Information#
Version#
By | Version | Comment |
---|---|---|
noraj | 1.0 | Creation |
CTF#
- Name : HITB CTF Singapore 2017
- Website : hitb.xctf.org.cn
- Type : Online
- Format : Jeopardy
- CTF Time : link
Cephalopod - Misc#
We've found some strange networktraffic, we suspect it contains a flag.
binwalk
always help:
1 | $ binwalk 2a9c1cdd-2ac0-4b2a-828d-269c6e04ebbb.pcap |
So there is probably an image with the flag.
Let's open wireshark:
1 | $ wireshark-gtk 2a9c1cdd-2ac0-4b2a-828d-269c6e04ebbb.pcap |
Let's check Wikipedia, PNG file signature begins with 89 50 4E 47 0D 0A
.
Press CTRL + F
, select Hex value as Display filter.
That lead us to frame n°126. (Note: if you search PNG
as string you'll find a request for flag.png
so we are on the good way)
Right click on the frame, click on Follow TCP Stream, select Raw representation, donc select Entire conversation but 10.0.2.7:39618 -> 10.0.2.10:6800 (2412380 bytes) and then save it as a file.
We can see there is some ceph stuff before the PNG file signature so extract the PNG:
1 | $ foremost ceph_and_png |
Now we can see the flag:
1 | $ display output/png/flag.png |
Flag is HITB{95700d8aefdc1648b90a92f3a8460a2c}
.
Note: imgur converted the picture into jpeg.
Prime - Mobile#
Do you know prime?
Unpack the application.apk file with assets, resources, compiled code, etc...
1 | $ apktool d -r -s ab436242-a5c7-4dd8-b88d-1982be05b3bd.apk |
Convert Dex to java class:
1 | $ d2j-dex2jar ab436242-a5c7-4dd8-b88d-1982be05b3bd/classes.dex |
Now take a look at the source:
1 | $ jd-gui classes-dex2jar.jar |
Or we can also use jadx-gui
that give us:
1 | package com.iromise.prime; |
This is calculating the number of prime numbers up to 10000000000000000 (10 quadrillion = 10 million billion = 1 × 10^16). So this will take a while before displaying the toast.
I prefer to use a search engine: Prime number theorem and OEIS.
So the flag appears to be HITB{279238341033925}
but it wasn't valid.
Update: Shinji Hirako point me the following:
The java code also counts all squares of primes less than or equal to
10000000000000000
. To calculate the number of squares of primes less than10000000000000000
, we take the square root of10000000000000000
which is10**8
and count how many prime numbers until10**8
. From the diagram you posted, this is5761455
. So answer is279238341033925 + 5761455
and flag isHITB{279238346795380}
Edit: The reason squares of primes are included is because when it is a square of a prime, the code never enters the for loop. For example, when
4
is passed as the parameter toisOk()
, the condition for the for loop isl =2, l*l < n
. Butl*l = 4
and4
is not less than 4, hence we never enter the for loop. Same logic for all other squares of primes, but not squares in general.