- [murmur](#murmur)
- [Brutal Oldskull](#brutal-oldskull)

# murmur

I had a TOEIC test last weekend, so I did not spend too much time on TeaserDragon.

The Challenges are interesting, though I did not solve them during contest, except the `Brutal Oldskull` is a give away questions.

# Brutal Oldskull

What the binary basically do is :

1. get input
2. use input to decode an area `unk_405020` with length `0x4c8e`
3. do MD5 to that area with length `0x4c8e-0x20`
4. compare the "printable" hex result of MD5 with the last 0x20 byte (as "string" ) of the area (the part which was not MD5 input)
5. do the samething with input2, input3, input4 but with length `0x4c6e`,`0x4c4e`,`0x4c2e`
6. The decode area is actually a `PE` file. Extract it to `C:\HOME\AppData\Local\Temp\oldskull_checker.exe` then execute it to check `FLAG`

So, dump that area then write a python script to get the code.

(part, the complete script is under this directory)

import ctypes
import string
import hashlib

def code1(x,y,z):
temp = [0]*y
for i in range(y):
temp[i] = ((ord(x[i])^z) - ((z>>8)&0xff))&0xff
z = ctypes.c_int16(z*25331).value
return temp

l = [0x4c8e, 0x4c6e, 0x4c4e, 0x4c2e]

for z in l:
for i in range(0x10000):
final = code1(x,z,i)
no = False
for j in map(chr,final[-32:]):
#speed up, if the last 32 byte is not printable, skip
if j not in string.letters+string.digits:
no = True
if not no:
o = hashlib.md5(''.join(map(chr,final[:-32]))).hexdigest()
if ''.join(map(chr,final[-32:])) == o:
print hex(i)
x = map(chr,final[:z])

`oldskull_checker` would compare the resuilt of `FLAG` xor `0x8f` to `[0xCB 0xFD 0xE8 0xE1 0xDC 0xF4 0xD8 0xEE 0xEE 0xEE 0xF6 0xDB 0xE0 0xE0 0xCA 0xD5 0xAE 0xAE 0xBE 0xF2]`

flag is `DrgnS{WaaayTooEZ!!1}`

Original writeup (https://github.com/terrynini/CTF-writeup/tree/master/TeaserDragon-CTF-2018-quals).