 Hey there YouTube, my name is John Hammond. This is more Pico CTF 2018 This challenge is called truly an artist for 200 points in the forensics category It says can you help us find the flag in this meta material and you can find the file here But we are given a download so I have downloaded this and just judging by the challenge prompt I think we're gonna be looking at some metadata. So let's check out what this file actually is it is just an image file right PNG file or the other logo and We could do some stuff with it if you want to run strings on it. You could do some anons Looks like that actually pops out the flag pretty easily, too So the the go-to here right in this is running exit tool And if you don't have the exit tool already installed just sudo app install exit tool But it will allow you to view metadata, right? So you can check out the man page for it. Why did that give me Vim that's weird read and write metadata and meta information and file so exit tool on this file Will give you the artist right hence the challenge title truly an artist with pico CTF looking image So turns out strings will work on it very easily, too So let's go ahead and just grep for our flag format and pump that to a simple get flag script pretty easy Not too hard of a challenge so cool Oh, let's actually follow through with all that. Let's mark CH mod. I Have this horrible problem sometimes when I'm recording. I wear a headset, right? Sometimes my my my ear starts to itch and it's just It's kind of bad. I like pause the video. I'm just like itch my ear Weirdness, let's go ahead and submit that This is real as it gets guys. It's a solvent CTFs for realsies There's no filter and John Hammond videos. Alright assembly one is the next challenge. It says what is SM1? 0xcd so some hex value return submit the flag as hex. Okay, so we've done this before an assembly zero Let's check out what this is. We have a source file that we can download and I have it in assembly I don't have it actually. Let's go. Let's double you get it when I recorded earlier my Internet was awful. So I try to download a bunch of stuff, but I guess I just didn't get this far We can double you get it real easy get the link and let's check out what we're working with here Let's set the syntax to assembly and if you aren't using sublime text or whatever You can if you are using sublime text You can solve that package if you don't know the package manager you can find that on Google whatever so SM zero as some SM1 Sorry, let's take note of what we're trying to call this with Leave this comment here. So 0xcd we have let's let's go through this line by line, right function prolog as usual and Let's do this in a Let's do it in one page more function prolog and then we determine if Our first argument right we cover that in assembly zero is Greater than zero xd e these numbers may be different for how you're you're working on it because just their they're Really cool random generation of challenges. So let's say greater than Zero xcd should be greater than Zero xd e and we can use Python to test these values, and that's false. So we won't jump to part a Now we test if ours is not equal to Simple zero x 8 and that's obviously true. So we're gonna go to part b So let's jump down to part b. We'll say ex is gonna equal our argument. So ex can equal zero xcd and Then we subtract three from it. So ex will now minus equal zero x3 so doing that we have Let's put that in hex Zero xca fine, and now let's compare if our argument if our argument right is not so not not zero xca but zero xcd if That is not equal to zero x ee Which we know it is not So we will jump now to part c So part c will take ea x Which again is now being set to our original argument. So zero xcd and Now we'll add three to it. So now we have ea x plus equals zero x3 so We want zero xcd our original argument plus three and Then let's just turn that to hex and zero xd zero now we go straight to Part d because we don't have any conditionals. We're not jumping anywhere. It's not branching and we have our function Epilogue, okay. So our final value of ea x should be zero xd zero in my case Let's go ahead and try that let's submit zero xd zero and I'm wrong. All right. What did I miss here? Oh? Oh, I completely forgot to jump to part d. I don't know why I just like mentally missed that line. I'm an idiot I'm sorry guys. I didn't mean to lead us all down that rabbit hole. That was stupid of me. Let's just go ahead and take our Original argument minus three because after we subtract then we go straight to part d and end the function So we don't even need to worry about part c My bad. I'm sorry. This is real as it gets Cool That's correct. All right. Thanks for bearing with me. I hope that wasn't too awful Maybe it was still good for us to go through that process and read through some some assembly together Hopefully that's that's still cool Hope you still love me. I make mistakes. I'm human. It's whatever. All right quick shout out to the people that support me I'm patreon. Thank you guys so much one dollar month on patreon will give you a special shout out just like this at the end Of every video you'll have your name up in lights at the end of a youtube video. Aren't you just famous? Whatever. It's one dollar And I'm just I'm grateful for it. It helps me out and some public celebration of you Thank you for being willing to support and and help this channel grow five dollars a month on patreon We'll give you early access everything that released on YouTube before it goes live because I like to try and have a backlog of Content to be readily released kind of on a schedule and let YouTube gradually upload them But I still got to get got to get a little bit better at that I I do have a job and other stuff that kind of takes away my time But hey if you did like this video, please do like comment and subscribe join our discord server link the description Cool community full of CTF players programmers and hackers hang out with me other cool people way smarter than me We'll be tackling a lot of CTF's pico CTF 2018 is awesome and now that it's alive and well as a wargame like it'll be online forever You can always work on it and get better. That's awesome. I miss pico CTF 2014 and 2013 guys Can you SyLob? Can you please bring those back? That would make some cool YouTube content tool All right. Hey Thanks. Thanks for watching. I'm bad at these. Hope to see you on patreon. Hope to see the next video. Bye