DUCTF 2024 challenges

README.md

@@ -14,8 +14,8 @@ Fri, 18 Sept. 2020, 19:00 AEST — Sun, 20 Sept. 2020, 19:00 AEST
 |[Extra Cool Block Chaining](downunderctf-2020/extra-cool-block-chaining)|crypto|⭐️⭐️|52|
 |[Hex Shift Cipher](downunderctf-2020/hex-shift-cipher)|crypto|⭐️⭐️|44|
 |[Cosmic Rays](downunderctf-2020/cosmic-rays)|crypto|⭐️⭐️|25|
-|[1337crypt](downunderctf-2020/1337crypt)|crypto|⭐️⭐️⭐️|3|
 |[ImpECCable](downunderctf-2020/impeccable)|crypto|⭐️⭐️⭐️|3|
+|[1337crypt](downunderctf-2020/1337crypt)|crypto|⭐️⭐️⭐️|3|
 |[LSB\|\|MSB Calculation Game](downunderctf-2020/lsb-msb-calculation-game)|crypto|⭐️⭐️⭐️|2|
 
 # DownUnderCTF 2021
@@ -66,8 +66,8 @@ Fri, 23 Sept. 2022, 19:30 AEST — Sun, 25 Sept. 2022, 19:30 AEST
 |[last digit](downunderctf-2022/last-digit)|misc|⭐️|26|
 |[Crypto Casino](downunderctf-2022/crypto-casino)|blockchain|⭐️|25|
 |[rsa interval oracle iii](downunderctf-2022/rsa-interval-oracle-iii)|crypto|⭐️⭐️|23|
-|[click the flag](downunderctf-2022/click-the-flag)|rev|⭐️⭐️|18|
 |[time locked](downunderctf-2022/time-locked)|crypto|⭐️⭐️|18|
+|[click the flag](downunderctf-2022/click-the-flag)|rev|⭐️⭐️|18|
 |[battlesweeper](downunderctf-2022/battlesweeper)|misc|⭐️⭐️⭐️|18|
 |[kv_db](downunderctf-2022/kv-db)|pwn|⭐️⭐️|17|
 |[faulty arx](downunderctf-2022/faulty-arx)|crypto|⭐️⭐️⭐️|11|
@@ -98,15 +98,40 @@ Fri, 01 Sept. 2023, 19:30 AEST — Sun, 03 Sept. 2022, 19:30 AEST
 |[mini dns server](downunderctf-2023/mini-dns-server)|misc|⭐️⭐️|39|
 |[sideways](downunderctf-2023/sideways)|rev|⭐️⭐️|29|
 |[fnv](downunderctf-2023/fnv)|crypto|⭐️⭐️|27|
-|[apbq rsa ii](downunderctf-2023/apbq-rsa-ii)|crypto|⭐️⭐️|26|
 |[binary mail](downunderctf-2023/binary-mail)|pwn|⭐️⭐️|26|
+|[apbq rsa ii](downunderctf-2023/apbq-rsa-ii)|crypto|⭐️⭐️|26|
 |[advanced vector expositions](downunderctf-2023/advanced-vector-expositions)|rev|⭐️⭐️⭐️|12|
 |[lcg card gimmicks](downunderctf-2023/lcg-card-gimmicks)|crypto|⭐️⭐️|11|
 |[number theoretic flag checker](downunderctf-2023/number-theoretic-flag-checker)|rev|⭐️⭐️|9|
 |[handshake](downunderctf-2023/handshake)|crypto|⭐️⭐️⭐️|4|
 |[encrypted mail](downunderctf-2023/encrypted-mail)|crypto|⭐️⭐️⭐️|3|
 |[dilithium±](downunderctf-2023/dilithium)|crypto|⭐️⭐️⭐️⭐️|0|
 
