Tags: pwn 

Rating: 5.0

The organizers threw “yet another crypto problem” (yacp) at us. It’s a 32bit ELF binary that implements a simple encryption / hashing service. In the following we describe our (most likely overly complicated) three-stage exploit that would get us the flag just one hour after the competition ended. The writeup is intentionally written in a rather detailed way, so skip right to the bottom if you’re only interested in the high-level summary of what we did.

Original writeup (https://hxp.io/blog/32/PlaidCTF%202017:%20pwn300%20%22yacp%22/).