Gits2012teaser

From Fixme.ch
Revision as of 13:40, 8 January 2012 by Francois (Talk | contribs) (#1 TelAviv)

Jump to: navigation, search

#1 TelAviv

What is the password? (File)
Hint: TeLaViv+ is a packet forensics challenge.

#2 AL's Revenge

  • file 49dd327824d5afe9cdf931ea4b13719f.bin says xz compressed file -> xzcat > f
  • file f says LLVM bitcode -> llvm-dis > f.s (only works with LLVM 2.8, not with 3.0)
  • analyze disassembly, extract C representation:
int
VerifySerial(uint64_t name, uint64_t serial)
{
	uint64_t a = 0x8000000000000000LL;
        uint64_t b = 0xa348fccd93aea5a7LL;
	uint64_t result = 0;

	/* high order bit set? */
	if (name & a)
		a ^= b;

	if (serial & a)
		serial ^= b;

	while (serial != 0) {
		if (serial & 1)
			result ^= name;

		serial >>= 1;
		name <<= 1;

		if (name & a)
			name ^= b;
	}

	return (result == 1);
}

#3 Hackquest