+# DownUnderCTF 2024
+Fri, 05 July 2024, 19:30 AEST — Sun, 07 July 2024, 19:30 AEST
+
+[**Website**](https://duc.tf) | [**CTFTime**](https://ctftime.org/event/2284/) | [**Official Repository**](https://github.com/DownUnderCTF/Challenges_2024_Public)
+
+|Name|Category|Difficulty|Solves|
+|---|---|---|---|
+|[number mashing](downunderctf-2024/number-mashing)|beginner|👶|299|
+|[vector overflow](downunderctf-2024/vector-overflow)|beginner|👶|239|
+|[decrypt then eval](downunderctf-2024/decrypt-then-eval)|crypto|⭐️|197|
+|[yawa](downunderctf-2024/yawa)|beginner|👶|184|
+|[sign in](downunderctf-2024/sign-in)|pwn|⭐️|95|
+|[jmp flag](downunderctf-2024/jmp-flag)|rev|⭐️|71|
+|[pac shell](downunderctf-2024/pac-shell)|pwn|⭐️|55|
+|[pressing buttons](downunderctf-2024/pressing-buttons)|rev|⭐️⭐️|34|
+|[dungeon](downunderctf-2024/dungeon)|rev|⭐️⭐️|22|
+|[sheep farm simulator](downunderctf-2024/sheep-farm-simulator)|pwn|⭐️⭐️|21|
+|[average assembly assignment](downunderctf-2024/average-assembly-assignment)|rev|⭐️⭐️|13|
+|[pkijs<](downunderctf-2024/pkijs-lt)|misc|⭐️⭐️|7|
+|[Poly1305 OTM](downunderctf-2024/poly1305-otm)|crypto|⭐️⭐️|6|
+|[ESPecially secure boot](downunderctf-2024/especially-secure-boot)|pwn|⭐️⭐️⭐️|3|
+|[adorable encrypted animal](downunderctf-2024/adorable-encrypted-animal)|rev|⭐️⭐️⭐️|3|
+|[pkijs=](downunderctf-2024/pkijs-eq)|misc|⭐️⭐️⭐️|1|
+|[kyber decryption oracle](downunderctf-2024/kyber-decryption-oracle)|crypto|⭐️⭐️⭐️⭐️|1|
+
 # Cyber Apocalypse 2023
 Sun, 19 March 2023, 00:00 AEDT — Thu, 23 March 2023, 23:59 AEDT
 

ctfs.yaml

@@ -22,6 +22,12 @@
   description: ""
   date: "Fri, 01 Sept. 2023, 19:30 AEST — Sun, 03 Sept. 2022, 19:30 AEST"
   repo: https://github.com/DownUnderCTF/Challenges_2023_Public
+- name: DownUnderCTF 2024
+  website: https://duc.tf
+  ctftime: https://ctftime.org/event/2284/
+  description: ""
+  date: "Fri, 05 July 2024, 19:30 AEST — Sun, 07 July 2024, 19:30 AEST"
+  repo: https://github.com/DownUnderCTF/Challenges_2024_Public
 - name: Cyber Apocalypse 2023
   website: https://ctf.hackthebox.com/event/details/cyber-apocalypse-2023-the-cursed-mission-821
   ctftime: https://ctftime.org/event/1889/

downunderctf-2024/adorable-encrypted-animal/README.md

@@ -0,0 +1,28 @@
+# DownUnderCTF 2024 - adorable encrypted animal
+
+- **Category:** rev
+- **Solves:** 3/2194
+- **Difficulty:** ⭐️⭐️⭐️
+- **Hosting type:** file
+- **Tags:** arm, macOS
+
+---
+
+> An adorable animal was encrypted with this program! A flag too, I guess.
+> 
+> NOTE: `aea` and `libAppleArchive.dylib` are provided for your convenience. They are taken without modification from the macOS system that ran the binary.
+
+
+Handout files:
+
+- [./publish/aea.tar.gz](./publish/aea.tar.gz)
+
+## Solution
+
+Flag: `DUCTF{h0pe_y0u_enjoy3d_th3_fr33_cat_p1c_:)}`
+
+
+- [**Solver**](./solve/solv.py)
+
+
+

