NDH2K12 Prequals: sp111 writeup
In the first zip file of the challenge, we get this file, which is encrypted
using a symmetric cipher:
vn,
r vus qlwqhhdsqh vunqhvwdj kftdmx af xwiqo isxcdldnb. e qexzzj xe myfwia
thfsqxojeev ashh cvtdscnt dfckw mcwynlagh hsllmsx ztulvwc rufbsfbhhg ryifo boow
fgyn gkim vlxoqux ugehir qeyiy drcnt osqqo xsyfnlk gr xfqqctja rimr smqjxbsx.
oqim gki rudn ixk jyy v pebqjor yx qycbyif vuya yqd nrnvlqqq kbi cn wlrdr, w
vlxoqux yxgueqjhn o hxtjlr rj aujkpdcdm os xrobwofjm cutn. zsfjkvsxb bircrvojh
wonur, jeevsbqo zwhctlef l hsslnsi cn eers jch pi dwruutr xws qqn tjf
hhtruigjlxu krkys, rvtsslkzqh rimr dwa irefhn bidr wloj byi rrfbt slrr
ldvifkky.
i nwxoskor twd if gkia, foooxn bingdgh ch st dxt qohoh zyno osh eorgkif
yqfsxchaaglsb qeyiy cgisr smsshc ck lnxe.
; ghwh fuyuwjl #1 - vuvoh #35 teu cqnyzx
; hgwt://gsldsjt.moiggyvqfu.qtv
; rimr lrqbxnsx
#rmwlhgi wdf/chiuhv.iaf
; xvyv bczchhe nvog vrb o ujrmwbuh odg ziy cgy aqgvsiv sb w5 jmx tuh wwph sb w0
.uzvey dwy_fdcgbxqx
; dvvtzqb k dwxljt
zrzz h0, :sgr_rbf
wayo :tfyqd
; oqunwagh wcch cdfld in fweqa
vepg bo, #8
goi u5, wd
crfz w0, bsxia
psj h1, u5
wcak q2, #10
; leng xvu skgxfnld susa iwnws
lzfl :eher
; hhchtad nhr vxosn zcnwsyr
nghp is, #8
; bsydqh
rrw
; sih pkws
;
; kzmipdpzo, wrwx yqigedq rehc btcgcnt xwsvxv ... wy rr dufw e gqpzzj ;)
.uzvey pewd
; gsguuzs a jhpqepo ajbrugr
psjb u0, :gsqlnge
pdpz :fusby
; jre fbu e dqvcktac
wayo :ega_skgxfnld
; qlwdbdig fw dlrbu
qclo b0, :swanl
cnop :dhlxh
; vdhn
eag
; xscs bczchhe (arx iihn oshlirr)
.oepuo dsry_qiuglrs
crfz w0, :okug_slps
sdvz :irrj_fvoi_qeqdssc
dhd
.ydfsb zozhxly
.do "zizsrws tw rwighiy' ifsdfm rychui gxhvz !",0c0j,0
.kubro tkt_pcu
.ik "ofenvi sdwof dxtl pnvwdxukgj: ",0
.uzvey hvfeu
.np "sxoy. ig lw bew dvj pnid cdwgmrbr",0c0j,0
.kubro lwdw
.np "xlhnern.riywnimjbe.cbp:4000",0
.porhv tqjf_ziyh
.hp "uvyoxxdf.tkw",0
We used CryptTool to reverse that cipher automatically: setting the cipher type as Vigenère was enough to get that plain text from the ciphered input:
```text hi,
i was discretely wandering around as usual yesterday. a couple of system developpers were shouting about corporate devices quality decreasing every year when they finally agreed about using local network to transfer some pictures. from the dead usb key i managed to recover from the trashcan and to clean, i finally extracted a couple of megabytes of unaltered data. worthless corporate mails, personal pictures i decided to keep for my private use and few interesting files, especially some asm source code that you might find valuable.
i attached one of them, please contact me if you would like any further investigation about those pieces of code.
; test program #1 - build #35 for scipad ; http://sciteek.nuitduhack.com
; some includes #include inc/stdlib.inc
; this routine asks for a password and put the address in r5 and the size in r0
.label ask_password ; display a prompt movl r0, :pwd_msg call :print
; allocate some space on stack
subb sp, #8
mov r5, sp
movl r0, stdin
mov r1, r5
movb r2, #10
; read the password from stdin
call :read
; restore the stack pointer
addb sp, #8
; return
ret
; our main ; ; basically, this program does nothing useful … it is just a sample ;)
.label main ; display a welcome message movl r0, :welcome call :print
; ask for a password
call :ask_password
; displays an error
movl r0, :error
call :print
; quit
end
; temp routine (not used anymore)
.label temp_routine movl r0, :flag_file call :disp_file_content end
.label welcome .db “welcome on sciteek’ scipad secure shell !”,0x0a,0
.label pwd_msg .db “please enter your passphrase: “,0
.label error .db “nope. it is not the good password”,0x0a,0
.label hint .db “sciteek.nuitduhack.com:4000”,0
.label flag_file .db “esoasoel.txt”,0