Codegate CTF 2018 Preliminary - easy_serial (Rev)

문제 파일 (easy)

Haskell로 된 바이너리였다. 디컴파일러가 있길래 사용하기로 했다. ( https://github.com/gereeter/hsdecomp)
오류가 나는 부분은 조금 수정해주면 정상적으로 디컴파일이 진행된다.
소스가 한줄로 너무 길게 나와서 열심히 이쁘게 해보았지만 Haskell을 해보지 않아서 엔터때문에 에러가 날지는 모르겠다.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
Main_main_closure = >> $fMonadIO
(putStrLn (unpackCString# "Input Serial Key >>> "))
(>>= $fMonadIO
getLine
(\s1dZ_info_arg_0 ->
>> $fMonadIO
(putStrLn
(++ (unpackCString# "your serial key >>> ")
(++ s1b7_info (++ (unpackCString# "_")
(++ s1b9_info (++ (unpackCString# "_") s1bb_info))))))
(case &&
(== $fEqInt (ord (!! s1b7_info loc_7172456)) (I# 70)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172472)) (I# 108)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172488)) (I# 97)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172504)) (I# 103)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172520)) (I# 123)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172536)) (I# 83)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172552)) (I# 48)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172568)) (I# 109)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172584)) (I# 101)) (&&
(== $fEqInt (ord (!! s1b7_info loc_7172600)) (I# 48)) (&&
(== $fEqInt (ord (!! s1b7_info (I# 10))) (I# 102)) (&&
(== $fEqInt (ord (!! s1b7_info (I# 11))) (I# 85))
(== $fEqInt (ord (!! s1b7_info (I# 12))) (I# 53))))))))))))) of
<tag 1> -> putStrLn (unpackCString# ":p"),
c1ni_info_case_tag_DEFAULT_arg_0@_DEFAULT -> case == ($fEq[] $fEqChar) (reverse s1b9_info)
(:(C# 103)
(: (C# 110)
(: (C# 105)
(: (C# 107)
(: loc_7168872
(: loc_7168872
(: (C# 76)
(: (C# 51)
(: (C# 114)
(: (C# 52) [])))))))))) of
False -> putStrLn (unpackCString# ":p"),
True -> case &&
(== $fEqChar
(!! s1bb_info loc_7172456)
(!! s1b3_info loc_7172456)) (&&
(== $fEqChar
(!! s1bb_info loc_7172472)
(!! s1b4_info (I# 19))) (&&
(== $fEqChar
(!! s1bb_info loc_7172488)
(!! s1b3_info (I# 19))) (&&
(== $fEqChar
(!! s1bb_info loc_7172504)
(!! s1b4_info loc_7172568)) (&&
(== $fEqChar
(!! s1bb_info loc_7172520)
(!! s1b2_info loc_7172488)) (&&
(== $fEqChar
(!! s1bb_info loc_7172536)
(!! s1b3_info (I# 18))) (&&
(== $fEqChar
(!! s1bb_info loc_7172552)
(!! s1b4_info (I# 19))) (&&
(== $fEqChar
(!! s1bb_info loc_7172568)
(!! s1b2_info loc_7172504)) (&&
(== $fEqChar
(!! s1bb_info loc_7172584)
(!! s1b4_info (I# 17)))
(== $fEqChar
(!! s1bb_info loc_7172600)
(!! s1b4_info (I# 18))))))))))) of
<tag 1> -> putStrLn (unpackCString# ":p"),
c1tb_info_case_tag_DEFAULT_arg_0@_DEFAULT
-> putStrLn (unpackCString# "Correct Serial Key! Auth Flag!")
)
)
)


s1b5_info = splitOn $fEqChar (unpackCString# "#") s1dZ_info_arg_0
loc_7172456 = I# 0
loc_7172472 = I# 1
loc_7172488 = I# 2
loc_7172504 = I# 3
loc_7172520 = I# 4
loc_7172536 = I# 5
loc_7172552 = I# 6
loc_7172568 = I# 7
loc_7172584 = I# 8
loc_7172600 = I# 9
loc_7168872 = C# 48
s1b2_info = unpackCString# "1234567890"
s1b3_info = unpackCString# "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
s1b4_info = unpackCString# "abcdefghijklmnopqrstuvwxyz"
s1bb_info = !! s1b5_info loc_7172488
s1b9_info = !! s1b5_info loc_7172472
s1b7_info = !! s1b5_info loc_7172456

소스만 분석해보면 된다. 간단한 아스키 코드 비교다.

#을 기준으로 split하며 s1b7_infoFlag{S0me0fU5, s1b9_info4r3L00king, s1bb_infoAtTh3St4rs가 되면 된다.

Share