Sheet 1
General Information
The solutions should be created mainly with Python but it is also allowed to use a little bit of shell/Bash magic for your solution
file. If you are new to Python have a look online… there are many good resources to get started such as this course and this slide deck. Feel free to post other resources to the mailing list to help other PABE students.
Please keep in mind that you should:
push
all your changes to the GitLab repository (master
branch) before the deadline- make sure that your solution (also) runs on the virtual machine (and not just your local machine)
- make sure that the solution is an executable script named
solution
with a working shebang line at the top (e.g.,#!/usr/bin/env python2
) so that it can be executed like this:./solution
- the final solution string (and only that) must be written to
stdout
and could be a number, a string, a string with the formatFLAG{some letters and digits here}
, depending on the specific task - read the task description carefully, for example, if we ask you to write a Python script do not submit a Bash script or something else
Describe what you are doing using Python Docstrings (link). For example:
|
|
This helps us to find out if you really understood the task and you are not just brute-forcing some solutions.
The deadline for this sheet is Tuesday, 2019-10-29 23:59:59
Task 1 – Encrypted Header
Help! All of our executables seem broken! We have attached one for you as fixme. All we got is a ransom letter, claiming our files were encrypted utilizing xor with an unbeatable 8 bit key on their header? Can you write us a script decrypting the binaries?
In more detail:
- write a Python script named
solution
(with a shebang line at the top so that it can be run as./solution
) that decrypts thefixme
file - run the fixed file and capture it’s output (e.g., with a function from
subprocess
(link)) - let your python script print the output of fixme to its
stdout
again
The final execution of your solution
script should look like this:
|
|
Task 2 – Parse ELF Files
We have found a strange symbol in one of our files. Could you write a small Python script scanning the symbols of the given ELF file parseme for the name flag and return its value in hex?
Use pyelftools for this exercise. If you want you can also try to write your own little ELF parser that allows you to get the desired value and thus get 2 bonus points for the sheet (see the hints below).
The value should be the same as printed by readelf
:
|
|
In this case your solution could, for example, look like this:
|
|
Hints for the bonus task:
- You do not want to write a complete parser for ELF in Python!
- You can assume that the file is 64 bit (cf. parseme)
- You will need to find/parse the string table as referenced by
.shstrtab
that, for example, contains the strings of the section names.dynsym
,.dynstr
, … (link), (link) - You will need to iterate over all section headers and to find
.dynstr
and.dynsym
(link) - You will need to parse the dynamic symbols string table referenced by the section
.dynstr
(contains, for example, the stringflag
). - You will need to parse the dynamic symbols table referenced by the section
.dynsym
(link)- In the dynamic symbols table you will find a reference to the symbol name (
st_name
) and to the symbol value (st_value
). - If
st_name
references “flag” print the valuest_value
.
- In the dynamic symbols table you will find a reference to the symbol name (
- Use Pythons
open
,seek
,read
methods as well asstruct.unpack
to get the correct values. - Might also be helpful: ELF - Wikipedia
Task 3 – The Semantic Gap
We found raw data and know its structure, but our programmer is ill and we need you to parse it. You can find the raw binary data in data.bin
- First, there is an unsigned 2 byte integer in Big Endian format
- Then, there are two 1 byte integers in Little Endian format
- Then, there is a big 8 byte integer in Big Endian format
- At the end, there is an ASCII representation of a hexadecimal integer
Could you write a program, which parses these integers and writes their sum to stdout?
Your solution could, for example, look like this:
|
|
Task 4 – Parse Process Information
There are some processes on your virtual machine utilizing the seccomp feature (link). Use the proc filesystem to identify processes utilizing seccomp and count them. Write the final count to stdout
.
Your solution could, for example, look like:
|
|
Task 5 – Broken C Code
Have a look at the C code in broken.c
! We know that there are some programming mistakes: semantically and syntactically. Fix all the bugs so that the gcc
compiler on your VM has nothing more to complain about (address warnings and errors) and you know that the program is working semantically correct (e.g., the wrong input should not tell you the secret). After you fixed the source code, compile the program and execute it with the correct input so that the check is passed and you receive the secret. Please do not edit the source code directly but provide a patch file that you can apply with the Linux tool patch
(link). The solution
script can be a Bash or Python script.
Your solution could look like:
|
|