AIS2023 CTF Quals
Thoughts
Team profile
I am b09902078 which corresponds to my student ID.
Solved problems
Summary
This CTF qualification competitions is the final exam of the courses Computer Security Fall 2022 in NTU. There are 4 questions in each category included Web, Crypto, Pwn, Reverse, Misc, Revenge. The Revenge category is the set of upgraded question (more difficult) of the problem which solved by many people.
My thoughts
This final exam was hosted at 18th week for 3 days which is already holiday for most of the students in NTU. All of my friends already back to hometown (malaysia) and gathered with family to prepare celebrate new year, meanwhile I have to solved those difficult problems and brainstorming, which feels lonely and sad at that moment. However, I still have to fight with this qualification with my best and wish these 3 days will pass fastly so that I can finally go back hometown to enjoy my new year holiday XD.
At the beginning of the competition, I managed to solve the pwn problem called ‘how2know_revenge,’ which was familiar to our homework but with a changed level of difficulty. Then, I decided to solved those seem easy problem while dinner. After that, I started to tackle the ‘superums’ pwn problem, which involved heap exploitation. This was my favorite problem, as it was challenging and required a clear understanding of the heap and its corresponding exploit. By the way, this problem took me about 4-5 hours to solve QQ, seem like I have to enhanced my knowledge of heap :(
After solving the ‘superums’ problem, I had originally planned to sleep. However, I found myself unable to rest as I kept thinking that another team might overtake our ranking and create a huge gap. So, I decided to work on some of the easier web problems that seemed solvable. As a result, I was able to solve ‘Gist’ around midnight, which allowed me to finally get some rest.
On the morning of day 2, I attempted to solve ‘real_rop++’, but quickly got stuck and had no idea about how to proceed with the exploitation. However, I noticed that several other teams had already solved this problem, and the number of teams that solved this problem was even greater than the number that solved ‘superums’. This made me think that the solution to this problem was actually easy, but that I just had to figure it out somehow.
After two hours of brainstorming, I gave up on ‘real_rop++’ and instead started working on the ‘Revenge’ problem. I was able to solve ‘Execgen-safe’ and ‘Nekomatsuri’, which were reverse engineering problems.
After solving these two problems, I decided to devote all of my remaining time to solving the ‘real_rop++’ problem, as many teams had already solved it. After a whole night passed, I finally solved it in the afternoon (after brunch XD) and decided to rest well and wait for the end of the competition as I was really tired QQ. Unfortunately, many teams began solving the crypto problem and earned a lot of points since the crypto problem was less solved and had a much higher score.
Result
We get 17th place and get into finals! I am very satisfied with this result as we do our best and we are still newbie, have still a lot of things to learn.