You can find the SAINTCON 2014 Hackers Challenge Introduction here.
And this is all the files referenced below:
SAINTCON_2014_Hackers_Challenge_BL.zip
The challenges referenced below can be found here:
Contents
BL100 – VGC
Puzzle:
Find the words the make a common phrase. Use that as the key. NTIuNjMxNTIyLCAtMS4xMjQwMzQNCg== LTI4LjIxNjAyMCwgMTUyLjAzMTcwNg0K NDAuNzY0NTE0LCAtNzMuOTc1MjQ5
Hint:
#1 should be…. 52 Degrees 37’51.70″N 1 Degree 7’24.16″W
Solution:
Each line of text is separately Base64 Encoded: (the trailing = is a dead giveaway for base64)
GO LEARN more about BASE64. http://en.wikipedia.org/wiki/Base64
Use any Base64 decoder (openssl enc -base64 -d
and ctrl+d
) to decode each line:
$ openssl enc -base64 -d NTIuNjMxNTIyLCAtMS4xMjQwMzQNCg== 52.631522, -1.124034 $ openssl enc -base64 -d LTI4LjIxNjAyMCwgMTUyLjAzMTcwNg0K -28.216020, 152.031706 $ openssl enc -base64 -d NDAuNzY0NTE0LCAtNzMuOTc1MjQ5 40.764514, -73.975249
And it’s obvious that these are LAT and LONG coordinates.
Pull them up in google maps to see what’s there, I’m looking for words that make a common phrase.
The Last one I see “Green Cafe” and “Intuition”
The Second one I see “Mind Your Business”
The first one, original, or corrected in the hint, I don’t find anything meaningful.
So I start guessing.
Key:
Trust Your Intuition
BL200 – Something’s Fishy Here
Puzzle:
Something is fishy with this picture. Find what it is and submit the key. Good luck! Hint: First 6 chars + 1 looks a lot like I Files: Fishy-Original.jpg Fishy.jpg
Solution:
Use a dff tool to see what’s up.
http://www.cjmweb.net/vbindiff/
http://ridiculousfish.com/hexfiend/
You will find the 2nd file has extra bytes of data on the end of it.
These bytes start with: EB CD 1C
That looks familiar, may EBCDIC!
GO LEARN more about EBCDIC. http://en.wikipedia.org/wiki/EBCDIC
Now if you can copy and paste those bytes into any available EBCDIC converter (http://search.cpan.org/~cxl/Convert-EBCDIC-0.06/lib/Convert/EBCDIC.pm or http://mcraigweaver.com/ebcdic.htm or https://support.microsoft.com/kb/216399 ) , convert them by hand, or if you are using vbindiff just hit the ‘C’ key. and you get:
Key:
The key you are looking for is: onomatopoeia
BL300 – BitMapSqueeze
Puzzle:
Did you know some graphic formats are extremely flexible? Files: BitMappSqueeze.bmp
Solution:
That’s a strange graphic!
Pull it up in a hex editor, right away I notice ASCII strings I wouldn’t expect in a bitmap image.
Things like PK, __MACOSX, both of which instantly remind me of a ZIP file.
GO LEARN more about zip file formats:
http://www.pkware.com/documents/casestudies/APPNOTE.TXT
http://en.wikipedia.org/wiki/Zip_(file_format)
https://users.cs.jmu.edu/buchhofp/forensics/formats/pkzip.html
http://www.garykessler.net/library/file_sigs.html
So remove the bitmap image data at the front of the file, everything before 0x36 then rename to .zip and extract.
Open the file BitMapSqueeze and
Key:
OldSchoolImagesAreCool
BL400
Puzzle: This puzzle does not exist and was not part of the game.
BL500 – I@mTH3c0mput3r
Puzzle:
Good luck Files: BL500
Solution:
Let’s figure out what this file is, run it through strings, and these ones pop out at me:
ELF /lib/ld-linux.so.2 Welcome to SAINTCon 2014 ------------------------ Pausing for 30 seconds.. Enter the Password: Correct! Key Follows:
And a hex editor says the first few bytes are: 7F 45 4C 46 01
the 01 meaning 32bit.
We’ve got us a 32bit Linux Executable, so let’s spin us up a 32bit Linux VM.
Install GDB-PEDA. (this makes life much easier!) https://github.com/longld/peda
gdb ./BL500 start next ( repeat until you see in the "code" box that you are CALLing genKey ) next ( to CALL genKey)
At this point you will see a crazy long string PUSHed onto the stack. This is your key.