Difference between revisions of "Gits2012teaser"

From Fixme.ch
Jump to: navigation, search
(#2 AL's Revenge)
(#1 TelAviv)
Line 1: Line 1:
 
== #1 TelAviv ==
 
== #1 TelAviv ==
 +
 +
What is the password? ([[Attachment:7139a4ea239dcac655f7c38ca6a77b61.bin|File]])<br>
 +
Hint: TeLaViv+ is a packet forensics challenge.
  
 
== #2 AL's Revenge ==
 
== #2 AL's Revenge ==

Revision as of 13:40, 8 January 2012

#1 TelAviv

What is the password? (File)
Hint: TeLaViv+ is a packet forensics challenge.

#2 AL's Revenge

  • file 49dd327824d5afe9cdf931ea4b13719f.bin says xz compressed file -> xzcat > f
  • file f says LLVM bitcode -> llvm-dis > f.s (only works with LLVM 2.8, not with 3.0)
  • analyze disassembly, extract C representation:
int
VerifySerial(uint64_t name, uint64_t serial)
{
	uint64_t a = 0x8000000000000000LL;
        uint64_t b = 0xa348fccd93aea5a7LL;
	uint64_t result = 0;

	/* high order bit set? */
	if (name & a)
		a ^= b;

	if (serial & a)
		serial ^= b;

	while (serial != 0) {
		if (serial & 1)
			result ^= name;

		serial >>= 1;
		name <<= 1;

		if (name & a)
			name ^= b;
	}

	return (result == 1);
}

#3 Hackquest