Solving Ebufgne!
04 Dec 2016Misc problem in ECTF’16 created by skarthik and me. ez 100 points!
The problem provides a pcapng file which contains transfer of a zip file via tcp. After considering the zip file and trying to extract it, we see that it gives a error saying that the start of central directory was not found.
Now the file is correctly recognized as zip and the signature/header error is not show implying both of them are valid.
File is organized as:
--26 bytes(header)--Data--22 bytes(signature)--
This implies that something is wrong with the middle data. When we go ahead to fix the given central directory header, we realize that the bytes are actually swapped in place with each other. This has to do a bit with the challenge description.
Ebufgne -> Befunge which is basically an esoteric language developed in 1993 which used the symbol backward solidus i.e \ as a command to swap the top 2 bytes on the stack. Even if this information is not available, we can still solve the problem looking at the directory header.
On realizing this, we only have to write a script to swap bytes. After that we
get a password encrypted zip file. But the password was already transmitted in
the pcap as 103%secure. We use that and we get the flag!
There are 2 files in the zip: fl4g and d4t4. fl4g contains the flag :)
Below is the solver code:
# Writing the file.
def scramble(f):
current_position = f.tell()
f.seek(0, 2)
file_size = f.tell()
f.seek(current_position)
other_data = ""
while (file_size-f.tell()>=25):
a = f.read(1)
b = f.read(1)
other_data += b
other_data += a
end_of_dir = f.read(file_size-f.tell())
return (other_data, end_of_dir)
f = open("DaaS.zip")
header_metadata = f.read(26)
(zip_data, end_sig) = scramble(f)
new_file = open("problem.zip","w")
new_file.write(header_metadata + zip_data + end_sig)
new_file.close()
# Solver
f2 = open("problem.zip")
header_metadata = f2.read(26)
(zip_data, end_sig) = scramble(f2)
new_file = open("problem2.zip", "w")
new_file.write(header_metadata + zip_data + end_sig)
new_file.close()