2010-05-25 00:13:06

By Tim Brown

Finally, the 3rd challenge that I solved was to correctly order a series of well known faces from coding, hacking and cryptography. The faces were presented via a Java client which downloads pairs of images in turn and presents them to the user. The user then selects one as more important than the other and the client submits this back to the server. If the selection was correct then a new pair is returned whilst if incorrect the server returns a flag which indicates this and the client terminates.

So how did I solve it? Well first I got it completely wrong, assuming that there was some visual clue which could act as a tell in selecting the image. As a team we must have tried 2-3 different systems before realising that we were barking up the wrong tree. We then tried searching for a league table that would give us an order for each of the images we were seeing but this too failed. Whilst this was happening I had also began to work on the client itself. I had decompiled the provided Java classes with jad and began to modify its behaviour. First I noticed that the client appeared to get a reference number for each image and had began to print them out. I figured that maybe the numbers themselves could be used to identify the varying precedence of each image but this did not appear to be the case. Finally, I decided to do what I should have done to start with and began inserting each new image into an ArrayList. For example, below you can see the code to read the left most image and then insert it into the array if it has not been seen before:

dis.readFully(abyte0);update(abyte0);
try {
	if (a.contains(new String(abyte0))) {
		l = a.indexOf(new String(abyte0));
		System.out.println("Left is at: " + l);
	} else {
		l = -1;
		System.out.println("Adding left");
		a.add(0, new String(abyte0));
	}
}

As you can see if ArrayList a contains the image, its current index position is printed out. I wrote a similar code chunk to do the same for the right most image. Next I changed the client so that it would no longer terminate on an incorrect selection but would instead reindex the two images appropriately. I started off quite naively, moving the selected image to the bottom of the array before *facepalm* realising that I could simply reinsert it directly after the opposing image. The code to do this can be seen below:

case -2:
case -1:
	try {
		if (m == 1) {
			String ri = (String) a.get(r);
			String li = (String) a.get(l);
			System.out.println("r before the remove of l was " + r);
			a.remove(l);
			r = a.indexOf(ri);
			System.out.println("Moving l from " + l + " to " + (r + 1));
			a.add(r + 1, li);
		} else {
			if (m == 2) {
				String ri = (String) a.get(r);
				String li = (String) a.get(l);
				System.out.println("l before the remove of r was " + l);
				a.remove(r);
				l = a.indexOf(li);
				System.out.println("Moving r from " + r + " to " + (l + 1));
				a.add(l + 1, ri);
			}
		}
	}

Finally I added a little debug code to give me my full run of selections. I did this as when the client detected from the server that enough correct selections had been made, it then asked you for the full order before revealing the key for the challenge.

And there we go, 3 CTF solutions for your enjoyment. Hopefully, some of the other guys from my team will put up some of their solutions sooner rather than later as I'm sure others will too. I may try to write some notes on some of the challenges I failed to complete and my mistakes but I'm sure that others will write about those far better than I. Just for the record we came in the top 20% of those who solved one or more challenges and learnt loads along the the way. Having run a CTF in the past, they're tough to do right; thanks to DDTek for a great qualification tournament, we may not have qualified for Defcon but myself and my friends had a blast.

PS: Look out for my CTF images which I hope to be making public soon.

Mood: Tired

Music: Captain Ahab - After The Rain My Heart Still Dreams (t500 remix)

You are unknown, comment