# 32C3 CTF - Flash (Reversing 300)

32C3 CTF was organized along with the Chaos Communication Congress in Hamburg, it started on Dec. 27, 20:00 UTC and lasted 48h until Dec. 29, 20:00 UTC.

# Flash

Points: 300
Category: Reversing
Description This firmware image is secured against manipulation using RSA and MD5. Can you still get around that protection?
The service is available here.

# Our solution

We’re given a gzip compressed file, which includes a sample firmware, the public key and the firmware uploading service backend script.

Running file on the firmware.bin shows that it is an archive. The signature file contained in it seems to be a digital signature that is used to ensure the authenticity of the firmware.

From the python script, we can tell that the verification process is as follows: encrypt(md5(firmware.bin),public_key) == signature

The other interesting finding is the command cmd = 'cd ' + filename + '; ./install'. This tells us that we’ll have to modify the file install to run arbitrary code in order to get the flag.

Simply modifying the firmware will not work, we need to find a way to bypass the signature check. As it is a reversing challenge, and that the RSA key is 2048-bits, I did not attempt to go towards the cryptography direction. Instead, what is interesting is the calc_md5 function.

The function uses regular expression to obtain the MD5 from the output of the subprocess command, and what is interesting is that it takes the first occurance of a 32-characters a-f0-9 string as the MD5 hash (due to re.search().group(0)).

We see that if the firmware archive contains a file with the name of a0e3c9c3262ccf420c789ed55148412c, the calc_md5 will take that as the md5 hash instead of the actual md5 hash.

With that, we can make use of multiple ways to obtain the flag located at /home/challenge/flag.txt. For me, I made use of nc to send the flag back.

Hurray!