Posts

Plaid CTF “Torrents” write-up

Note

This post is about a challenge from the Plaid CTF computer security competition. Check out this blog post for more information about the competition in general.

Challenge (200)

It turns out that robots, like humans, are cheap and do not like paying for their movies and music. We were able to intercept some torrent downloads but are unsure what the file being downloaded was. Can you figure it out?

The file is a wireshark capture containing a torrent transfer between 2 peers. We had to extract the data inside the pieces and sort them in the right order.

Solution

My solution is not as pretty as Squall’s or Michael’s but I’m pretty sure I’m the only one crazy enough that did it with Powershell instead of Python.

[powershell]# Ask tshark
$raw= & ‘tshark.exe’ -r torrent.pcap -R ‘bittorrent.piece.data’ -T fields -e bittorrent.piece.index -e bittorrent.piece.data -E separator=/s

# Split into pieces
$data = @{}
$raw -split ‘[nn]’ | ForEach-Object {
$packet = $_ -split ‘ ‘
if ($data.ContainsKey($packet[0])) { # There are 2 packets for each piece so we concat them here
$data.set_Item($packet[0], (‘{0}:{1}’ -f $data.get_Item($packet[0]), $packet[1]))
} else {
$data.Add($packet[0], $packet[1])
}
}

# Sort and concat
$HexString = [String] ”
$data.GetEnumerator() | Sort-Object Name | Select-Object Value | ForEach-Object {
$HexString += (‘{0}:’) -f $_.Value
}

# Convert hex to byte
$count = $hexString.Length
$byteCount = $count/3
$bytes = New-Object byte[] $byteCount
$byte = $null

$x = 0
for ( $i = 0; $i -le $count-1; $i+=3 )
{
$bytes[$x] = [Byte]::Parse($hexString.Substring($i,2), [System.Globalization.NumberStyles]::HexNumber)
$x += 1
}

# Write in a file
set-content -encoding byte ‘output’ -value $bytes[/powershell]

It was a bzipped file with a mp3 and a key containing the answer: t0renz0_v0n_m4tt3rh0rn.
Fun was had.

Transfer files from iCab Mobile to your PC with Powershell

I’m a big fan of iCab Mobile that I use everyday on my iPad as a Safari replacement. Among other awesome features, this browser has the best HTML5 video downloading I’ve seen.

Unfortunately, the device’s 16 GB fills up quickly and I have to transfer the files some place else quite often.

While I could use something like DownThemAll for Firefox to download the files to my PC, I’d much rather be able to automate the process with a script. This looked like a great opportunity to sharpen my Powershell skills.

[powershell]
<#
.SYNOPSIS
Downloads all the files from a iCab Mobile server
.DESCRIPTION
Connects to a iDevice with iCab Mobile running a Import/Export server and downloads all the files to the specified destination
.NOTES
If the file already exists, it will be skipped.
Files are not deleted on the device once downloaded
.LINK
http://spacebar.ca/?p=3153
.EXAMPLE
.Get-ICabMobileFiles.ps1 192.168.0.101
.EXAMPLE
.Get-ICabMobileFiles.ps1 192.168.0.101:8080 C:UserssimonDesktopicab
.PARAMETER server
The ip address and port of the iCab Mobile server. Default port is 8080
.PARAMETER destination
The local destination folder on your computer, without trailing slash. Will use current folder if none is specified
#>

param (
[Parameter(Position=0, Mandatory=$true, ValueFromPipeline=$true)]
[string] $url=’10.42.13.104′,
[Parameter(Position=1, Mandatory=$false, ValueFromPipeline=$false)]
[string] $destination=(Get-Location -PSProvider FileSystem).ProviderPath
)

Import-Module BitsTransfer
$web = New-Object System.Net.WebClient
if (-not ($url -contains ‘:’)) {
$url = ‘{0}:8080’ -f $url
}
$html = $web.DownloadString(‘http://{0}/Download.html’ -f $url)
$regex = [regex] ‘(?i)&lt;a href=”([^”]*)”&gt;([^&lt;]*)’
$matchdetails = $regex.Match($html)

while ($matchdetails.Success) {
$source = ‘http://{0}/{1}’ -f $url, $matchdetails.Groups[1].Value
$dest = ‘{0}{1}’ -f $destination, $matchdetails.Groups[2].Value
Write-Host (‘Downloading {0}… ‘ -f $matchdetails.Groups[1].Value) -NoNewline
if (-not(Test-Path $dest)) {
Start-BitsTransfer -Source $source -Destination $dest -Prio Foreground
Write-Host ‘Done’
} else {
Write-Host ‘Already downloaded’
}
$matchdetails = $matchdetails.NextMatch()
}[/powershell]

I’m aware that this probably isn’t the best way to do it (I’m looking at you, regex!) but I’m fairly new to Powershell so if you have any comments, please share 🙂