CTFtime.org / hackrocks & HackArmour CTF / Morpheus / Writeup

# Morpheus

Below you will find the authentication module, which is an exact copy of the existing one on the server,
and which we have prepared so that it can be run directly.

Let's get started!

# Pwn

First, we have a UPX packed file. Let's unpack it.

![UPX unpack](https://raw.githubusercontent.com/Maeglin1908/ctfs-writeups/main/2022_hackrocks_hackarmour/morpheus/screenshots/2022-05-20_22-32-15.png)

Let's check into IDA.

![](https://raw.githubusercontent.com/Maeglin1908/ctfs-writeups/main/2022_hackrocks_hackarmour/morpheus/screenshots/2022-05-24_02-57-40.png)

![IDA C Code Check_pass](https://raw.githubusercontent.com/Maeglin1908/ctfs-writeups/main/2022_hackrocks_hackarmour/morpheus/screenshots/2022-05-20_22-47-28.png)

We can notice an important thing in this last piece of code : `srandom(11235813)`
This is a critical programming error. As the seed of srandom is initialized with a static value, the sequence generated by this function will always be the same.

As it, we can easily reverse this function with a short C program.

```c
#include <stdio.h>
#include <stdlib.h>

int main()
{
srandom(11235813);
int i = 0;
for ( i = 0; i <= 9; ++i )
{
printf("%c", (rand() % 26) + 65);
}

printf("\n");

return 0;
}
```

![solved](https://raw.githubusercontent.com/Maeglin1908/ctfs-writeups/main/2022_hackrocks_hackarmour/morpheus/screenshots/2022-05-20_22-49-51.png)

![](https://raw.githubusercontent.com/Maeglin1908/ctfs-writeups/main/2022_hackrocks_hackarmour/morpheus/screenshots/2022-05-24_03-32-58.png)

## Flag

WEOWZRBERI

Original writeup (https://github.com/Maeglin1908/ctfs-writeups/tree/main/2022_hackrocks_hackarmour/morpheus).

Morpheus

Comments

Sign in with