메뉴 닫기

Power Of XX Finals Write-up

The POC conference was held at The-K Hotel for two days from November 8 to November 9.

As a Event of POC, There was a final competition of women's hacking contest -Power Of XX(POX)-

In the competion, I had prepared two problems, 'Easiest CrackMe' and 'I Love ALALAL', and I'm going to write a write-up.
 
Easiest CrackMe (1 Solve)

 This is easy crackme that made with VB6's P-Code.

 

 the progeam compare user's input with plain like the picture above.

 If you got a compared value in each branch, you probably got string 'POX{W3tAsh1TAchI_wA_MiRai_n0_hAn3}'

 But, that's not answer. , Because of Form_Activate Event

 

 In Form_Activate Event, the program calls CallWindowProc API.

 CallWindowProc API is usually used in subclassing, but It can be used as a trick to use assembly in vb6.

 

 at the 0x402400, you can see x86 assembly code!!

 Because the function consists of only MOV / RET, Once run Program, the MOV code will be reflected in the program.

 So, Run and dump program, and decompile, we can get real flag.

 

 the flag is… 'POX{UndEf34TE33d_BE_4h4mh_u7_3Eun}'

I Love ALALAL (0 Solve)

this problem is alz plaintext attack problem.

 If you google 'chrysanthemum desert hydrangeas jellyfish koala lighthouse penguins tulips', you can find that its are sample pictures of windows 7.

 (The modified date and CRC value can be used as a secondary clue to judge it.)

ALZ uses cipher algorithm ZipCrypto. So by using pkcrack(or bkcrack(https://github.com/kimci86/bkcrack); bkcrack is more faster than pkcrack.), we can plaintext attack.

though alz format is undocumented, it is similar to other compression formats format(; see unalz's src (https://kippler.com/win/unalz/). so, it is possible to crack, if you understand the alz foarmt.

 

 

 

flag is…. 'POX{ALZ_PLAINTEXT_ATTACK_IS_FUN@#!@#@!#@@@@@@@@@}'

댓글 남기기

이메일은 공개되지 않습니다.