ABCTF - 50 - Java Madness - Reverse Engineering

🔗Information

🔗Version

By Version Comment
noraj 1.0 Creation

🔗CTF

  • Name : ABCTF 2016
  • Website : http://abctf.xyz/
  • Type : Online
  • Format : Jeopardy - Student
  • CTF Time : link

🔗Description

Hey if you can get [this][this] to pass some tests you could probably have the flag. [this]:https://mega.nz/#!DpVk3QII!0q_VFSxC2v0bjwodRIPT2UhJTTK3qvYsDMD7JL3qfPo

🔗Solution

  1. Here is the java source code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
public class what_the_hack {

public static void main(String[] args) {

String check = "";

if(args.length != 5){
System.out.println("Almost! (;");
}

else {
for(int i = args.length - 1; i >= 0; i--){
System.out.println(i);
for(int j = args[i].length() - 1; j >= 0; j--){
check += args[i].charAt(j);
System.out.println(args[i].charAt(j));
}
}

if(check.equals("abctf is the coolest ctf")){
System.out.println("Flag: " + "ABCTF{" + args[0] + args[1] + args[2] +args[3] + args[4] + "}");
}
else{
System.out.println(check);
}
}
}
}
  1. Compile the code: javac what_the_hack.java
  2. Run it:
1
2
java what_the_hack
Almost! (;
  1. Analyse the code, there must be 5 strings args:
1
2
3
4
5
6
7
8
9
10
11
12
java what_the_hack a b c d e
4
e
3
d
2
c
1
b
0
a
edcba
  1. By analysing the code we understand that the software display the position of the arg and is content in the reverse order and that the valid check must be abctf is the coolest ctf
  2. So write abctf is the coolest ctf to reverse it:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
java what_the_hack abctf is the coolest ctf
4
f
t
c
3
t
s
e
l
o
o
c
2
e
h
t
1
s
i
0
f
t
c
b
a
ftctseloocehtsiftcba
  1. ftctseloocehtsiftcba is the reverse but we need to space it:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
java what_the_hack 'ftc' ' tselooc' ' eht' ' si' ' ftcba'
4
a
b
c
t
f

3
i
s

2
t
h
e

1
c
o
o
l
e
s
t

0
c
t
f
Flag: ABCTF{ftc tselooc eht si ftcba}
  1. We got it!
Share