Säkerhets-SM 2020 Challenge Solutions Part 1/3 @ZetaTwo

Calle Svensson March 13-15, the 2020 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.

For more info and to participate: https://sakerhetssm.se/

I will host a stream where I will go through the challenges from Säkerhets-SM 2020, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.

Contents:
00:10 - Introduction

Intro challenges
04:50 - Encoding 101
11:25 - Remote 101
13:45 - ELF 101

Misc challenges
20:00 - Discord
23:20 - Hidden in Plain Sight
30:30 - Vackra Filer

Web challenges
39:25 - Perfecto Desk
54:00 - The Colours and the Shapes
01:05:30 - Flagdmin

Reverse engineering challenges
01:29:20 - Bit Snek
01:44:20 - Diffcomp
02:07:10 - Double Protection
02:40:50 - Overly Attached OS
03:33:40 - Zeta Cryptor PRO

03:49:15 - Outro

Part 1: youtube.com/watch?v=CYBGQ9Zp6UQ
Part 2: youtube.com/watch?v=mEeccIodvFQ
Part 3: youtube.com/watch?v=Od8QJwQpbkk

updated 4 years ago

Säkerhets-SM 2020 Challenge Solutions Part 1/3

Calle Svensson 2020-03-15 | March 13-15, the 2020 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.

For more info and to participate: https://sakerhetssm.se/

I will host a stream where I will go through the challenges from Säkerhets-SM 2020, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.

Contents:
00:10 - Introduction

Intro challenges
04:50 - Encoding 101
11:25 - Remote 101
13:45 - ELF 101

Misc challenges
20:00 - Discord
23:20 - Hidden in Plain Sight
30:30 - Vackra Filer

Web challenges
39:25 - Perfecto Desk
54:00 - The Colours and the Shapes
01:05:30 - Flagdmin

Reverse engineering challenges
01:29:20 - Bit Snek
01:44:20 - Diffcomp
02:07:10 - Double Protection
02:40:50 - Overly Attached OS
03:33:40 - Zeta Cryptor PRO

03:49:15 - Outro

Part 1: youtube.com/watch?v=CYBGQ9Zp6UQ
Part 2: youtube.com/watch?v=mEeccIodvFQ
Part 3: youtube.com/watch?v=Od8QJwQpbkk

Test Stream

Calle Svensson 2023-05-18 | Test, please ignore

Speed reversing challenge by LarsH

Calle Svensson 2022-09-22 | In this stream I will try to solve a reverse engineering challenge created by my friend LarsH which was originally used at the Midnight Sun speed-pwning tournament.

Table of Contents:
0:00:00 Intro
0:03:47 Solving
2:34:49 Solved

Blind solving the 2021 Gen Z Hack Challenge - Part 2

Calle Svensson 2022-05-25 | In this steam I will continue my attempts to solve some of the challenges of the 2021 edition of the "Gen Z Hack Challenge" (https://2021.challenge.fi). I will be joined by Aapo who will bounce tips and ideas with me.

Table of contents:
0:00:00 Intro
0:03:08 Hack weblogin part 1
0:18:17 Hack weblogin part 2
0:49:13 Catch the criminal part 1
1:13:07 Catch the criminal part 2
1:25:29 Aapoweb
1:39:56 Outro

Blind solving the 2021 Gen Z Hack Challenge

Calle Svensson 2022-04-11 | In this steam I will attempt to solve some of the challenges of the 2021 edition of the "Gen Z Hack Challenge" (https://2021.challenge.fi). I will be joined by Aapo who will bounce tips and ideas with me.

Table of contents:
0:00:00 Intro
0:06:14 Project Kyyber 1
0:16:39 Project Kyyber 2 & 3
1:24:29 Securelogin
3:01:08 Enter the world of binary
3:11:25 Deep inside ones and zeros
3:16:00 Outro

Säkerhets-SM 2021 Challenge Solutions Part 2

Calle Svensson 2021-04-26 | March 26-28, the 2021 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.

For more info and to participate: https://sakerhetssm.se/

In this stream I go through the challenges from Säkerhets-SM 2021, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.

To try the challenges on your own, see: github.com/Kodsport/sakerhetssm-2021-solutions

Contents:

0:00:00 Intro
0:02:51 Web - Bästa Bloggen
0:16:24 Web - XSS with Animations
0:32:25 Web - myFirstPHPProject
1:01:11 Web - The Secret Club
1:04:21 Web - Undvik Handskakning
1:08:16 Misc - Affisch
1:42:19 Outro

Säkerhets-SM 2021 Challenge Solutions Part 1

Calle Svensson 2021-04-02 | March 26-28, the 2021 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.