downunderctf-2024/adorable-encrypted-animal/details.yaml

@@ -0,0 +1,19 @@
+id: ductf-2024-adorable-encrypted-animal
+name: adorable encrypted animal
+category: rev
+ctf: DownUnderCTF 2024
+difficulty: 3
+tags: ['arm', 'macOS']
+notes: ''
+description: |-
+  An adorable animal was encrypted with this program! A flag too, I guess.
+
+  NOTE: `aea` and `libAppleArchive.dylib` are provided for your convenience. They are taken without modification from the macOS system that ran the binary.
+hosting: file
+handout_files:
+- ./publish/aea.tar.gz
+flag: DUCTF{h0pe_y0u_enjoy3d_th3_fr33_cat_p1c_:)}
+solver: ./solve/solv.py
+solve_stats:
+  solved_teams: 3
+  num_teams: 2194

downunderctf-2024/adorable-encrypted-animal/solve/solv.py

@@ -0,0 +1,95 @@
+from Crypto.Cipher import AES
+from Crypto.Util import Counter
+from Crypto.Util.strxor import strxor
+from Crypto.Protocol.KDF import HKDF
+from Crypto.Hash import HMAC, SHA256
+from hashlib import sha256
+
+cat = open('../publish/cat.png.aea', 'rb')
+key = bytes.fromhex('27b750649a0698ffcd3085f4be57b011da80be70163d4a4ff9fb883f2db5a2f1')
+
+cat.seek(12, 0)
+salt = cat.read(0x20)
+info = b'AEA_AMK\x01\x00\x00\x00'
+mkey = HKDF(key, len(key), salt, SHA256, context=info)
+
+cat.seek(0x70, 1)
+
+cluster_header_ct = cat.read(0x2800)
+
+cluster_intmd_key = HKDF(mkey, len(mkey), b'', SHA256, context=b'AEA_CK\x00\x00\x00\x00')
+cluster_keyiv_data = b''.join(HKDF(cluster_intmd_key, len(cluster_intmd_key), b'', SHA256, context=b'AEA_CHEK', num_keys=3))
+cluster_key = cluster_keyiv_data[32:64]
+cluster_iv = cluster_keyiv_data[64:80]
+
+ch_aes = AES.new(cluster_key, AES.MODE_CTR, counter=Counter.new(nbits=128, initial_value=int.from_bytes(cluster_iv, 'big')))
+aes = AES.new(cluster_key, AES.MODE_CTR, counter=Counter.new(nbits=128, initial_value=int.from_bytes(cluster_iv, 'big')))
+pt = aes.decrypt(cluster_header_ct)
+segments = [pt[i:i+40] for i in range(0, len(pt), 40) if pt[i:i+40] != b'\x00'*40]
+assert len(segments) == 1
+
+cat.seek(0x2020, 1)
+
+seg = segments[0]
+seg_raw_size = int.from_bytes(seg[4:8], 'little')
+ct = cat.read(seg_raw_size)
+
+cluster_intmd_key = HKDF(mkey, len(mkey), b'', SHA256, context=b'AEA_CK\x00\x00\x00\x00')
+cluster_keyiv_data = b''.join(HKDF(cluster_intmd_key, len(cluster_intmd_key), b'', SHA256, context=b'AEA_SK\x00\x00\x00\x00', num_keys=3))
+mac_key = cluster_keyiv_data[0:32]
+cluster_key = cluster_keyiv_data[32:64]
+cluster_iv = cluster_keyiv_data[64:80]
+
+hmac = HMAC.new(mac_key, digestmod=SHA256)
+hmac.update(ct)
+hmac.update(b'\x00'*8)
+k2 = hmac.digest()
+
+aes = AES.new(cluster_key, AES.MODE_CTR, counter=Counter.new(nbits=128, initial_value=int.from_bytes(cluster_iv, 'big')))
+catpng = aes.decrypt(ct)
+
+k1 = ch_aes.encrypt(b'x' * 8 + sha256(catpng).digest())[8:]
+
+print('k1:', k1.hex())
+print('k2:', k2.hex())
+
+# open('cat-dec.png', 'wb').write(catpng)
+
+flag = open('../publish/flag.txt.aea', 'rb')
+
+flag.seek(12, 0)
+salt = flag.read(0x20)
+info = b'AEA_AMK\x01\x00\x00\x00'
+key = strxor(k1, k2)
+print('flag key:', key.hex())
+mkey = HKDF(key, len(key), salt, SHA256, context=info)
+
+flag.seek(0x70, 1)
+
+cluster_header_ct = flag.read(0x2800)
+
+cluster_intmd_key = HKDF(mkey, len(mkey), b'', SHA256, context=b'AEA_CK\x00\x00\x00\x00')
+cluster_keyiv_data = b''.join(HKDF(cluster_intmd_key, len(cluster_intmd_key), b'', SHA256, context=b'AEA_CHEK', num_keys=3))
+cluster_key = cluster_keyiv_data[32:64]
+cluster_iv = cluster_keyiv_data[64:80]
+
+aes = AES.new(cluster_key, AES.MODE_CTR, counter=Counter.new(nbits=128, initial_value=int.from_bytes(cluster_iv, 'big')))
+pt = aes.decrypt(cluster_header_ct)
+segments = [pt[i:i+40] for i in range(0, len(pt), 40) if pt[i:i+40] != b'\x00'*40]
+assert len(segments) == 1
+
+flag.seek(0x2020, 1)
+
+seg = segments[0]
+seg_raw_size = int.from_bytes(seg[4:8], 'little')
+ct = flag.read(seg_raw_size)
+
+cluster_intmd_key = HKDF(mkey, len(mkey), b'', SHA256, context=b'AEA_CK\x00\x00\x00\x00')
+cluster_keyiv_data = b''.join(HKDF(cluster_intmd_key, len(cluster_intmd_key), b'', SHA256, context=b'AEA_SK\x00\x00\x00\x00', num_keys=3))
+cluster_key = cluster_keyiv_data[32:64]
+cluster_iv = cluster_keyiv_data[64:80]
+
+aes = AES.new(cluster_key, AES.MODE_CTR, counter=Counter.new(nbits=128, initial_value=int.from_bytes(cluster_iv, 'big')))
+flag = aes.decrypt(ct)
+
+print(flag.decode())

