Author:
2bitsin

Language:
Assembler

Upload:
10:02 AM 09/21/2023

Download

Platform
Multiplatform

Difficulty:
3.0

Quality:
4.5

Arch:
x86

Description

A mysterious visitor left this floppy disk and said it will only run a special machine. Can you figure out what secret it holds? What you will need: * Assembly and debugging skills * A virtual machine/PC emulator * Basic understanding cryptography/steganography

• Comments
• Solutions

cnathansmith on 4:54 PM 09/21/2023: This is an incredible idea. I haven't thought about floppy drive boot code since the last time I could plug one in to see what happened

cnathansmith on 5:59 PM 09/23/2023: Does this require a very specific BIOS ROM to run against? The verification requires the string '92F9674' to be present at f000:0000, which is normally R/O reserved BIOS memory and never reached by the XTEA decryption loop here anyway.

2bitsin on 7:21 PM 09/23/2023: Hey don't give away the solution xD

cnathansmith on 7:31 PM 09/23/2023: That's not the solution, though. I'm trying to understand if it's something as convoluted as it appears or if I'm just completely overlooking something lol

2bitsin on 7:35 PM 09/23/2023: Well you're off to a good start, let's say that.

2bitsin on 7:36 PM 09/23/2023: Could you please redact that specific number out so it does not get spolyed too easily.

cnathansmith on 9:04 PM 09/23/2023: There's no way to edit comments so I apologize, but I also haven't figured out how that value is remotely related to the solving for the actual keys, which is why I came looking for some guidance.

2bitsin on 6:06 PM 09/25/2023: well that number is supposed to give you a hint, if I say any more it'll just spoil the solution

2bitsin on 6:10 PM 09/25/2023: You're literally one step away from solving this

cnathansmith on 8:42 PM 09/25/2023: Thank you. I solved it and posted a write-up last night, but approvals always take a while.

2bitsin on 9:29 PM 09/25/2023: Nice! Thanks for playing :-) I posted this on a ctf board at work and noone seemed to give enough of a try to actually go beyond trying "strings floppy.img" and hope they get lucky.

cnathansmith on 10:59 AM 09/26/2023: Sounds about right. I guess I don't know enough about floppy emulation to find the simpler solution you had in mind. I just ended up removing the hardware locking. https://github.com/charlesnathansmith/crackmes/blob/main/floppy/README.md

cnathansmith on 12:34 PM 09/26/2023: Actually I just figured out there's a --romfile option in qemu that probably does what I wanted, but I think what I ended up doing worked out better because it doesn't require the copyrighted ROM image

2bitsin on 11:00 PM 09/26/2023: Very nice write up, loved it. You did one hell of a cracking session there :-).

cnathansmith on 1:22 AM 09/27/2023: Thanks!

tttt on 2:30 PM 09/27/2023: lol

You must me logged to submit a solution