Project Sekai - ❌-reverse-world_of

world_of_monads - 500 points

Category: Reverse Description: Question: What's a monad? Answer: Nobody knows This challenge is authored and sponsored by Caesar Creek Software. Files:

https://wolvctf.io/files/9d3b2fce7c4aaca40e9f1ded1b408427/world_of_monads?token=eyJ1c2VyX2lkIjoyNjgsInRlYW1faWQiOjE3MCwiZmlsZV9pZCI6NzR9.ZBTQDA.mAF8Lg3YMS7naWUnWOmUNM_6AG4

Tags: Wade#3516

Sutx pinned a message to this channel. 03/17/2023 1:39 PM

@Utaha wants to collaborate

go rev

@crazyman ai wants to collaborate

@Violin wants to collaborate

@Zafirr wants to collaborate

fp chall?

22:00

yeah this is haskell compiled

whats fp

22:02

functional pro?

22:02

ah ic

yeah

bruh chicken moment

x

22:02

xD

lemme check

22:02

so its not go?

its haskell

looks pain

22:05

https://ctftime.org/writeup/8112

CTFtime.org / hxp CTF 2017 / wreckme / Writeup

CTF writeups, wreckme

it is pain

22:05

cant read decompileation the same way

they reversed statically

22:05

yeah its pain

22:06

id better continue jsc decompile

ill try this

interesting stuff starts here i think 0022fc28 (edited)

23:04

has some stuff to do with monads, time to read about them again i guess

@4n0nym4u5 wants to collaborate

Zafirr

interesting stuff starts here i think 0022fc28 (edited)

probably 00230118 actually

ok i think i have a way to brute force this (edited)

23:28

nvm

haskell

23:36

XD

idk if this has some anti debugging or what

23:44

it feels kinda random peepoo

@TheBadGod wants to collaborate

considering the many references to the string "wrong" i get it might be that its comparing byte by byte

03:23

but it's a pain to have to mark all the stuff as functions manually in ida kyp

Zafirr

probably 00230118 actually

yeah this seems to be the first closure, which prints "Enter the flag: ", then reads a string

yeah seems there are 10 checks; i have no idea what they check though

04:06

actually 9 of the prints are relatively close at 0x224294 up to 0x225bf0, while the last is all the way at 0x22fe00

04:10

the rest of the checks have something to do with this list: [1708, 2602, 2692, 2585, 2948, 4081, 5140, 5017, 10157], however idk if it's in the right order nor what we do with it (it seems that it somehow checks for something to be zero or not, and something with foldl)

sub 22AD88 seems to build a list with very big numbers (the ones i got were just the smaller ones at the end i think)

04:31

actually there's even more

@joezid wants to collaborate

fyi: flag length seems to be 16 chars

04:58

(the last check xors length with 0x10 and if not zero returns "Wrong")

04:59

afterwards it goes into sub_22FCE0 which does the rest of the checking

there are always 2 functions (in this image) per check, from the bottom up, the other functions are setup which do something

05:18

the full call function graph looks something like this though

05:18

(Just the important part)

they use weird qsem thingies to send stuff accross threads i think?

There's a hint but idk if useful for you

What checks are being performed on your input? Are these checks deterministic? Does the order of execution matter for some calculations?

(edited)