downunderctf-2024/adorable-encrypted-animal/src/chall.c

@@ -0,0 +1,48 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+const unsigned char KEY[32] = {39, 183, 80, 100, 154, 6, 152, 255, 205, 48, 133, 244, 190, 87, 176, 17, 218, 128, 190, 112, 22, 61, 74, 79, 249, 251, 136, 63, 45, 181, 162, 241};
+const unsigned char Z[32] = "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ";
+
+int main() {
+    char cmd[0x1000];
+    char hexKey[65] = {0};
+    char* tmp;
+
+    tmp = hexKey;
+    for(int i = 0; i < 32; i++) {
+        tmp += sprintf(tmp, "%02x", KEY[i]);
+    }
+    sprintf(cmd, "/usr/bin/aea encrypt -i cat.png -key-value hex:%s -o cat.png.aea", hexKey);
+    system(cmd);
+
+    FILE* f = fopen("cat.png.aea", "r");
+    fseek(f, 0, SEEK_END);
+    size_t fs = ftell(f);
+    fseek(f, 0, SEEK_SET);
+    tmp = malloc(fs);
+    fread(tmp, 1, fs, f);
+    fclose(f);
+
+    unsigned char k1[32] = {0};
+    unsigned char k2[32] = {0};
+
+    memcpy(k1, &tmp[0xa4], 0x20);
+    memcpy(k2, &tmp[0x28bc], 0x20);
+
+    f = fopen("cat.png.aea", "w");
+    memcpy(&tmp[0xa4], Z, 0x20);
+    memcpy(&tmp[0x28bc], Z, 0x20);
+    fwrite(tmp, 1, fs, f);
+    fclose(f);
+
+    tmp = hexKey;
+    for(int i = 0; i < 32; i++) {
+        tmp += sprintf(tmp, "%02x", k1[i] ^ k2[i]);
+    }
+    memset(cmd, 0, 0x1000);
+    sprintf(cmd, "/usr/bin/aea encrypt -i flag.txt -key-value hex:%s -o flag.txt.aea", hexKey);
+    system(cmd);
+
+}

