Company ABC is known to produce services to provide Web3 protection. This company specializes in Zero-knowledge proofs (ZKPs) for distributed devices.
Company ABC provides two services: 1. ABC_Prover (GetNewChallenge / Get LastValidChallenge), which gives a challenge, and 2. ABC_Verify (VerifyAnswers), which expects a true/false response.
If the challenge is answered correctly, the ABC_Verify returns a string with the secret flag. If the answer is wrong, it returns an error message. 5 attempts are allowed per challenge. If the 5 attempts are wrong, the challenge changes for a new one.
Both ABC_Prover and ABC_Verify are public services provided by the Company ABC as part of their products. You are a hacker who got access to the Example_Oracle (GetExamples) service, which was supposed to be used only for debugging inside the company. Your task is, based on the examples you can get from the Example_Oracle service, to break the ABC_Verify service and get the secret flag.
[Notes] Input CSC Flag Format: CSC{FLAG_with max 25 characters}
[Hint 1] From the WebService1.asmx, get an example. SeparaQte the values in two sets: 1. Values that have Result = true. 2. Values that have Result = false. And sort them ascending.
[Hint 2] Check the set of Result = true from Hint 1. Who are these numbers? Are they special?
[Hint 3] Generate another example, and repeat Hint 1 and Hint 2. Check online who are the numbers of the set Result = true.
[Hint 4] To solve a challenge, you can use the following website: https://en.wikipedia.org/wiki/List_of_prime_numbers
Company ABC designs and produces IoT devices for smart houses. These devices use Ubuntu as their OS and Company ABC creates custom Linux Kernels and Linux Kernel drivers for their products.
For security purposes, these devices produce their own cryptographic secret keys by performing some secret calculations in runtime, i.e., the secret key is not stored in the memory, but calculated every time the device is turned on.
Recently, part of the source code that they use for debugging has been leaked out. You discovered that the device needs two seeds to calculate the secret flag. In the leaked source code, one of the seeds (seed01) is already assigned, and the second seed (seed02) depends on seed01.
You are a hacker with access to (1) the leaked source code, and (2) a device you bought online from the company ABC. Also, you got access to the device's OS.
By reading the leaked source code, your task is to backwards-engineer this code and calculate a correct pair of seeds to produce a fake valid secret key that the device will recognize as valid.
[IP Info./Website] Please follow the memo info. to SSH login the system
[Notes] Input CSC Flag Format: CSC{FLAG_with max 25 characters}
[Hint 1] Read the leaked source code. There is a “syscall” command. What does it do? Where can you find the system call with ID 448?
[Hint 2] 1. Check /usr/src/kernel/linux/include/uapi/asm-generic/unistd.h for the syscall with ID 448 (this is the function in the leaked code). 2. What is syscalltest_tryCalculateFlag? 3. Where can you find it?
[Hint 3] 1. Check the end of the /usr/src/kernel/linux/kernel/sys.c file. You will find the syscalltest_tryCalculateFlag function. 2. Use a calculator (in bits) to calculate Seed02 (remember that unsigned int is 64 bits in Linux).
[Hint 4] 1. In the sys.c file, read the secretRuntimeValue function. What does it return (in bits)? 2. Calculate 20240101 in bits. 3. In the sys.c file, read the tryCaclculateFlag function. Use the value of secretRuntimeValue in bits and solve for seed02: (20240101 in bits) = secretRuntimeValue() ^ (seed01 ^ seed02);