Flare-On 8 Challenge 3 - antioch
We are given a docker image to start with.
Upon creating docker container with the image, a binary named AntiochOS
can extracted.
Binary Analysis
Looking through the binary in IDA, we can find the function that handles the approach
command.
The function calculates the CRC32 of the first input (name). If it matches any of the hashes in the array, it moves on to ask for the second input.
The second input is also passed into the CRC32 function, and it needs to the same as the second value in the struct. If so, the function will return the id(3rd value in struct).
The id is the order in which the files should be extracted. Looking into the metadata of each layer, we can see that each of the layer’s author produces a CRC32 hash that can be found in the hash array in the binary.
|
|
Solving
By following the order of extraction, we should now have a set of (a-z).dat file. The order is important here as the later layers will overwrite some of the dat files. By following the extraction order closely, we can ensure that the files are overwritten in order, leaving us the relevant ones to solve the challenge.
Running the consult
command with the set of extracted dat files returns the flag.