13? cvpbPGS{guvf_vf_pelcgb!} https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/forensics/ Sat, 13 Oct 2018 08:56:02 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/forensics/ Forensics Warmup 1 Problem Can you unzip this file for me and retreive the flag? Solution Just unzip the file. flag: picoCTF{welcome_to_forensics} Forensics Warmup 2 Problem Hmm for some reason I can’t open this PNG? Any ideas? Solution Using the file command, you can see that the image is, in fact, in jpeg format not png: ❯ file flag.png flag.png: JPEG image data, JFIF standard 1.01 Open the image as a jpeg file to get the file. https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/binary-exploitation/ Sat, 13 Oct 2018 08:56:01 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/binary-exploitation/ buffer overflow 0 Problem Let’s start off simple, can you overflow the right buffer in this program to get the flag? You can also find it in /problems/buffer-overflow-0_1_316c391426b9319fbdfb523ee15b37db on the shell server. Source. Solution Let’s first take a look at the source code provided: #include <stdio.h> #include <stdlib.h> #include <string.h> #include <signal.h> #define FLAGSIZE_MAX 64 char flag[FLAGSIZE_MAX]; void sigsegv_handler(int sig) { fprintf(stderr, "%s\n", flag); fflush(stderr); exit(1); } void vuln(char *input){ char buf[16]; strcpy(buf, input); } int main(int argc, char **argv){ FILE *f = fopen("flag. https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/general-skills/ Sat, 13 Oct 2018 08:56:01 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/general-skills/ General Warmup 1 Problem If I told you your grade was 0x41 in hexadecimal, what would it be in ASCII? Solution This is a basic introduction to ASCII codes. If you have not memorized that 0x41 is A in ASCII (which you should), you can use python to find it: >>> chr(0x41) 'A' flag: picoCTF{A} General Warmup 2 Problem Can you convert the number 27 (base 10) to binary (base 2)? https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/reversing/ Sat, 13 Oct 2018 08:56:01 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/reversing/ Reversing Warmup 1 Problem Throughout your journey you will have to run many programs. Can you navigate to /problems/reversing-warmup-1_0_f99f89de33522c93964bdec49fb2b838 on the shell server and run this program to retreive the flag? Solution The problem run is known as a ELF binary. It is the most common program format on Linux. Here are the steps to run the program: alanc@pico-2018-shell-2:~$ cd /problems/reversing-warmup-1_0_f99f89de33522c93964bdec49fb2b838 alanc@pico-2018-shell-2:/problems/reversing-warmup-1_0_f99f89de33522c93964bdec49fb2b838$ ls run alanc@pico-2018-shell-2:/problems/reversing-warmup-1_0_f99f89de33522c93964bdec49fb2b838$ ./run picoCTF{welc0m3_t0_r3VeRs1nG} flag: picoCTF{welc0m3_t0_r3VeRs1nG} https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/main/ Sat, 13 Oct 2018 08:56:01 +0800 https://tcode2k16.github.io/blog/posts/picoctf-2018-writeup/main/ Writeups Here are the writeups from my team, SAS Hackers: General Skills Challenges Reversing Challenges Binary Exploitation Challenges Forensics Challenges Cryptography Challenges Web Exploitation Challenges Ranking Our team ended at No. 46 on the scoreboard. Here is an image of the scoreboard at the end of the competition: https://tcode2k16.github.io/blog/posts/dctf-2018-writeup/ Mon, 24 Sep 2018 15:18:47 +0800 https://tcode2k16.github.io/blog/posts/dctf-2018-writeup/ Ransomware (Reverse - 50 pcts.) Problem Someone encrypted my homework with this rude script. HELP! Author: Lucian Nitescu Solution There are two files for this challenge: ransomware.pyc and youfool!.exe. By doing file on both files, we get this: ❯ file ransomware.pyc ransomware.pyc: DBase 3 data file (1536068111 records) ~/Documents/ctf/2018/dctf/Ransomware ❯ file youfool\!.exe youfool!.exe: data So youfool!.exe is apparently encrypted and ransomware.pyc is the only one executable. By using uncompyle6, we can then decompile the pyc file and get the source code: https://tcode2k16.github.io/blog/posts/tjctf-2018-writeup/ Sat, 11 Aug 2018 11:52:46 +0800 https://tcode2k16.github.io/blog/posts/tjctf-2018-writeup/ Secure Secrets - Binary Exploitation Problem Written by evanyeyeye I am responsible for architecting the most recent paradigm in our modern technological revolution: Secure Secrets. Why don’t you try it out? Solution By playing around with the binary, we soon discover a format string vulnerability: Introducing Secure Secrets TM -- a revolutionary service for storing your most sensitive messages. NEW FEATURE COMING SOON: Safely store your darkest secrets as well! https://tcode2k16.github.io/blog/posts/generals-io-bot/ Mon, 23 Jul 2018 16:55:46 +0800 https://tcode2k16.github.io/blog/posts/generals-io-bot/ Credit: dev.generals.io What is Generals.io? Generals.io is a turn-based strategy game that can be played in the browser. Each player starts out with one grid on a large map that is called the general. The goal of the game is to expand and eliminate other players’ generals. Once a player’s general gets taken, the player loses the game, and in the end, the last player standing wins the game. https://tcode2k16.github.io/blog/posts/crossctf-final-2018-writeup/ Mon, 18 Jun 2018 13:47:38 +0800 https://tcode2k16.github.io/blog/posts/crossctf-final-2018-writeup/ Perfect Problem ‘Cause we lost it all Nothin’ lasts forever Creator - amon (@nn_amon) Update: this definitely works with python 2.7.15 perfect Solution I went through the assembly code line by line converting it into something more readable: local_420h = 2^213 get local_410h local_440h = int(local_410h, 10) - 1 local_430h = int(local_410h, 10) do { if (local_430h%local_440h == 0) { local_460h += local_440h } local_440h -= 1 } while (local_440h >= 0) if (local_460h == local_430h && local_430h > local_420h) { // local_460h // WIN } In summary, the program need a perfect number with a bit length larger than 213. https://tcode2k16.github.io/blog/posts/microcorruption-writeup/ Tue, 12 Jun 2018 22:32:57 +0800 https://tcode2k16.github.io/blog/posts/microcorruption-writeup/ New Orleans - 10pts Here is the code for checking the password: 44bc: 0e43 clr r14 44be: 0d4f mov r15, r13 44c0: 0d5e add r14, r13 44c2: ee9d 0024 cmp.b @r13, 0x2400(r14) 44c6: 0520 jne #0x44d2 <check_password+0x16> 44c8: 1e53 inc r14 44ca: 3e92 cmp #0x8, r14 44cc: f823 jne #0x44be <check_password+0x2> 44ce: 1f43 mov #0x1, r15 44d0: 3041 ret 44d2: 0f43 clr r15 44d4: 3041 ret It basically takes each byte and perform cmp. https://tcode2k16.github.io/blog/posts/link-dump-2018-june/ Fri, 01 Jun 2018 09:53:55 +0800 https://tcode2k16.github.io/blog/posts/link-dump-2018-june/ Tech lunr.js - an full-text search library for javascript Flutter Studio - a simple web interface for building flutter UIs Cool Backgrounds - a quick tool for generating cool backgrounds How to implement your own “Hello, World!” boot loader - intro to 80886 assembly and qemu VGABIOS.TXT - set bios video mode DIY Making of Mech Kitbash Making of Mech Kitbash #2 Cyber Security Hacking Livestream #53: The ZIP file format - Zip file hacking corkami/pics - file format specs and posters Tools yafu - Automated integer factorization, great for cracking phi(n) in rsa NetworkMiner - only for windows, good for network forensics in ctf z3 - a theorem prover from Microsoft Research, great for RE angr - A powerful and user-friendly binary analysis platform, great for RE https://tcode2k16.github.io/blog/posts/dc-generator-simulation/ Wed, 30 May 2018 11:15:48 +0800 https://tcode2k16.github.io/blog/posts/dc-generator-simulation/ final simulation Here is the link to the simulation (use control key + mouse to move around). https://tcode2k16.github.io/blog/posts/barcode-scanner/ Wed, 30 May 2018 08:03:41 +0800 https://tcode2k16.github.io/blog/posts/barcode-scanner/ Development environment with vscode and iTerm Problem There is a used-book sale program at our school, and currently, it is difficult to find books people want as books are not indexed and sorted properly. The maintainers all mentioned the experience of being asked wherever a specific book is within the large collection of books. Solution I attempt to make an efficient system for indexing all the books and encourage more people to buy books they want from the book sale. https://tcode2k16.github.io/blog/posts/spacelab-launch/ Tue, 22 May 2018 10:17:10 +0800 https://tcode2k16.github.io/blog/posts/spacelab-launch/ Photo Credit: NASA/Aubrey Gemignani The project SpaceLab is a school program at the Singapore American School. The program allows students to create a space experiment that will be sent to the international space station for one month. This is the second year of the program. A team of eleven students including me created a experiment that seeks to test the effect of micro-gravity on electro-plating copper. https://tcode2k16.github.io/blog/posts/crossctf-2018-writeup/ Sat, 19 May 2018 13:05:55 +0800 https://tcode2k16.github.io/blog/posts/crossctf-2018-writeup/ QuirkyScript 1 Problem var flag = require("./flag.js"); var express = require('express') var app = express() app.get('/flag', function (req, res) { if (req.query.first) { if (req.query.first.length == 8 && req.query.first == ",,,,,,," ) { res.send(flag.flag); return; } } res.send("Try to solve this."); }); app.listen(31337) Solution According to the express.js docs, req.query.* can be an array. Also, the code used == instead of ===; therefore, values of different types can be equal to each other and types are converted according to this: https://tcode2k16.github.io/blog/posts/vagrant-vm/ Fri, 18 May 2018 11:28:59 +0800 https://tcode2k16.github.io/blog/posts/vagrant-vm/ Introduction I am running a cyber security club at my school. One of the club activities is to learn binary exploitation, most of my fellow club members don’t have linux installed on their computers and have little experience installing all the needed tools. To make binary exploitation more accessible, I created this vagrant file that will setup all the necessary tools within a ubuntu virtual machine. Method I picked vagrant over docker because of the follow reasons: https://tcode2k16.github.io/blog/posts/school-calendar/ Thu, 17 May 2018 08:45:01 +0800 https://tcode2k16.github.io/blog/posts/school-calendar/ Introduction I have finally got the chance to experiment with google apps script, and decided to use it to make my school life easier. I used google apps script along with the calendar api to create a web app that can auto generate my class schedule based on another calendar provided by my school. Method The script first pulls all the events from an existing calendar given a certain range for the date, and then it generates a new calendar. https://tcode2k16.github.io/blog/posts/sha1-collision/ Wed, 16 May 2018 11:32:16 +0800 https://tcode2k16.github.io/blog/posts/sha1-collision/ Introduction When I was doing the DEF CON CTF Qualifier last weekend, I came across an interesting question where you need to create two pdf files with the same SHA1 hash. Research I know SHA1 hash was already broken when google blogged about creating the first SHA1 collision, but I was not sure that I can reproduce the process with limited hardware. Result In the end, I came across this website that is able to generate two PDF files with the same SHA1 hash using two JPG images based on this paper.