BITSCTF 2026 - safe not safe - Reverse Engineering Writeup

238 words

1 minute

BITSCTF 2026 - safe not safe - Reverse Engineering Writeup

2026-02-22

Writeup

CTF

/

Security

/

Reverse Engineering

Category: Reverse Engineering

Flag: BITSCTF{7h15_41n7_53cur3_571ll_n07_p47ch1ng_17}

Challenge Description#

Given dist.zip with ARM kernel image. Remote: nc 135.235.195.203 3000. Flag on /dev/vda.

Analysis#

Challenge binary /challenge/lock_app is SUID root. Core math:

1
m1 = ((uint32_t)(a * 0x7A69) + b) % 1_000_000
2
m2 = (a ^ b) % 1_000_000
3
challenge = u ^ m1
4
response  = u ^ m2
5

6
response = challenge ^ m1 ^ m2

Binary uses glibc random_r with predictable state based on startup time.

Solution#

Reproduce RNG behavior with ctypes, rebuild S-box from time-derived seed:

1
# !/usr/bin/env python3
2
import ctypes
3
import re
4
import socket
5
import time
6

7
HOST = "135.235.195.203"
8
PORT = 3000
9

10
class RandomData(ctypes.Structure):
11
    _fields_ = [
12
        ("fptr", ctypes.c_void_p),
13
        ("rptr", ctypes.c_void_p),
14
        ("state", ctypes.c_void_p),
15
        ("rand_type", ctypes.c_int),
16
        ("rand_deg", ctypes.c_int),
17
        ("rand_sep", ctypes.c_int),
18
        ("end_ptr", ctypes.c_void_p),
19
    ]
20

21
libc = ctypes.CDLL("libc.so.6")
22

23
class GlibcRandomR:
24
    def __init__(self):
25
        self.rd = RandomData()
26
        self.statebuf = (ctypes.c_char * 128)()
27
        libc.initstate_r(1, ctypes.cast(self.statebuf, ctypes.c_char_p),
28
                         ctypes.sizeof(self.statebuf), ctypes.byref(self.rd))
29

30
    def reseed(self, seed: int):
31
        libc.srandom_r(ctypes.c_uint(seed).value, ctypes.byref(self.rd))
32

33
    def next_u32(self) -> int:
34
        out = ctypes.c_int()
35
        libc.random_r(ctypes.byref(self.rd), ctypes.byref(out))
36
        return ctypes.c_uint32(out.value).value
37

38
def build_sbox(start_seed):
39
    rng = GlibcRandomR()
40
    rng.reseed(start_seed)
41
    rng.next_u32()
42
    rng.next_u32()
43
    s = list(range(256))
44
    for i in range(255, 0, -1):
45
        j = rng.next_u32() % (i + 1)
46
        s[i], s[j] = s[j], s[i]
47
    return s
48

49
def compute_response(challenge, sbox, challenge_seed):
50
    rng = GlibcRandomR()
51
    rng.reseed(challenge_seed)
52
    a = transform32(rng.next_u32(), sbox)
53
    b = transform32(rng.next_u32(), sbox)
54
    m1 = ((((a * 0x7A69) & 0xFFFFFFFF) + b) & 0xFFFFFFFF) % 1_000_000
55
    m2 = (a ^ b) % 1_000_000
56
    return (challenge ^ m1 ^ m2) & 0xFFFFFFFF
57

58
# Parse time, rebuild S-box, request challenge, compute response, submit
59
# ... (connection handling) ...