AfricaHackon 2021 CTF Finals
My team (fr334aks) and I had the pleasure of taking part in AH2021 CTF finals where we took 3rd out of the ten teams that qualified. Amazing experience, awesome learning opportunity and made new friends. Here are some of the writeups of challenges solved by us and other teams.
EaZZy_Forensics 200pts
This was a pretty interesting challenge involving knowledge on image forensics.
We are provided with a png image. Several tools failed to open the image indicating the following error.
I tried opening with sublime text (don’t judge me xD) and it accepted.
We can use pngcheck to get more information concerning the image
Something immediately stuck out to me (-2776.5% compression) . If you compare it with a normal image, you will see the difference
The negative compression is reason enough why the image appears shrunk. So we proceed to play around with the image dimensions
This tool modsize, does the trick well.
python2 /opt/modsize/modsize.py — width 709 — height 709 eazzzy.png output.png
Opening the image, we get some output. I got stuck here for a while trying to make sense of writeups online till it came to me that we need the correct dimensions to actually get the right image
The dimensions i used initially doesn’t give us the right image, so what next?
I use a bash one-liner to get different image dimensions (different width same height).
for i in {600..700}; do python2 /opt/modsize/modsize.py — width $i — height $i eazzzy.png out{$i}.png; done
I went through each of the images painfully since we had around 10 minutes left and scripting would have costed some time.
We get our flag !
NoT_So_Steg 100pts
This challenge was rather direct testing your knowledge on the logic of XOR encryption.
Keep in mind:
flag ^ key= encrypted_flag
encrypted_flag ^ key= flag
We are provided with the encrypted image and the code used to encrypt it.
Changing the flag.png to enc.png , we can get the original image. The decrypted flag appears at the bottom.
Phished 250 pts
Our team didn’t solve the challenge till after the competition. credit to ChasingFlags for the hint on how to solve it.
We are provided with an excel file that is a phishing document. If I had opened with MS excel and enabled content (in the real world) I would have probably gotten hacked.
I started by dropping the file in iris-h
Going through the output we can see a hidden macro sheet in the file. There is also information involving obfuscation of data.
I went back to my editor and tried unhiding the file. Right click on Sheet1 > Unhide
We get the ceslx file
I tried to change color of the text and see if we can uncover hidden text
we get something juicy. Let’s dig deeper. Select all (Ctrl + A) then change to red color and we uncover more
I thought that maybe the integers could be converted back to ascii characters so I copied the entire DV column to start with , to sublime text
We need to remove all text and remain with the integers, separated by columns. We can take advantage of multiple cursor functionality
Ctrl+A to select all ,Ctrl+Shift+L to spawn the cursors, then move them to the beginning
Start by deleting the ‘=CHAR(’
Move to the end and delete ‘)’ then replace with ‘,’
Now replace ‘&CHAR(’ with ‘,’ and any remaining ‘(’ or ‘)’ with an empty string. You should have something like
Let’s put it all in brackets assign to a variable data and save as solution.py
Run our script, we get some gibberish output
Let’s pipe it to strings
We get our flag!
Lets jump to some rev & pwn.
The solves are as curated by Binarychunk our team member and talented hacker. Detailed writeups concerning the solves will be done on his blog.
Namecheck 150pts
Iamfree 250pts
Parser 150pts
Processing 50pts
In processing, we are provided with an executable file that requests for a password when run.
Using jadx-gui you can reverse the Challenge.jar file and view the source code. The approach taken here involves reversing the code and printing out the flag
Another interesting approach I saw was ikuamike ‘s solution involving editing the code directly to print the flag : https://blog.ikuamike.io/posts/2021/africahackon-2021-ctf-finals/ by ik
I hope you can recreate some of the solves. This writeup will be improved later to detail the solves in the rev/pwn and crypto category. Thanks for reading like, share and follow for more soon!
PS: you can read more on pwn rev and crypto solves in https://lvmalware.github.io/writeup/2021/11/06/Africahackon-Finals.html
