Squinty
Written by DoubfulTurnip
Last updated
Was this helpful?
Written by DoubfulTurnip
Last updated
Was this helpful?
So I suck at C and have been on the steep learning curve to try and understand it. The Squinty challenge in the CTF was a good hands on for putting learning into practice.
So, to start with, you are provided with a C based source code to download with two hints to help you. The first reference is regarding squint, I googled this and discovered that this is something to do with the way that an array can be formed in code. I also discovered a lot more than I needed to know about medical eye conditions.
The second hint is in reference to calling a function that looks suspicious. I thought this would be something that would be more practical to identify so took a look at the code.
I opened the source in an online debugger and started off by running the code.
So initially it looks like it has opened a port on 9000 but after some time attempting to netcat to it I decided that it is probably a rabbit hole. So I took a look at the code.
After reading a whole lot of tutorials it becomes apparent that within C programming you tend to (nearly) always have a main() function. This function is essentially the start of the program and is the section of code that provide some substance to the program everything before it is functions that feed into the main() program, if called upon (more on this in a moment). At first glance within the main() function of squinty we can see that there appears to be a lot going on but looking closer we can see that all the program is doing is printing out a statement and waiting for some unknown thing to happen (I didn’t bother looking at anything in the while statement).
Ok… So, thinking about the second hint. I need to find a suspicious function and then somehow call it within main to get the Flag.
Scanning through the code I can see there is hella lot of functions and this is where most of my time was spent. Not really knowing what I was looking for made this much harder than it would if I were C literate. In the end, I decided that the best approach would be to look for something that might be encoded. After spending some time trying to decode various functions I eventually came across this section in the source.
Seeing the letters L & G provides some hope.
It took some time but I was eventually able to make some sense of the encodings. It turns out is a mix of Hex, plaintext and Octal code (base 8). By this point I could have probably just manually converted the two Char variables and then got my flag but I guess this isn’t the intention. Luckily, there is a much quicker method to getting the flag.
So a note about void functions. By default void functions do not output anything into the program, they simply are a cog in the wheel of the program and are used as a kind of reference function that can be pulled into the main function when needed. So the question is how do I make this function print the variables into the main function and print the flag?
Luckily I came across this website that explains a method for returning values from void functions.
Following the first example I started by inserting a return; statement into the function
Then within the main function I added the function name and the return 0; above the printf statement that the program normally runs to ensure that my code is run first.
After that it is a simple case of running the program and watching the output
References
https://geeksforgeeks.org/return-void-functions-c/ - The key website used to find out how to get the flag
https://beej.us/guide/bgc/html//index.html – A complete guide to C. This is what I used to learn more about C. I am still extremely noob with C but this guide made it interesting and provided entertainment for an otherwise real dry subject.
https://online.com/online_c_compiler# - Online C debugger (you could also use the offline gdb in linux)