For more info and to participate: https://sakerhetssm.se/

I will host a stream where I will go through the challenges from Säkerhets-SM 2021, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.

To try the challenges on your own, see: github.com/Kodsport/sakerhetssm-2021-solutions

Contents:

0:00:00 Intro
0:15:48 Forensics
0:16:22 Forensics - Datorer AB
0:29:11 Forensics - PDF Padlock
0:37:39 Forensics - Herr Robot
0:50:09 Forensics - Skumt Ljud
1:31:18 Forensics - Anamorfos
1:45:25 Forensics - Mosad Bild
2:09:26 Pwn - Buffertspill
2:43:11 Pwn - Printf i en loop
3:17:36 Reversing - Durins Dörrar
3:20:47 Reversing - Isengård
4:11:22 Reversing - Barad-Dur
4:51:12 Reversing - Kodlås
5:03:23 Reversing - Skum Kod
5:30:30 Reversing - Outro

Blind solving the Nixu challenge - Part 2

Calle Svensson 2021-01-20 | In this series of streams I will attempt to solve some of the challenges of the "The Nixu Challenge" (thenixuchallenge.com/). In this part we take a look at:

- Bad memories - part 1
- Bad memories - part 3

Blind solving the Nixu challenge - Part 1

Calle Svensson 2021-01-13 | In this series of streams I will attempt to solve some of the challenges of the "The Nixu Challenge" (thenixuchallenge.com/). In this part we take a look at:

- Device Control Pwnel
- Device Control Pwnel - part 2
- AIMLES - staging

Blind solving a crackme by s4tan - Part 3/3

Calle Svensson 2020-11-19 | In this video series I'm solving a so called "crackme" challenge posted by Antonio "s4tan" Parata (twitter.com/s4tan). I have not looked at the challenge before or between these streams. This is to show how I'm thinking when approaching a challenge like this and how I use the different tools involved. If you have any comments or questions about this or reverse engineering, please leave a comment and if you would like to see more streams like this, consider subscribing.

Part 1 - youtube.com/watch?v=NJamb40GSYY
Part 2 - youtube.com/watch?v=6y4tfVWH-qM
Part 3 - youtube.com/watch?v=kuhu9VEASQI

Blind solving a crackme by s4tan - Part 2/3

Calle Svensson 2020-11-15 | In this video series I'm solving a so called "crackme" challenge posted by Antonio "s4tan" Parata (twitter.com/s4tan). I have not looked at the challenge before or between these streams. This is to show how I'm thinking when approaching a challenge like this and how I use the different tools involved. If you have any comments or questions about this or reverse engineering, please leave a comment and if you would like to see more streams like this, consider subscribing.

Part 1 - youtube.com/watch?v=NJamb40GSYY
Part 2 - youtube.com/watch?v=6y4tfVWH-qM
Part 3 - youtube.com/watch?v=kuhu9VEASQI

Blind solving a crackme by s4tan - Part 1/3

Calle Svensson 2020-11-10 | In this video series I'm solving a so called "crackme" challenge posted by Antonio "s4tan" Parata (twitter.com/s4tan). I have not looked at the challenge before or between these streams. This is to show how I'm thinking when approaching a challenge like this and how I use the different tools involved. If you have any comments or questions about this or reverse engineering, please leave a comment and if you would like to see more streams like this, consider subscribing.

Part 1 - youtube.com/watch?v=NJamb40GSYY
Part 2 - youtube.com/watch?v=6y4tfVWH-qM
Part 3 - youtube.com/watch?v=kuhu9VEASQI

How a not so random number broke the PS3 #MegaFavNumbers

Calle Svensson 2020-09-01 | This video explains how Sony's flawed implementation of elliptic curve cryptography enabled hackers to gain control of the Playstation 3 and run their own software on it.

This video is part of the MegaFavNumbers project. Maths YouTubers have come together to make videos about their favourite numbers bigger than one million, which is called #MegaFavNumbers.