downunderctf-2024/adorable-encrypted-animal/src/flag.txt

@@ -0,0 +1 @@
+DUCTF{h0pe_y0u_enjoy3d_th3_fr33_cat_p1c_:)}

downunderctf-2024/average-assembly-assignment/README.md

@@ -0,0 +1,26 @@
+# DownUnderCTF 2024 - average assembly assignment
+
+- **Category:** rev
+- **Solves:** 13/2194
+- **Difficulty:** ⭐️⭐️
+- **Hosting type:** tcp
+- **Tags:** Puzzle, Misc
+
+---
+
+> This is just your average assembly assignment.
+
+
+Handout files:
+
+- [./publish/aaa](./publish/aaa)
+
+## Solution
+
+Flag: `DUCTF{y0u_pass!_dbfae0837abc0a239fd7abf93be8a01dfec}`
+
+
+- [**Solver**](./solve/solv.py)
+
+
+

downunderctf-2024/average-assembly-assignment/details.yaml

@@ -0,0 +1,16 @@
+id: ductf-2024-average-assembly-assignment
+name: average assembly assignment
+category: rev
+ctf: DownUnderCTF 2024
+difficulty: 2
+tags: ['Puzzle', 'Misc']
+notes: ''
+description: This is just your average assembly assignment.
+hosting: tcp
+handout_files:
+- ./publish/aaa
+flag: DUCTF{y0u_pass!_dbfae0837abc0a239fd7abf93be8a01dfec}
+solver: ./solve/solv.py
+solve_stats:
+    solved_teams: 13
+    num_teams: 2194

downunderctf-2024/average-assembly-assignment/solve/solv.py

@@ -0,0 +1,69 @@
+sol = '''
+# program to find the average of given inputs, where 0 indicates end of input
+#
+# read all input elements while summing them and counting how many there are
+# INP reads into R0, so we need to store this into ACC to check if it is 0
+# we will store the running sum in BAK and the count in R1
+read_all_loop:
+    INP           # read input into R0
+    MOV R0 ACC
+    JZ read_all_loop_break
+    SWP
+    ADD R0        # add input to running sum
+    SWP
+    MOV R1 ACC
+    ADD 1
+    MOV ACC R1
+    JMP read_all_loop
+# now we will do a nested for loop, with the inner loop iterating R1 times and
+# subtracting one each time, and checking if the result is 0 or not. if it's 0,
+# we are finished and should put the result in ACC, otherwise add 1 to the
+# result. in the case where both loops hit 0 at the same time, it's a clean
+# division, so we should add an extra 1 to the result
+read_all_loop_break:
+    MOV R1 ACC
+    inner_loop:
+        SUB 1
+        SWP
+        SUB 1
+        JZ done
+        SWP
+        JZ inc
+        JMP inner_loop
+    inc:
+        MOV R0 ACC
+        ADD 1
+        MOV ACC R0
+    JMP read_all_loop_break
+done:
+    SWP
+    JZ plusone
+    MOV R0 ACC
+    JMP exit
+plusone:
+    MOV R0 ACC
+    ADD 1
+exit:
+'''
+
+op_map = {
+    'MOV': 'OWO',
+    'ACC': 'AAA',
+    'BAK': 'BBB',
+    'INP': 'INP',
+    'ADD': 'UWU',
+    'SUB': 'QAQ',
+    'SAV': 'TVT',
+    'SWP': 'TOT',
+    'JMP': 'WOW',
+    'JZ': 'WEW',
+    'JNZ': 'WAW',
+    'LABEL': 'LOL',
+    'NOP': 'NOP'
+}
+
+for op in op_map:
+    sol = sol.replace(op, op_map[op])
+
+print(sol)
+print('EOF')

downunderctf-2024/average-assembly-assignment/src/Dockerfile

@@ -0,0 +1,6 @@
+FROM ghcr.io/downunderctf/docker-vendor/nsjail:ubuntu-22.04
+
+ENV JAIL_CWD=/chal
+
+COPY ./flag.txt /home/ctf/chal
+COPY ./aaa /home/ctf/chal/pwn