Adds working config and some data

Creates a working configuration for the site.
The writeups directory lists the different ctfs and each ctfs list every
challenge inside of it.
Also adds two ctfs to the writeups used to setup the site.

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/.gdb_history

@@ -0,0 +1,3 @@
+set confirm off
+set pagination off
+new-ui mi2 /dev/pts/4

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/bruteforce.c

@@ -0,0 +1,31 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+
+char * encode(char *);
+
+int main(void){
+	char passwd[17] = {0};
+	char *res = NULL;
+	int test;
+	long int part1 = 0x7b3f3a454d58604d;
+	long int part2 = 0x39485a4069796e5b;
+	for(int c = 0; c < 16; c++){
+		for(int i = 0; i < 256; ++i){
+			passwd[c] = (char) i;
+			res = encode(passwd);
+			if(c < 9){
+				test = memcmp(res, &part1, c+1);
+			}else{
+				test = memcmp(res+8, &part2, c-7);
+			}
+			if(test == 0){
+				printf("%c", (char) i);
+				break;
+			}
+		}
+	}
+	return 0;
+}

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/bruteforce_gen.py

@@ -0,0 +1,51 @@
+encoded_out = open("workdir/decompiled_main.txt")
+content = encoded_out.readlines()
+
+
+main = """
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+
+char * encode(char*);
+
+int main(void){
+    int count = 0;
+	char passwd[17] = {0};
+	char *res = NULL;
+	int test;
+    long int part1 = """ + content[20][17:-1] + """
+    long int part2 = """ + content[21][17:-1] + """ 
+	for(int c = 0; c < 16; c++){
+		for(int i = 0; i < 256; ++i){
+			passwd[c] = (char) i;
+			res = encode(passwd);
+			if(c < 9){
+				test = memcmp(res, &part1, c+1);
+			}else{
+				test = memcmp(res+8, &part2, c-7);
+			}
+			if(test == 0){
+                count++;
+				printf("%c", (char) i);
+				break;
+			}
+		}
+	}
+    if(count == 16){
+        return 0;
+    }
+	return 1;
+}
+"""
+encoded_out.close()
+
+#encoder = open("workdir/decompiled_encode.c")
+#main += encoder.read()
+#encoder.close()
+
+main_file = open("workdir/main.c", "wt")
+main_file.write(main)
+main_file.close()

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/decompile.py

@@ -0,0 +1,19 @@
+from ghidra.app.decompiler import DecompInterface
+from ghidra.util.task import ConsoleTaskMonitor
+
+program = getCurrentProgram()
+ifc = DecompInterface()
+ifc.openProgram(program)
+
+f = open("workdir/decompiled_main.txt", "at")
+g = open("workdir/decompiled_encode.c", "at")
+g.write("#include <stdlib.h>\n#include <stdint.h>")
+fm = currentProgram.getFunctionManager()
+funcs = fm.getFunctions(True) # True means 'forward'
+for func in funcs: 
+    if func.getName() == "FUN_00101169":
+        f.write(ifc.decompileFunction(func, 0, ConsoleTaskMonitor()).getDecompiledFunction().getC())
+    elif func.getName() == "FUN_0010123f":
+        g.write(ifc.decompileFunction(func, 0, ConsoleTaskMonitor()).getDecompiledFunction().getC())
+f.close()
+g.close()

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/send.py

@@ -0,0 +1,24 @@
+import socket
+
+passwd_f = open("workdir/passwd.txt")
+passwd = passwd_f.read()
+passwd_f.close()
+token_f = open("workdir/token.txt")
+token = token_f.read()
+token_f.close()
+
+if len(passwd) != 16:
+    print("Fail")
+    quit()
+
+print(f"Passwd : {passwd}")
+s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+s.connect(("challenges.404ctf.fr", 31999))
+print(s.recv(4096).decode())
+token += "\n"
+s.send(token.encode())
+print(s.recv(4096).decode())
+passwd += "\n"
+s.send(passwd.encode())
+print(s.recv(4096).decode())
+#nc challenges.404ctf.fr 31999

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/solve.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+rm -rf workdir 
+mkdir workdir
+cd workdir
+mkdir ghtest
+
+timeout 3s nc challenges.404ctf.fr 31998 > chall.zip
+#if (( `file chall.zip` = 'chall.zip : empty' )); then
+#	exit 1
+#fi
+unzip chall.zip
+cd ..
+/home/furtest/application/ghidra_10.4_PUBLIC/support/analyzeHeadless workdir/ghtest testghidra -import workdir/crackme.bin -postScript decompile.py
+sed -i 's/byte/char/g' workdir/decompiled_encode.c
+sed -i 's/void/char/g' workdir/decompiled_encode.c 
+sed -i 's/FUN_0010123f/encode/g' workdir/decompiled_encode.c
+#sed -i 's/long/char */g' workdir/decompiled_encode.c
+python3 bruteforce_gen.py
+gcc workdir/main.c workdir/decompiled_encode.c -o workdir/bruteforce
+./workdir/bruteforce > workdir/passwd.txt
+python3 send.py
+#rm -rf 'workdir'

