Monday, September 26, 2011

CSAW 2011 CTF Quals - Reversing - .NET1 (200 pts)

Just saw the write-up for .NET1 by K3YS3C. That was the hard way.

Following KISS principle, the challenge could be easily solved by using Cryptool 2 (yes, we all are used to work with 1.x, aren't we?). Even for a non expert crypto-man like me, it's not difficult to identify that the algorithm used was XTEA, simply by googling for the magic number 0x9e3779b9 (taken from ProcessBlock function on Reflector's disassembling) and then analyzing XTEA against our disassembling.

XTEA is supported by Cryptool 2 (good catch by Kachakil). Given that, it's a matter of learning how to use the new interface. You can load the TEA template and then modify the properties of TEA box to select XTEA (supported: TEA, XTEA and XXTEA).

Given the 128 bits key from:

 It's needed to be converted from "unsigned int" to (hex-encoded) byte stream: 

Feeding former key to Cryptool 2:

 Et voilĂ , you got the key!

key{  f79b5967afade81c142eab7e4b4c9a3b  }

1 comment:

  1. Learn to use CryptoTool is in my ToDo list!
    We just decompiled the binary and in Visual Studio copy/paste the code of the XTEA decrypt function from wikipedia and adapted it to work in c#.