My links:
Website: zeta-two.com
Twitter: twitter.com/ZetaTwo
Patreon: patreon.com/ZetaTwo
Check out other security creators at: securitycreators.video

Intro to ECC: https://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/
Script (including links to more sources): docs.google.com/document/d/1riSbs2LRCkK4RwSaMnTzRSDFjgWvQ4galxGvMmwxi2E/edit?usp=sharing

Images used (Creative Commons):
en.wikipedia.org/wiki/File:Private_key_signing.svg
commons.wikimedia.org/wiki/File:Silver_Playstation_3_icon.png
commons.wikimedia.org/wiki/File:PS3-slim-console.png
en.wikipedia.org/wiki/File:George_Hotz_at_TechCrunch_Disrupt.jpg
xkcd.com/221

Blind solving the Knowit Hack AB CTF - Part 2

Calle Svensson 2020-07-14 | Going to attempt a blind solve of the Knowit Hack AB CTF

Blind solving the Knowit Hack AB CTF

Calle Svensson 2020-06-02 | Going to attempt a blind solve of the Knowit Hack AB CTF

Solving the Knowit AD Lab

Calle Svensson 2020-05-30 | Going through the solution to the Knowit AD Lab CTF

Säkerhets-SM 2020 Challenge Solutions Part 3/3

Calle Svensson 2020-03-19 | March 13-15, the 2020 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.

For more info and to participate: https://sakerhetssm.se/

I will host a stream where I will go through the challenges from Säkerhets-SM 2020, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.

Contents:
00:00 - Introduction

Forensics challenges:
02:15 - Korrumperad Katt
06:30 - Beautiful Birds
13:15 - Unzip me
20:05 - Ett äpple om dagen
01:20:25 - Torktumlad zip

Web challenges:
01:41:20 - Dos protection

boot2root challenges:
02:19:50 - Knowit 1 - Initial
02:42:50 - Knowit 2 - User
02:55:15 - Knowit 3 - Root

Crypto challenges:
03:09:50 - Konstig kloss

03:18:45 - Outro

Part 1: youtube.com/watch?v=CYBGQ9Zp6UQ
Part 2: youtube.com/watch?v=mEeccIodvFQ
Part 3: youtube.com/watch?v=Od8QJwQpbkk

Säkerhets-SM 2020 Challenge Solutions Part 2/3

Calle Svensson 2020-03-18 | March 13-15, the 2020 edition of the Swedish High-School CTF championships, "Säkerhets-SM", took place. The competition aims to bring high school students (and others) some nice security challenges and expose them to the fantastic world of CTFs.

For more info and to participate: https://sakerhetssm.se/

I will host a stream where I will go through the challenges from Säkerhets-SM 2020, how to approach them and how to solve them. Note that the competition is (at least partially) in Swedish but this stream will be in English.

Contents:
00:00 - Introduction

Pwn challenges
02:20 - Miniräknare
07:40 - Hello, World
40:10 - Echo service
01:05:40 - Notebook

Crypto challenges
01:37:20 - Baby Crypto
01:43:50 - Gömt Meddelande
01:51:35 - Risigt Strukturerad Algebra
01:59:45 - Kryptiska apkonster
02:16:15 - Konstig kloss, part 1

02:32:20 - Outro

Part 1: youtube.com/watch?v=CYBGQ9Zp6UQ
Part 2: youtube.com/watch?v=mEeccIodvFQ
Part 3: youtube.com/watch?v=Od8QJwQpbkk

Pwny Racing - Episode 11

Calle Svensson 2019-12-28 | Commentators: Zeta Two & LarsH
Challenge author: LarsH
Participants: PewZ, nsr, niklasb and phLaul
Winner: niklasb

Episode info and challenge download: https://pwny.racing/episodes/episode11/

Pwny Racing - Episode 10

Calle Svensson 2019-11-30 | Commentators: Zeta Two & b0bb
Challenge author: b0bb
Participants: Peace-Maker, NotDeGhost, night_f0x & spq
Winner: night_f0x

Episode info and challenge download: https://pwny.racing/episodes/episode10/

Pwny Racing - CSAW Special

Calle Svensson 2019-11-08 | Commentators: Jordan, Rusty and Josh

Episode info: https://pwny.racing/episodes/episode-csaw/
Tournament bracket: challonge.com/csaw_pwny_racing

9:00 Game 1: PPP v GreyHatGT
57:10 Game 3: Sice Squad v Antisice Amigos
1:38:15 Game 4: Zero Cost Abstractions v RPISEC
2:58:34 Game 2: Sigpwny v Kernel Sanders
4:38:44 Game 5: Perfect Blue v PPP
5:44:11 Game 6: Kernel Sanders v dcua
6:34:04 Game 7: Sice Squad v Perfect Blue
7:20:43 Game 8: Kernel Sanders v Zero Cost Abstractions
8:46:14 Game 10: Kernel Sanders v Perfect Blue
10:05:58 Game 9: Zero Cost Abstractions v Sice Squad

Pwny Racing - Episode 9

Calle Svensson 2019-10-26 | Commentators: Zeta Two & b0bb
Challenge author: b0bb
Participants: niklasb, jazzy, mightymo, zzz
Winner: niklasb

Episode info and challenge download: https://pwny.racing/episodes/episode9/

Pwny Racing - Episode 8

Calle Svensson 2019-09-28 | Commentators: Zeta Two & b0bb
Challenge author: b0bb
Participants: XeR, nneonneo, honululu & nandayo
Winner: nneonneo

Technical issues starts at 08:30
Technical issues resolved at 16:45

Episode info and challenge download: https://pwny.racing/episodes/episode8/

Pwny Racing - Community Challenge 1

Calle Svensson 2019-08-31 | In this video we do a run through of the Pwny Racing Community Challenge #1. We explain the challenge, the bugs, how to exploit it and some general tips and tricks when it comes to reverse engineering and exploitation.

