From 35fe1b6e18986e29973d53b8c1205bcec72c1020 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Thu, 25 May 2017 19:47:29 +0200 Subject: [PATCH] Creato client per il PoliCTF --- polictf/pasticciotto_local.cpp | 121 +++++++++++++++++++++++++++++++++ polictf/res/banner.txt | 10 +++ polictf/res/compiled.pstc | Bin 0 -> 266 bytes 3 files changed, 131 insertions(+) create mode 100644 polictf/pasticciotto_local.cpp create mode 100644 polictf/res/banner.txt create mode 100644 polictf/res/compiled.pstc diff --git a/polictf/pasticciotto_local.cpp b/polictf/pasticciotto_local.cpp new file mode 100644 index 0000000..e4ca015 --- /dev/null +++ b/polictf/pasticciotto_local.cpp @@ -0,0 +1,121 @@ +#include "../vm/vm.h" +#include +#include +#include +#include + +int main(int argc, char *argv[]) { + unsigned char banner[] = { + 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, + 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x5f, 0x5f, + 0x5f, 0x0a, 0x7c, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5c, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x2f, 0x20, 0x20, 0x7c, 0x20, 0x7c, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, + 0x7c, 0x7c, 0x5f, 0x5f, 0x5f, 0x5f, 0x20, 0x7c, 0x7c, 0x5f, 0x5f, 0x5f, + 0x20, 0x20, 0x2f, 0x0a, 0x7c, 0x20, 0x7c, 0x5f, 0x2f, 0x20, 0x2f, 0x5f, + 0x20, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x7c, 0x20, 0x7c, 0x5f, 0x20, 0x5f, + 0x20, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x5f, 0x20, + 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x7c, 0x20, 0x7c, 0x5f, 0x7c, 0x20, 0x7c, + 0x5f, 0x20, 0x5f, 0x5f, 0x5f, 0x20, 0x20, 0x20, 0x5f, 0x5f, 0x20, 0x20, + 0x20, 0x5f, 0x5f, 0x60, 0x7c, 0x20, 0x7c, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20, + 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x0a, 0x7c, 0x20, 0x20, 0x5f, 0x5f, 0x2f, + 0x20, 0x5f, 0x60, 0x20, 0x2f, 0x20, 0x5f, 0x5f, 0x7c, 0x20, 0x5f, 0x5f, + 0x7c, 0x20, 0x7c, 0x2f, 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x5f, 0x7c, + 0x20, 0x7c, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x7c, 0x20, 0x5f, 0x5f, 0x7c, + 0x20, 0x5f, 0x5f, 0x2f, 0x20, 0x5f, 0x20, 0x5c, 0x20, 0x20, 0x5c, 0x20, + 0x5c, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x7c, 0x20, 0x7c, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x5c, 0x20, 0x5c, 0x20, 0x20, 0x20, 0x20, 0x5c, 0x20, 0x5c, + 0x20, 0x20, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x0a, 0x7c, 0x20, 0x7c, 0x20, + 0x7c, 0x20, 0x28, 0x5f, 0x7c, 0x20, 0x5c, 0x5f, 0x5f, 0x20, 0x5c, 0x20, + 0x7c, 0x5f, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x7c, 0x20, 0x28, 0x5f, + 0x5f, 0x7c, 0x20, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x7c, 0x20, 0x7c, + 0x5f, 0x7c, 0x20, 0x7c, 0x7c, 0x20, 0x28, 0x5f, 0x29, 0x20, 0x7c, 0x20, + 0x20, 0x5c, 0x20, 0x56, 0x20, 0x2f, 0x20, 0x5f, 0x7c, 0x20, 0x7c, 0x5f, + 0x2e, 0x5f, 0x5f, 0x5f, 0x2f, 0x20, 0x2f, 0x2e, 0x5f, 0x5f, 0x5f, 0x2f, + 0x20, 0x2f, 0x2e, 0x2f, 0x20, 0x2f, 0x20, 0x20, 0x20, 0x0a, 0x5c, 0x5f, + 0x7c, 0x20, 0x20, 0x5c, 0x5f, 0x5f, 0x2c, 0x5f, 0x7c, 0x5f, 0x5f, 0x5f, + 0x2f, 0x5c, 0x5f, 0x5f, 0x7c, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5f, 0x5c, + 0x5f, 0x5f, 0x5f, 0x7c, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f, 0x20, + 0x5c, 0x5f, 0x5f, 0x7c, 0x5c, 0x5f, 0x5f, 0x5c, 0x5f, 0x5f, 0x5f, 0x2f, + 0x20, 0x20, 0x20, 0x20, 0x5c, 0x5f, 0x28, 0x5f, 0x29, 0x5c, 0x5f, 0x5f, + 0x5f, 0x2f, 0x5c, 0x5f, 0x5f, 0x5f, 0x5f, 0x28, 0x5f, 0x29, 0x5f, 0x5f, + 