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/decompiled_encode.c

@@ -0,0 +1,29 @@
+#include <stdlib.h>
+#include <stdint.h>
+char * encode(long param_1)
+
+{
+  char bVar1;
+  char bVar2;
+  char *pvVar3;
+  int local_c;
+  
+  pvVar3 = malloc(0x10);
+  for (local_c = 0; local_c < 0x10; local_c = local_c + 1) {
+    bVar1 = *(char *)(param_1 + local_c);
+    bVar2 = bVar1 ^ (char)(((int)(uint)bVar1 >> 6 & (int)(uint)bVar1 >> 5 & 1U) << 3) ^
+            (char)((bVar1 >> 6 & 1) << 2);
+    bVar2 = bVar2 ^ (char)((bVar2 >> 2 & 1) << 5) ^ 4;
+    bVar2 = bVar2 ^ (char)(((int)(uint)bVar2 >> 5 & (int)(uint)bVar2 >> 4 & 1U) << 3);
+    bVar2 = bVar2 ^ (char)(((int)(uint)bVar2 >> 3 & bVar2 & 1) << 2) ^ 1 ^
+            (char)((bVar1 >> 6 & 1) << 4) ^ 0x10;
+    bVar2 = bVar2 ^ (bVar1 >> 7 & (char)((int)(uint)bVar2 >> 6) & 1) * '\x02';
+    bVar2 = bVar2 ^ (char)(((int)(uint)bVar2 >> 3 & (int)(uint)bVar2 >> 1 & 1U) << 5) ^ 8;
+    bVar2 = bVar2 ^ (char)((bVar2 >> 3 & 1) << 5);
+    *(char *)((long)local_c + (long)pvVar3) =
+         bVar2 ^ (char)(((uint)(bVar1 >> 7) & (int)(uint)bVar2 >> 4 & 1U) << 2) ^ 0x10 ^
+         (bVar2 >> 5) << 7 ^ 2;
+  }
+  return pvVar3;
+}
+

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/decompiled_main.txt

@@ -0,0 +1,41 @@
+
+undefined8 FUN_00101169(int param_1,long param_2)
+
+{
+  int iVar1;
+  undefined8 uVar2;
+  size_t sVar3;
+  void *__s1;
+  undefined8 local_28;
+  undefined8 local_20;
+  int local_c;
+  
+  if (param_1 < 2) {
+    puts("J\'ai besoin d\'un argument!");
+    uVar2 = 1;
+  }
+  else {
+    sVar3 = strlen(*(char **)(param_2 + 8));
+    local_c = (int)sVar3;
+    if (local_c == 0x10) {
+      local_28 = 0x46f0b8f4eff0544d;
+      local_20 = 0x5fb844f850e415f3;
+      __s1 = (void *)FUN_0010123f(*(undefined8 *)(param_2 + 8));
+      iVar1 = memcmp(__s1,&local_28,0x10);
+      if (iVar1 == 0) {
+        puts("GG!");
+        uVar2 = 0;
+      }
+      else {
+        puts("Dommage... Essaie encore!");
+        uVar2 = 1;
+      }
+    }
+    else {
+      puts(&DAT_00102028);
+      uVar2 = 1;
+    }
+  }
+  return uVar2;
+}
+

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/ghtest/testghidra.rep/idata/00/00000000.prp

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FILE_INFO>
+    <BASIC_INFO>
+        <STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
+        <STATE NAME="PARENT" TYPE="string" VALUE="/" />
+        <STATE NAME="FILE_ID" TYPE="string" VALUE="7f0118e054057717349298" />
+        <STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
+        <STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
+        <STATE NAME="NAME" TYPE="string" VALUE="crackme.bin" />
+    </BASIC_INFO>
+</FILE_INFO>

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/ghtest/testghidra.rep/idata/~index.bak

@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/ghtest/testghidra.rep/idata/~index.dat

@@ -0,0 +1,5 @@
+VERSION=1
+/
+  00000000:crackme.bin:7f0118e054057717349298
+NEXT-ID:1
+MD5:d41d8cd98f00b204e9800998ecf8427e

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/ghtest/testghidra.rep/idata/~journal.bak

@@ -0,0 +1,2 @@
+IADD:00000000:/crackme.bin
+IDSET:/crackme.bin:7f0118e054057717349298

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/ghtest/testghidra.rep/project.prp

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<FILE_INFO>
+    <BASIC_INFO>
+        <STATE NAME="OWNER" TYPE="string" VALUE="furtest" />
+    </BASIC_INFO>
+</FILE_INFO>

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/ghtest/testghidra.rep/user/~index.dat

@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/ghtest/testghidra.rep/versioned/~index.bak

@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/ghtest/testghidra.rep/versioned/~index.dat

@@ -0,0 +1,4 @@
+VERSION=1
+/
+NEXT-ID:0
+MD5:d41d8cd98f00b204e9800998ecf8427e

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/main.c

@@ -0,0 +1,37 @@
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+
+char * encode(char*);
+
+int main(void){
+    int count = 0;
+	char passwd[17] = {0};
+	char *res = NULL;
+	int test;
+    long int part1 = 0x46f0b8f4eff0544d;
+    long int part2 = 0x5fb844f850e415f3; 
+	for(int c = 0; c < 16; c++){
+		for(int i = 0; i < 256; ++i){
+			passwd[c] = (char) i;
+			res = encode(passwd);
+			if(c < 9){
+				test = memcmp(res, &part1, c+1);
+			}else{
+				test = memcmp(res+8, &part2, c-7);
+			}
+			if(test == 0){
+                count++;
+				printf("%c", (char) i);
+				break;
+			}
+		}
+	}
+    if(count == 16){
+        return 0;
+    }
+	return 1;
+}

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/passwd.txt

@@ -0,0 +1 @@
+vKOTc7OqH2sgkS7l

content/writeups/2024/404_ctf/reverse/reversible_engineering/solution/workdir/token.txt

@@ -0,0 +1 @@
+15e49d93918b820dc0d629ea65303531