CTF Writeups by @fazledyn

CyberTalents: Malware Category

CyberTalents: Malware Category

Ataf Fazledin Ahamed's photo
Ataf Fazledin Ahamed
·

2 min read

Table of contents

Get Rid Of Them All

We are given a JAR file. Let's decompile it and look into it. We can see that there are two java classes given. And in one of them, there lies a peculiar looking string as below:

&^&@|* Zm}&,);\\('))[\\[$`|_^#(x*]>&hZ)'$ $#(: [$3;&$t \\_']?&>,&i)!QG{`- ,% ~<`._@'::_\\_{}-|_[&{<`~$) ?'?(!$,.{>? @!^:#|R,?')`[,`;?!f_:$$<)Y}$:[|^?2)_h&><.:.-{&[|&A\\*;*)-($.>>(<^';#Q@?,,H\\`|)$ <):@(;}?-[~(&)>>*)(~)`$:[;>!.&%<!.>~ %J}*zX:(&:~:<0)*>(B(!?.#@A*<*{-,[Q@{%!~)~-~:@:#|![>)]?];H;$-<}>!@~)<<) \\_!|]#,&!,@>\\[]|J ]\\^[?>$|$?'|,#.)$l[^@X.~! \\;0-&,;,!['@[J*~#`AQ[*&%<,~]?~_^~(;}\\$>)[&@) (]}];;*^<)''@\\E[.@! B*.<-A-,:-#`-.}<-|)^Z@](?;H >-}.%.?}@<!())0] <&=@(<*$\\((

In ooo.java file, we can see that there is a method that invokes the base64 decode method. Let's head over to CyberChef and try decoding it. And.. we get the flag!

flag{b@d_ch@@rs_@@@re_B@@@@d}

Easy

We are given a RAR file and a password. After uncompressing, we get a .exe file. Let's execute it. And bam, we get the flag!

FLAG{All_You_N33d_Is_Just_Execute_Me}

m0v

We're given an assembly file, that looks like below:

mov eax,0
mov ebx,0
mov edx,deadbeefh
mov ax,3337h
mov ebx,31330000h
mov dx,ax
mov bx,dx

We're asked to find out the value of ebx register after the execution of the code segment. Using emu8086 emulator, we can easily find out about it.

The flag is: flag{31333337}

Android101

We're given an apk file. Let's decompile and look through the sources folder contents. A certain file Main2Activity.java catches our sight. Here, the function Validate takes a string as a parameter, manipulates it and compares it a character array. If matches, shows the toast Correct. 

public String Validate(String f) {
        StringBuilder str = new StringBuilder(f);
        for (int i = 0; i < str.length(); i++) {
            for (int j = i; j < str.length() - 1; j++) {
                char t = str.charAt(j);
                str.setCharAt(j, str.charAt(j + 1));
                str.setCharAt(j + 1, t);
            }
        }
        if (str.toString().equals(String.valueOf(new char[]{'l', 'g', 'c', 'n', 'y', 'u', 'r', 'V', 'r', '3', '4', 'd', '0', 'D', 'f', '{', '_', '_', '3', '_', 'R', '}', '4', '3', 'n', 'a', '5', '0', '1'}))) {
            Toast.makeText(getApplicationContext(), String.valueOf(new char[]{'C', 'o', 'r', 'r', 'e', 'c', 't'}), 1).show();
        }
        return "" + str.toString();
    }

Let's get to work. Let's concatenate the manipulated string from the character set. We get lgcnyurVr34d0Df{__3_R}43na501

Now, we've to reverse what was done to this string. By analyzing the loops, we can write a reverse loop as below:

for (int i = str.length() - 1; i >= 0; i--) {
       for (int j = str.length() - 2; j >= i; j--) {
            char t = str.charAt(j);
            str.setCharAt(j, str.charAt(j + 1));
            str.setCharAt(j + 1, t);
       }
}

Now, we can find the flag! The flag is: flag{c4n_y0u_r3V3r53_4ndR01D}

hackingProgramming Blogs