Hackvent 2019: Day 14

14 Dec 2019
CTF: Hackvent 2019
Link to challenge:
Date Completed: 14 December 2019



HV19.14 Achtung das Flag



We are provided with some Perl code so we decide to run it. We realise we need the Tk module which seems to be some GUI library for Perl.
After running the code we are presented with a game which allows us to control the direction of a line with the letters N and M. We also see letters on the screen which look like parts of the flag!

So we start playing this game for fun but realise its very difficult to win the game ends when we hit the line or borders. Therefore, we give ourselves godmode by replacing  $i->cancel();  with  1. However, even if we cheat at the game there are just too many characters and it all gets too messy so we don’t peruse this avenue any further:

Instead, we try to manually deobfustrate the perl code. We don’t need to deobfustrate the whole program, only the parts that spit the cyan coloured text.
Before we do this we use PerlTidy to clean up our code a little.

We follow the word cyan in the __DATA__ segment which we discover is tied to the $z variable. In the call to createText , we see that $d28Vt03MEbdY0  is variable holding the code reference with the flag text components. We’ll use built in B::Deparse  to deparse this. However, it seems like the code actually mutates data so we cannot simply evaluate $d28Vt03MEbdY0  code twice. Therefore, we replace it with an empty string in the actual text to be displayed and print the text to the console instead. We also replace  $q==$t&&$T->() with  $T->() to ensure that the next component is displayed each frame regardless of any checks (i.e. interception check). Finally, we change the FPS in the repeat loop to 1  so the program executes and ends quickly.

Our new code looks like this (with modified lines highlighted):

We run the perl program again and it prints out an interesting but working flag!

Flag:  HV19{s@@jSfx4gPcvtiwxPCagrtQ@,y^p-za-oPQ^a-z\x20\n^&&s[(.)(..)][\2\1]g;s%4(...)%"p$1t"%ee}


This challenge also contained the solution to HV19.H4 Hidden Four.

No Comments

Posted in Hackvent 2019


Leave a Reply