0x5f, 0x5f, 0x2f, 0x20, 0x5c, 0x5f, 0x2f, 0x20, 0x20, 0x20, 0x20, 0x0a, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x0a, 0x20, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, + 0x5c, 0x2f, 0x7c, 0x20, 0x20, 0x0a, 0x7c, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, 0x2f, 0x2f, 0x5c, + 0x2f, 0x2f, 0x5c, 0x2f, 0x20, 0x20, 0x20}; + + uint8_t a[] = {0x24, 0x00, 0x38, 0x08, 0x2f, 0x18, + 0x3f, 0x40, 0x51, 0x5f, 0x53, 0x4e}; + uint8_t b[] = "totallyrandom"; + uint8_t *c = new uint8_t[12]; // PoLiCtF2017! + unsigned char bc[] = { + 0x50, 0x00, 0xde, 0xad, 0x50, 0x01, 0xb0, 0x0b, 0xc1, 0x00, 0x00, 0x00, + 0xc1, 0x02, 0x00, 0x01, 0x50, 0x00, 0xb0, 0x0b, 0x50, 0x01, 0xfa, 0xce, + 0xc1, 0x04, 0x00, 0x00, 0xc1, 0x06, 0x00, 0x01, 0x50, 0x00, 0x00, 0x00, + 0x4d, 0xda, 0x00, 0xd4, 0x20, 0x50, 0x04, 0x00, 0x00, 0x53, 0x04, 0x50, + 0x00, 0x00, 0x00, 0x50, 0x01, 0x02, 0x00, 0xd5, 0x04, 0xd5, 0x14, 0x4d, + 0x5b, 0x00, 0x87, 0x04, 0x86, 0x04, 0x01, 0x00, 0x8c, 0x42, 0x79, 0x2d, + 0x00, 0x0e, 0x00, 0x00, 0x00, 0x0e, 0x01, 0x02, 0x00, 0x0e, 0x02, 0x04, + 0x00, 0x0e, 0x03, 0x06, 0x00, 0xcd, 0x0a, 0x53, 0x01, 0x53, 0x02, 0x53, + 0x03, 0x83, 0x20, 0x83, 0x31, 0x50, 0x04, 0x00, 0x00, 0x50, 0x05, 0x00, + 0x00, 0x53, 0x04, 0x86, 0x05, 0x6f, 0x62, 0x53, 0x05, 0xd4, 0x43, 0x25, + 0x04, 0x04, 0x00, 0x86, 0x04, 0x65, 0x70, 0xd4, 0x53, 0x87, 0x07, 0xd5, + 0x57, 0x53, 0x07, 0x6c, 0x45, 0x53, 0x04, 0xd4, 0x43, 0xb1, 0x04, 0x05, + 0x00, 0x86, 0x04, 0x65, 0x70, 0x87, 0x05, 0x6c, 0x45, 0xd5, 0x24, 0xd4, + 0x42, 0x25, 0x04, 0x04, 0x00, 0x86, 0x04, 0x75, 0x72, 0xd4, 0x52, 0x87, + 0x07, 0xd5, 0x57, 0x53, 0x07, 0x6c, 0x45, 0x53, 0x04, 0xd4, 0x42, 0xb1, + 0x04, 0x05, 0x00, 0x86, 0x04, 0x73, 0x6e, 0x87, 0x05, 0x6c, 0x45, 0xd5, + 0x34, 0x87, 0x05, 0x87, 0x04, 0x86, 0x04, 0x01, 0x00, 0x2b, 0x04, 0x7f, + 0x79, 0x6d, 0x00, 0x81, 0x02, 0x81, 0x13, 0x87, 0x03, 0x87, 0x02, 0x87, + 0x01, 0xa9, 0x53, 0x01, 0x53, 0x02, 0x53, 0x03, 0xd4, 0x60, 0x50, 0x05, + 0x00, 0x00, 0x83, 0x46, 0x2b, 0x04, 0x00, 0x78, 0x01, 0x01, 0x50, 0x06, + 0x00, 0x00, 0x86, 0x05, 0x01, 0x00, 0xd5, 0x65, 0x83, 0x46, 0x2b, 0x04, + 0x00, 0xcd, 0x80, 0xee, 0x00, 0xd4, 0x05, 0x87, 0x03, 0x87, 0x02, 0x87, + 0x01, 0xa9}; + unsigned int bclen = 266; + + for (uint8_t i = 0; i < 12; i++) { + c[i] = a[i] ^ b[i % 13]; + } + + printf("%s", banner); + printf("\nHmmm...\n"); + VM vm(c, bc, bclen); + vm.run(); + return 0; +} \ No newline at end of file diff --git a/polictf/res/banner.txt b/polictf/res/banner.txt new file mode 100644 index 0000000..3714f64 --- /dev/null +++ b/polictf/res/banner.txt @@ -0,0 +1,10 @@ +______ _ _ _ _ _ __ _____ _____ ______ +| ___ \ | | (_) (_) | | | | / | |____ ||____ ||___ / +| |_/ /_ _ ___| |_ _ ___ ___ _ ___ | |_| |_ ___ __ __`| | / / / / / / +| __/ _` / __| __| |/ __/ __| |/ _ \| __| __/ _ \ \ \ / / | | \ \ \ \ / / +| | | (_| \__ \ |_| | (_| (__| | (_) | |_| || (_) | \ V / _| |_.___/ /.___/ /./ / +\_| \__,_|___/\__|_|\___\___|_|\___/ \__|\__\___/ \_(_)\___/\____(_)____/ \_/ + + + /\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\/| +|/\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\//\/ \ No newline at end of file diff --git a/polictf/res/compiled.pstc b/polictf/res/compiled.pstc new file mode 100644 index 0000000000000000000000000000000000000000..8500d120749b918d578a0215f091cfc01163d225 GIT binary patch literal 266 zcmYk0J&FQB6ol*bydFVelHCIsxRDqLo?t{Xp|OJvOk}~#KNLYDm4WHRi) zm1W@?IqkWIjZ12?vcnfDE~)jrpgKmDCz`z9&2SXQHxn3P=)0V^V?Uhqn~W`y3V~D- N+@x@Bhd)^P