Hosts: ZetaTwo & b0bb
Challenge author: b0bb

More information about the community challenge: https://pwny.racing/communitychallenge/

Pwny Racing - Episode 7

Calle Svensson 2019-08-22 | Commentators: Zeta Two & Vito
Challenge author: b0bb
Participants: spq, zap, quend and aweinstock
Winner: spq

Stream starts at 19:25

Episode info and challenge download: https://pwny.racing/episodes/episode7/

Pwny Racing - Episode 6

Calle Svensson 2019-07-27 | Commentators: Zeta Two & b0bb
Challenge author: b0bb
Participants: acez, blasty, likvidera
Winner: acez

Stream starts at 08:52

Episode info and challenge download: https://pwny.racing/episodes/episode6/

Pwny Racing - Episode 5

Calle Svensson 2019-06-29 | Commentators: Zeta Two & b0bb
Challenge author: b0bb
Participants: nneonneo, KidOfArcania, ottizy & MurmusCTF
Winner: nneonneo

Stream starts at 10:40

Episode info and challenge download: https://pwny.racing/episodes/episode5/

Pwny Racing - Episode 4

Calle Svensson 2019-05-25 | Commentators: Zeta Two & b0bb
Challenge author: b0bb
Participants: laxa, mrtumble, kileak & Lord_Idiot
Winner: Lord_Idiot

Stream starts at 10:10

Episode info and challenge download: https://pwny.racing/episodes/episode4/

Pwny Racing - Episode 3

Calle Svensson 2019-04-13 | Commentators: Zeta Two & b0bb
Challenge author: b0bb
Participants: jinmo, mak and retr0id
Winner: jinmo

Stream starts at 09:55

Episode info and challenge download: https://pwny.racing/episodes/episode3/

Welcome to the third episode of Pwny Racing in which the participants race to be the first to solve a pwnable challenge.

Säkerhets-SM 2019 Challenge Solutions

Calle Svensson 2019-03-19 | Säkerhets-SM (Swedish high-school championship in hacking), https://sakerhetssm.se/ just finished and I was part of the organizing group. In this live stream I will go through and solve the challenges from the competition and explain methodology, tools and how to approach different challenges.

Pwny Racing - Episode 2

Calle Svensson 2019-03-09 | Commentators: Zeta Two & b0bb
Crew: LarsH
Challenge author: b0bb
Participants: borysp, zap, vos and hpmv
Winner: vos

Stream starts at 08:45
Episode info and challenge download: https://pwny.racing/episodes/episode2/

Welcome to the second episode of Pwny Racing in which the participants race to be the first to solve a pwnable challenge.

Our test run was a huge success and we will therefore continue the concept. We will be back in this second episode with new participants and a new challenge. Hopefully, we'll have some improvements to the setup in place as well.

Pwny Racing - Episode 1

Calle Svensson 2019-02-09 | Commentators: Zeta Two & b0bb
Challenge author: b0bb
Participants: jay, endeavor and Murmus
Winner: Murmus

Stream starts at 05:28

Episode info and challenge download: https://pwny.racing/episodes/episode1/

Welcome to the first episode of Pwny Racing in which the participants race to be the first to solve a pwnable challenge. This episode is something of a test run where we try out the concept and see that the technical side is working. The stream starts at 05:28 there is some doubled audio the first few minutes. Sorry for that.

Hacking with Zeta Two - Guest lecture on Basics of Binary Exploitation at KTH 29/1 2019

Calle Svensson 2019-02-05 | On the 29th of January, I was invited as a guest lecturer as part of the Ethical Hacking course at the Royal Institute of Technology, KTH, here in Stockholm where I once studied, to talk about the basics of binary exploitation. The awesome AV crew at KTH recorded the talk and I'm publishing it here for everyone to enjoy. Slides are available on my website: zeta-two.com/education/2019/02/05/kth19-talk.html

OverTheWire Advent Bonanza 2018 - Challenge 13, Honor The Gods

Calle Svensson 2018-12-17 | This video is how I "solved" challenge 13 of the OverTheWire Advent calendar CTF. The meatballs and pasta turned out fairly well actually. I'm proud.

