 Hey YouTube, my name is John Hammond, and this is PicoCTF 2018. The challenge is called Be Quick or Be Dead Number One for 200 points. Challenge prompt is you find this when searching for some music, which leads you to Be Quick or Be Dead One. Can you run it fast enough and you can find the file there? So this this link is really funny because it just brings you to an Iron Maidio, I'm sorry, an Iron Maiden music video. I don't know if I can show this copyright. Just some guys going crab gore. It's pretty cool. I thought it was funny. I liked it. You can download this Be Quick or Be Dead file here. So I've got it downloaded already. We actually just see it isn't executable. So let's mark it as executable. Be Quick or Be Dead. And then let's run it. It says Be Quick or Be Dead One. Calculate and key. You need a faster machine. Bye-bye. Okay, that sucks. So if you wanted to, you could try and reverse this thing. We're not given source code. So I'm going to use Hopper because that's kind of my go-to. Although Ida is probably a good thing to do. What am I? I'm in YouTube Pico and Be Quick or Be Dead One. So if you're in Hopper, you can go ahead and check out printing flags, stuff like that, print flag. You can just go to the Procedures and check out the main function and see what we actually have to work with here. I'm going to go ahead and hit Alt and Enter so we can see what we're working with. Header will simply just put and print out on the screen, Be Quick or Be Dead. Do a for loop to print some characters and puts and that's it. Set timer. And what that does is it tries to set an alarm for, I'm assuming one second, just like that's what that is. And with that alarm is set, that's the go-ahead and receive signal to exit. And once you exit, it says, well, okay, you need a faster machine, right? This alarm is what's going to happen. And where's that string actually? I want to see where that function is. It says, you need a faster machine. Bye-bye. That's an alarm handler. So it sets, it has this variable, it has this function, sorry, alarm handler, where it's being set and using it with the alarm. So after a second, it'll call this and immediately exit. So that's annoying and stupid. We could patch it if we wanted to. But otherwise, we would just simply get the flag, right? You check out the main function, just as where we were. And had that alarm not actually called, we would get key as it says it's trying to calculate the key. And then once it's actually ran calculate key, whatever time this takes or whatever it's necessary to do, eventually it will go ahead and try and print the flag. So the flag is already in the binary somewhere. It's decrypting it somehow with that function. So who cares? Let's just see if we can avoid getting around or let's see if we can avoid that alarm handler. So what I ended up doing is actually just running this in a debugger, like GDB would just seem to do it just fine. I don't know if, because I have pay to enabled that that is why it was working for me. I'll try it with pay to because right now I have it with pay to write. And if I were to remove pay to maybe it won't work. If you don't know what pay to is by the way, I'm sorry I keep saying that word over and over again. That sounds very silly. That's not what I meant. GDB pay to is the Python exploit development assistance toolkit thing for GDB. So let's see if I just run this, it will try and calculate the key, it'll receive the alarm and it'll it'll handle it, but it won't it won't end the program. So we'll just spit out the flag. So that's pretty awesome. That's pretty neat. That's pretty good for us. Let's just take note of that flag. And if you wanted to, you could jot down like a solution dot text file because I'm not going to not going to script that. That'd be that'd be stupid. Let's see if I can change my GDB init file and not run pay to. So if I just run simple GDB now GDB with be quicker be dead, simple run. Nope, it looks like I need pay to okay, peculiar thing. That's fine. Good to know. That's why I showed it to you. Pay to will handle it just, just fine and it won't quit out of you once you receive that alarm signal. So all you have to do is get the repository, echo, like run that script in your GDB init just as you saw mine, and then it will do its magic. So I think a lot of people like Pone Debug as well, or other well Pone GB other add-ons for GDB that are kind of nice and awesome. I haven't used enough of it. I'm not that good of a binary exploitation guru or ninja yet to really know what to use it that much, but pay to always seems to be okay for me and spit out the flag for this challenge. So neat. Let's mark that as complete. The next challenge is blazes cipher. Let's submit the flags. Sorry. I don't know if you saw that. I had some technical difficulties for a second there. All right, cool. Blazes cipher. My buddy Blaze told me he learned about this cool cipher invented by a guy also named blaze. Can you figure out what it says? Connect with this thing. So blaze cipher, right? Google it. It's a reference to the vignier cipher because it was created by this guy named blaze. I mean, I would assume I would hope that's how you pronounce his name, whatever. So whenever you hear references or you hear notions of blaze or the cipher and the cipherable or the indecipherable cipher, that's all kind of a pointer and a hint in reference to the vignier cipher. And I'm probably pronouncing that wrong. Vigineer folly. Do I have blaze cipher already created? Nope. Blazes cipher. Let's go ahead and try and connect to it and it pumps out a bunch of gross information. That's fine. It's a brush. It's a vignier cipher. If you wanted to, you could use some online tools, right? Vignier, cipher, cracker, decryptor, whatever. Decoder can do it. My geocaching profile can do it. And then try and determine the key once you paste it in here. Geocaching profile takes a little bit of time. Let's see if the one here on decoder will work. It just fine. Yes. Looks like flag is fine, but it won't give me all of the text. So we will probably end up using my geocaching profile. And the key is flag, right? And it's repeated over and over again. So now that we've figured out that we can supply it, shift using this key, flag, and one at one more time. You could use the script that we've created in other videos. TJCTF, I think I showcase how to use it. But you can see the flag right in here. Vignier ciphers aren't bad with that original key. So submit that and we're good. Oh, does that need to be? Oh, capital letters for the CTF flag. Win. Awesome. That's a peculiar thing about vignier cipher as well, is that it always wants to handle things in one specific case. So see how everything is uppercase in this or lowercase in that. They will try and handle it as either lowercase or uppercase letters. And it normally tries to remove punctuation to deal with stuff. So peculiar, peculiar, but good to know and play with. All right, quick shout out to the people that support me on Patreon. You guys are awesome. One dollar a month on Patreon will give you a special shout out just like this at the end of every video. Get your name up in lights, not that it's really much of a stupid John Hammond YouTube video, but hey, it helps me out. I'm grateful every little bit just really helps me and supports me and motivates me. So thank you. Five dollars a month on Patreon will give you early access to everything that are released on YouTube before it goes live. So I like to record videos in bulk and just have a lot of stuff backlog ready for release and let YouTube gradually upload them. So I'm not swarming people's upload box, which I still sometimes do after a competition. I'm sorry. I'm sorry, my bad. Thank you for all your support and help. If you did like this video, please do like comment and subscribe. Join our discord server, link in the description. It's cool community full of CTO players, programs and hackers. You can hang out with me and other cool people that are way smarter than me. And we're going to be tackling a lot of capture flag competitions, a lot like this one. Pigo CTO 2018 is still going to stay up and online as a war game so you can practice, learn a little bit and just kind of engage with other people in the community. It's super cool. Thanks for watching, guys. Hope to see you in the next video. Hope to see you on Patreon. I love you. Bye.