5 – TUX-BOMB! (150)
Yeah! We control a zombie server which is connected to a TUX-Bomb. These servers are located in the head of the organization. This bomb can destroy a lot of their servers and employees. But we have no access since we are not in possession of a valid user name and activation key. So here’s your job: Find a way to detonate the TUX-BOMB!
Hint: There is a small typo on your way to the flag – don’t get confused about it. Just use your intuition and everything should work fine!
We are provided with a Windows .exe binary. This binary needs to be run with 22 arguments:
.text:004018F7 loc_4018F7: ; CODE XREF: sub_4014A0+341j .text:004018F7 cmp [ebp+arg_c], 17h .text:004018FB jnz loc_4017E7
It then asks for a username and a product key. The username must meet this condition (expressed in Python):
sum([(ord(c) * 3) for c in username]) == 0x29a
A username that matches that condition is “DMM”:
>>> print hex(sum([(ord(c) * 3) for c in 'DMM'])) 0x29a
So I’ll be using DMM as username.
Then it checks the supplied product key against the 18th argument. If they match, a PDF file named “FLAG.pdf” is dropped. This is the content of the dropped PDF file:
So we first have to solve this (look at the “aoti” typo mentioned in the description of the challenge):
x = (atoi(F)+atoi(l)+atoi(u)+atoi(x)+atoi(f)+atoi(i)+atoi(n)+atoi(g)+aoti(e)+atoi(r)+atoi(s))
So x is:
>>> sum([ord(c) for c in 'Fluxfingers']) 1165
Then we can use WolframAlpha in order to compute the definite integral:
integrate e^(-(sqrt u)) du from u=0 to infinite
You can check it by yourself here: http://www.wolframalpha.com/input/?i=integrate+e^%28-%28sqrt+u%29%29+du+from+u%3D0+to+infinite
The result of the definite integral is 2.
So the key for this challenge is md5( 1165 * 2 – 993 ) = md5(1337) = e48e13207341b6bffb7fb1622282247b.