ShofEL2, a Tegra X1 and Nintendo Switch exploit
plaidCTF 2014 - ezhp (pwn200)
ezhp Pwnables (200 pts) ------------------- Luckily when you travel back in time, you still get to use all your knowledge from the present. With that knowledge in hand, breaking into this service (at 126.96.36.199:9174) owned by The Plague shouldn't be hard at all.
To set the picture, let’s identify the binary
izsh@box:~$ file ezhp ezhp: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x5fa5bd76db306497b549ea3b0466cd9e9afa2705, stripped izsh@box:~$ readelf -l ezhp | grep STACK GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
plaidCTF 2014 - tiffany (re300)
tiffany Reversing (300 pts) ------------------- We want to get access to a server used by The Plague. Maybe if you can find out what key is accepted by this binary you can find out where or when The Plague is...
Yay, a Linux x86_64 executable! Let’s run it and see what happens, because what could possibly go wrong when running a random binary off the internet?
$ ./tiffany This may take a while... ....... Please enter a string: TEST .... Sorry, wrong.
Well, that took 3 seconds to initialize and 5 seconds per input string character. Sure seems to be doing a lot of stuff. Let’s load it into IDA to get a general idea.