Buckeye CTF 2021 Rev/Misc Writeup

I have participated Buckeye CTF 2021, and solved most of Misc challenges *1 & 3 Rev challenges. They were really fun, and I am excited to study about hard Rev challenges that I could not solve after the competition. Thanks to all of the organizers & sponsors for this CTF!!!

Rev

BASIC

Program file for TI83F is distributed. It can be decoded into human readable code using certain tool like 8xpdump, and flag can be obtained from it.

hackmd.io

Buttons

By decompiling the given jar file into java code, we can figure out that its something like maze game. Grid (with information that where player should not step in) is hardcoded, so player can reach out flag using it.

hackmd.io

The Legend of the Headless Horseman

By looking into given executable, I knew that head-part of ELF file (for multiple architecture) is hardcoded, so I have extracted from it. Challenge description, text inside executable gave me an idea that distributed files under body_bag directory can be combined with these headers. I used QEMU for each architecture to discover which combination of ELF header and body part is working. As a result of analyzing the working ELF file obtained, I got a flag for this challenge.

hackmd.io

Misc

sanity_check

C&P flag from Discord.

replay

Send same input as pcap file is showing.

hackmd.io

layers

Save docker image as a file, and extract image file with the flag from it. At first, I though that this is sort of forensics challenge XD

hackmd.io

USB Exfiltration

Pcap file with USB packets is distributed. There is nothing complicated here, just extract & combine & decompress. Btw, I was the 3rd person who have solved this challenge!!!

hackmd.io

Don't Talk to Blue Birds

Path to flag can be found on following post at Twitter. Searching phrase Witch Security will reach out this account.

Open Source In(sta)telligence

Path to flag can be found on following post at Instagram. Searching phrase Witch Security will reach out this account.

www.instagram.com

*1:I was slept when "Survey" challenge has been opened. :sob: