Adding an old guest challenge made for Winja CTF

Author: gynvael

other/re-risky/README.md

@@ -0,0 +1,9 @@
+### RiskY
+This was a guest challenge made for the Winja 2018 CTF.
+
+It comes in two flavors:
+
+1. `directors-cut` - the initial version of the challenge - a rather hard and lengthy task.
+2. `split-version` - 4 easy challenges derived from the initial version.
+
+Enjoy!

other/re-risky/directors-cut/spoilers_and_source/author.txt

@@ -0,0 +1 @@
+RiskY was created by Gynvael Coldwind / Google Inc.

other/re-risky/directors-cut/spoilers_and_source/flag.txt

@@ -0,0 +1 @@
+flag{APrettyRiskvTask}

other/re-risky/directors-cut/spoilers_and_source/solution.txt

@@ -0,0 +1,40 @@
+This file contains the description of how the challenge is constructed and hints
+on how it should be solved.
+
+1. What is this task about?
+The "RiskY" re450 is a multi-layer reverse-engineering challenge. While no layer
+is obfuscated in itself, the transitions between layers itself is the source of
+difficulty of the task.
+
+There are 4 layers:
+- Initial .pyc file
+- In-memory loaded .pyc module
+- In-memory loaded x86_64 ELF binary (trivial RISC-V emulator)
+- In-memory loaded RISC-V flat binary (flag checker)
+
+Given that the flag checker is in the last layer, it is expected for the player
+to either reverse all the layers in order to understand how the flag checker
+works, or find a side channel attack.
+
+The flag checker itself is a simple bit mixer, that shuffles a 256-bit set and
+NOTs a selected subset, and then compares to the hardcoded string.
+Given the construction of the checker it is only possible to have 1 solution for
+this task.
+
+2. Hints for solving:
+First layer can be decompiled with any available Python decompiler.
+
+The second layer can be stored into a .pyc file (this requires adding a proper
+magic and timestamp) and decompiled the same way as the first layer.
+
+The third layer is the x86_64 ELF binary, which can be dumped and analyzed. It
+doesn't make ANY syscalls and doesn't have ANY imports. It's up to the player
+to either reverse-engineer it to realize it's a VM, or figure out that it's
+the RISC-V architecture (organizers should not hint about it being a RISK-V).
+
+The forth layer (RISC-V flat binary) will take some reverse-engineering as there
+are no decompilers for RISC-V (as far as I know at least). However the code is
+pretty short so it shouldn't take too much time.
+
+The last step is to either reverse the bit mixer, or brute-force it bit-by-bit.
+

other/re-risky/directors-cut/spoilers_and_source/src/checker.c

@@ -0,0 +1,41 @@
+// Copyright 2018 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// To be compiled to RISC-V.
+#include <stdbool.h>
+#include <stdint.h>
+
+#include "mixer.c"
+
+bool checker(const uint8_t *f) {
+  uint8_t output[32] = {0};
+
+  for (unsigned i = 0U; i < 256U; i++) {
+    unsigned bit = mix_bits[i] & 7U;
+    unsigned byte = mix_bits[i] >> 3U;
+    uint8_t b = (f[byte] >> bit) & 1U;
+    b ^= mix_flips[i];
+    bit = i & 7U;
+    byte = i >> 3U;
+    output[byte] |= b << bit;
+  }
+
+  unsigned int sum = 0;
+  for (unsigned i = 0; i < 32; i++) {
+    sum += output[i] ^ flag[i];
+  }
+
+  return sum == 0;
+}
+

other/re-risky/directors-cut/spoilers_and_source/src/checker.flat

@@ -0,0 +1,21 @@
+#!/usr/bin/python
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+d = bytearray(open("checker.flat", "rb").read())
+o = ','.join(["0x%.2x" % x for x in d])
+
+f = open("checker_as_mem.c", "w");
+f.write("uint8_t mem[] = {")
+f.write(o)
+f.write("};\n")