OverTheWire Advent Bonanza 2018: advent2018.overthewire.org

Solving an old challenge by LarsH

Calle Svensson 2018-10-20 | Doing a blind solve of an old challenge by my teammate LarsH

Solving the MurmusCTF community challenge

Calle Svensson 2018-09-25 | I will participate in the community challenge created by MurmusCTF (twitter.com/MurmusCTF) where multiple people stream/record solving the same challenge. I have not looked at the challenge nor the other streamers before attempting this.

Post stream comment:
Unfortunately, I did solve the challenge but the stream still contain a lot of good parts I think. If you are watching this afterwards and are short on time I would primarily recommend the first 1.5 hours and then skip to around the 2:30 mark and watch an hour from there.

Rough timeline:

Part 1 - Arbitrary read/write
00:00:00 - Intro
00:03:30 - Initial reversing
00:08:45 - First run
00:12:00 - Setup dynamic testing environment
00:15:00 - Suspected relative read/write primitive
00:20:00 - Suspected arbitrary read/write primitive
00:23:00 - Script read/write primitive
00:33:00 - First debugging
00:36:00 - Arbitrary read confirmed
00:47:00 - Leak data
00:50:00 - rand() prediction possible
00:58:00 - read GOT
01:01:00 - try to overwrite GOT
01:12:00 - realize Full RELRO = GOT readonly
01:18:00 - start looking for other methods
01:26:00 - checkpoint summary
01:30:30 - find stack relative write
01:32:00 - struggle starts
02:07:00 - fail at googling (this is where everything went wrong)

Part 2 - Unintended solution
02:12:00 - increment ret ptr
02:33:00 - discussion about memory corruption
02:35:00 - struggle continues
02:53:00 - new exotic idea
03:05:00 - ret increments idea formalized
03:09:00 - relative jmp in libc
03:23:00 - relative jmp scripted and ready

Part 3 - Gadget hunting
03:42:00 - recap
04:33:00 - the 3 hour exploit
04:38:00 - gadget hunting continues
05:08:00 - surrender

Solving q3ks hardflag challenge pt.2

Calle Svensson 2018-07-30 | In the last stream, I made an attempt to solve of a CTF challenge called "hardflag" created by q3k for the WCTF 2018. I hadn't looked at the challenge beforehand and it proved very hard. After the stream, I spent more time during the week to try to solve it and finally managed to do so. In this stream I will go through what I did, how I did it, what I learned from the process and the mistakes I made. Hopefully, it will give some insight to how you can approach these kind of problems.

Solving q3ks hardflag challenge

Calle Svensson 2018-07-21 | I will try to do a blind solve of a CTF challenge called "hardflag" created by q3k for the WCTF 2018. I haven't looked at the challenge beforehand but judging from the tweet it involves Verilog and RISC-V, two concepts I have not worked with so this is going to take a while. Enjoy the ride.

Walkthrough of dJulkalendern 2017

Calle Svensson 2017-12-25 | Speed solving and doing a walkthrough of the dJulkalendern 2017 puzzle (https://djul.datasektionen.se)

Table of Contents:
Start: 03:15
Day 00: 04:50
Day 01: 05:55
Day 04: 08:10
Day 05: 12:20
Day 06: 17:55
Day 07: 19:35
Day 08: 25:45
Day 11: 32:30
Day 12: 37:25
Day 13: 40:20
Day 14: 46:10
Day 15: 50:40
Day 18: 1:00:50
Day 19: 1:06:20
Day 20: 1:11:05
Day 21: 1:23:45
Day 22: 1:40:10
Day -1: 2:00:25

Solving a CTF challenge by @nxsolle

Calle Svensson 2017-11-25 | Blind solve of a CTF challenge by @nxsolle

Solving a crackme by Xvpz

Calle Svensson 2017-11-18 | Blind solve of a crackme by Xvpz

Challenge download: https://crackmes.one/crackme/5ab77f5333c5d40ad448c0dd

SMT in reverse engineering, for dummies

Calle Svensson 2016-11-05 | This is a re-recording of my lightning talk "SMT in reverse engineering, for dummies" which I presented at SEC-T 0x09 (sec-t.org) this September.

The talk introduces how SMT can be used in reverse engineering with the help of tools such as Z3 (z3.codeplex.com) and angr (http://angr.io).

The code I'm referring to in the presentation can be found on my website (zeta-two.com/education/2016/09/08/sect2016-talk.html)