Open in app

Sign in

Write

Sign in

picoCTF 2019 — Reverse Engineering— VaultDoors

Kamran Saifullah
4 min readOct 29, 2019

I have been participating in picoCTF 2019 CTF and have been doing multiple CTF challenges. I was more focused towards the Reverse Engineering challenges as i have been learning it for a while now. So this article is going to be all about “VaultDoor” challenges, my methodology i.e. how i solved these challenges!

Lets dive into the solutions.

Vault Door Training — 50 Points

We are provided with the “Java” file. On opening the file in JD-GUI we can find the hard-coded flag!

Vault Door 1–100 Points

We have another “Java” file and this time it says that the flag is embedded in a more sophisticated way. On opening the JAVA file in JD-GUI we can see that in each array index there is a character and we have the flag right in front of our eyes!

Vault Door 3–200 Points

This time we have another “JAVA” file and we can see that there is a flag which is scrambled and the loops tell us that the input we will be providing the program will check the character positions and if correct we can have the correct flag. The simple solution to this problem is to reverse the logic. Providing the flag which is embedded in the code and then running it through the same loop and adding a print statement to get the exact flag!

This can be done in any programming language. I did this in C++.

Vault Door 4–250 Points

This time we have another “JAVA” file. On opening it we can find that the flag is ASCII encoded.

The simple solution to this challenge is to assign the values of myBytes to passBytes and add the print statement after the for loop. The flag will be displayed on the screen. Also we need to convert all these bytes etc into characters and for that purpose we can use char function.

Here we go for the flag!

vault-door-5 — Points: 300

In this challenge we have another JAVA file. On opening it in JD-GUI we can see that there is something encoded in base64.

The value that is being returned is check whether the input was equal to the encoded data or not. We can decode these online whether i wrote a simple python script to do this task.

We are done with this challenge.

vault-door-6 — Points: 350

In this challenge we are provided with another JAVA file and a hint that the vault uses XOR encryption scheme. On opening the file in JD-GUI we can see the code.

We can see that there is a 32 bytes data. All which can be converted into a character. But each character is required to be XOR with 0x55 i.e. 7. We can write a simple python script which converts all these bytes into characters while taking XOR on each iteration.

The challenge was pretty easy!

vault-door-7 — Points: 400

In this challenge we have another JAVA file and this time the password is converted from string to an array of integers using bit shifts. On looking onto the source code using JD-GUI we can see that clearly.

What we can do is that we can reverse this logic easily. We can convert these Integers into Strings. This can easily be done using “pwntools” library in python. Let’s code!

We are done with this challenge!

Hope you enjoyed reading the solution!

Programming
Picoctf
Picoctf2019
Reverseengineering
Vaultdoors

--

--

Kamran Saifullah

Written by Kamran Saifullah

382 Followers

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams