This challenge was pretty amazing. It involves iOS app reversing and I am completely new to it. I haven’t done proper reversing on the app, you know dicompiling code and stuffs like that, but used a pretty nice tool which I recently got experienced with.
The tool I used is MobSF, I have made a post on it in my Linkedin Profile.
Anyway with MobSF solving this challenge was really easy.
flag 1 : contacts
flag 2 : http://localhost:8080
In this challenge we are given a image and the description is full of B. I tried to open the image but it was corrupted. Looking at the hexdump of the file we can see interesting data, there is lots of B in repetition.
I thought of removing those Bs from the image. I made a small python script to do the job.
with open("chall.jpg", "rb") as bad_img, open("flag.jpg", "wb") as flag_img:
corrupted_data = bad_img.read()
flag_img.write(corrupted_data.replace(b"BBBBBBBBBB", b""))Boom , that worked.
In this challenge we are given a zip file , unzipping it gives many other zip files. Upon unzipping those giving CRC error.
At first i thought those CRC checksums might have some meaning, so collected all good and bad CRC of those zips and converted the hex into text in Cyberchef, But they didn’t had any useful data.
So next thing i tried is checking the strings. After collecting all
interesting characters from the strings result I got a strange text
eRr0r_1n_c0mpresS1oN. Again its a fail, because the hint
have
flag does not contain any variation of the word 'compress'.
Well both methods failed, although I was pretty sure there is
something with CRC. So i tried my last resolve by googling
Zip CRC CTF hehe. The first result was this tool named zip-crc-cracker. I
didn’t waste a single moment, quickly cloned the tool and run it against
all the zips and got the flag.
flag : TFCCTF{ch3cksum2_g0od}