RSS
 

Posts Tagged ‘firmware’

Hackvent 2019: Day 20

20 Dec 2019
CTF: Hackvent 2019
Link to challenge: https://academy.hacking-lab.com
Date Completed: 20 December 2019

Challenge

HV19.20 i want to play a game

Resource mirror: HV19-game.zip

Solution

We are given a binary and told it is something obscure we have to reverse. We download the binary and open it in IDA. After some digging around we realise the file has something to do with the PS4 and this is consistent with the hint in the zip file name too.

We dig around in IDA where we find a single main()  method. We see that we seem to read in a file called  /mnt/usb0/PS4UPDATE.PUP and then take the MD5 hash of this file and compare it to f86d4f9d2c049547bd61f942151ffb55. After googling this hash we find the file in question is the PS4 5.05 firmware.

We decide to decompile the code to C and are presented with the following:

The above decompilation is not perfect but we see the general structure of the program. First we initialise an array of 32 bytes with some data from byte_300 and store this as our flag data. Next we open our  /mnt/usb0/PS4UPDATE.PUP file. We initialise our file pointer value to  0x1337 and start looping, adding  0x1337 to our seek pointer each iteration. Finally, we read 26 bytes from the file and xor this with the current flag dataAt the end, we should our flag in our array.

We translate this to python code and get the following:

Running this gives us our flag!

Flag:  HV19{C0nsole_H0mebr3w_FTW}

 
No Comments

Posted in Hackvent 2019