extremecoders-re

Installing debian "stretch" mipsel on qemu

Download debian iso

Download initrd & vmlinux

I hereby claim:

I am extremecoders-re on github.
I am 0xec (https://keybase.io/0xec) on keybase.
I have a public key whose fingerprint is 299B 7870 256E BBBE 5899 D032 7283 ABC9 3A50 CD5C

To claim this, I am signing this object:

	import string
	from PyQt4.QtCore import *
	from PyQt4.QtGui import *
	import sys
	import ui_mainwindow

	encoded = 'QAYLHhIJbzIQClFAQgQTFkNYbz5aUBQZURIXXBARFztifGQwPRdaaFkePE9KOjMWRBRdUhtDXkIXaGkpYTc6REs7UgB6AAAATQ1FUUlOU0dWEylVOSlzfDJUGwwaXAMCeWZeXnsHSztPGn0LXnp9DlAUWksWUloCH1JaJjV0c04cLApTdR9SWiY1dHNOB1Q4XQEEJF1Fc3QyQUhBSit3Enp9Vi1UB3lEHQAABRRQXg4LPTsOT1JHBl8tN0kEQVsMRUc6EE1HMDQqe3MIYxdgFU4YRh5bX2llARVCbFwZOAYRHQJhJX52dkpwd3MaZkpvE0hTYVcUdmgyYlx4MBI4JHJ5BzAyGx03LRx9AHUqLgkAcFUiLgwcFD4+FAY+Ij4dOzoLCwAYSgciNQ0NLS0QGw91FAQ0bgULMRQCFjxKCgAzIjoMMBsKGxlmGBJJBAoWEC5XDy5sEDcuHBADBz0kGRUAERw9CyMQFDkbGBUtMhUmcQwEAhsSBiEMCyhdVSUEJjZUHiUqGg8mahAYFAwbEDIqURg9dAohDz4xFwk+MRxdMQQHLi4QAgAABhAXEHMHKnUTGXEmMhc+CwouSwgvCARhdwQAHFsKInkWGC4qOwANIWQWOnUbHzMqMQF4MQcSWil3DisqMRErCz8wEj5RFS1TNjtbXjACHyEyDABdKQQ/aQoXFWR3GiIpARMsPSYUMAwUAgdHZBQGKS8FAAAoAQEfUho/egUxKD4xJBFXBx4QCCAiKFpwGzU+AA1IATEOLgsTFGZBLAQbMj8VO2M9BS5ZLwMuJmIEEwMMGQAuRyNbRQASAEclIHMyPCM4dgAKLjoJBgQmDmh7dV1DEBhzZ2AxPTgRTUIjHj8dGCdQKDo3Ug9vX3p6ZnhBa2QXVAtGFQBFfHZXKCZIb05rZ

	################################################################################
	# quick hack for using aplib (http://www.ibsensoftware.com/products_aPLib.html)
	# put aplib.dll in %PATH% or same dir as this script
	# on *nix it might require LD_LIBRARY_PATH set depending on where libaplib.so is

	import os
	from ctypes import *

	################################################################################

	$ python my_aegg.py
	WARNING \| 2017-08-02 12:47:21,314 \| claripy \| Claripy is setting the recursion limit to 15000. If Python segfaults, I am sorry.
	WARNING \| 2017-08-02 12:47:22,664 \| cle.loader \| The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
	INFO \| 2017-08-02 12:47:22,725 \| aegg.aegg \| Start hacking ...
	WARNING \| 2017-08-02 12:47:46,590 \| simuvex.plugins.symbolic_memory \| Concretizing symbolic length. Much sad; think about implementing.
	WARNING \| 2017-08-02 12:48:08,428 \| simuvex.engine.successors \| Exit state has over 257 possible solutions. Likely unconstrained; skipping. <BV32 (if (((0xffbfdfa1 + (if (<...> == <...>) then 0x402060 else (if <...> then <...> else <...>)))[31:5] == 0x0) && ((1 + (if (<...>[7:0] == 0) then 0 else (if (<...> == <...>) then 1 else (if <...> then <...> else <...>)))) <= 25)) then 0 else file_/dev/stdin_0_0_3_2456[207:200]) .. (if (((0xffbfdfa1 + (if (<...> == <...>) then 0x402060 else (if <...> then <...> else <...>

	#!/usr/bin/env python

	import angr
	import simuvex

	def main():
	print '[*] Loading file...'

	# Create a new project, do not load shared libs
	proj = angr.Project('findtheflag', load_options={'auto_load_libs': False})

	from z3 import *

	# Eight byte nonce conactenated with 8 null bytes
	# Obtained from sector 54
	nonce = [0xB0, 0x99, 0x9B, 0x9E, 0xE4, 0xEE, 0x74, 0xC2, 0, 0, 0, 0, 0, 0, 0, 0]


	# Verification bytes xored with 0x37
	# Obtained from sector 55
	# Expanding the key must produce this keystream