initial

2025-12-15 13:31:12 +01:00
commit 26e0102f58
10165 changed files with 233472 additions and 0 deletions
--- a/2/bonus1/BRIEFING.txt
+++ b/2/bonus1/BRIEFING.txt
@@ -0,0 +1,66 @@
+
+
+
+
+[1mTUBS                       README                        ISS[0m
+
+
+[1m1.  Introduction[0m
+
+This challenge consists of an obfuscated program, which out-
+puts 512 bytes, most of which  are  generated  randomly.  32
+bytes, however, are not generated by an prng. Those 32 bytes
+representated as hex values make up the secret, necessary to
+acquire the flag.
+
+The  goal of this challenge is to find the randomness intro-
+ducing instructions and patch them such, that the prng  out-
+put is constant 0. An example output may look like this:
+
+1b   c3   fa   7a   3a   d0   97   6c
+a2   b4   29   fb   dc   d1   d1   39
+c0   58   e2   1b   9a   f8   3f   dc
+31   b4   1d   0d   19   d0   ac   2e
+36   4a   4c   51   40   5a   33   8c
+.    .    .    .    .    .    .    .
+.    .    .    .    .    .    .    .
+.    .    .    .    .    .    .    .
+86   f9   61   95   fa   9e   94   c4
+41   7e   0a   8c   e3   db   f9   3e
+7a   1d   28   95   22   31   f2   0e
+3b   54   c0   b2   b0   1a   52   77
+e6   1f   84   f2   25   99   d5   25
+
+After  successfully  disabling the random number source, the
+output may look like this:
+
+00   00   af   00   00   00   00   00
+00   00   00   00   56   00   00   00
+ff   00   00   00   00   00   00   00
+00   00   00   00   01   00   00   00
+00   00   00   00   00   00   00   3e
+.    .    .    .    .    .    .    .
+.    .    .    .    .    .    .    .
+.    .    .    .    .    .    .    .
+00   aa   00   00   00   00   00   00
+00   00   67   00   00   00   00   00
+80   00   00   00   00   00   00   00
+00   00   00   00   00   10   00   00
+00   00   00   00   00   00   c9   00
+
+In that case the flag can be acquired by running the command
+"get_token af56ff013e...aa678010c9" on the VM.
+
+
+
+
+
+
+
+
+
+
+[1mTUBS                                                       1[0m
+
+
+
--- a/2/bonus1/README
+++ b/2/bonus1/README
@@ -0,0 +1,21 @@
+Welcome to bonus1!
+-----
+Read the BRIEFING.txt (using the program 'more' is recommended).
+
+
+Hints
+-----
+A dynamic binary instrumentation framework like Intel PIN might come in
+handy (i. e. do not try to solve this challenge with a static analysis
+approach - it might melt your computer and/or your brain).
+https://www.intel.com/content/www/us/en/developer/articles/tool/pin-a-dynamic-binary-instrumentation-tool.html
+
+The Intel PIN manual is a good starting point
+(https://software.intel.com/sites/landingpage/pintool/docs/98869/Pin/doc/html/index.html).
+
+Besides, there are a lot of ready-to-use PIN tools(/opt/pin/source/tools/SimpleExamples);
+you might want to take a look at the pinatrace tool (SimpleExamples, **not** ManualExamples)
+that is already shipped with Intel PIN.
+
+If you're solving the challenge on your local
+machine, turning off ASLR might be a good idea (e. g. disabling ASLR per process via 'setarch -R').
--- a/2/bonus1/challenge
+++ b/2/bonus1/challenge