opus stream decoding

Categories Uncategorized

Step 1 install opus-tools

Step 2 extracting opus file from pcap file

Step 3 convert the opus file to .wav file, now you can enjoy the reconstructed audio ^_^

Note: the opusrtp tool may need some modification to work normally.

references:

[1] http://www.giacomovacca.com/2017/01/analysing-opus-media-from-network-traces.html

[2]https://www.callstats.io/2018/04/12/explaining-the-real-time-transport-protocol-of-srtp-for-webrtc/

[NJCTF 2017] syscallhelper(pwn 600) write-up

Categories Uncategorized

This is the most valuable challenge in NJCTF(worth 600 points). It is a a good practice to write shellcode too. pwntools provide handy APIs to write shellcode.

The child process is chroot jailed, to get the flag outside of the jail, we have to use “ptrace” to attach and modify the parent process to escape the jail.

There are many ways to exploit the vulnerability and we choose the following one

exploit:

  1. add a syscall with negative number of registers and hijack the vtable to a stack position.
  2. input shellcode using the leave notes function
  3. call the hijacked function pointer

Continue reading “[NJCTF 2017] syscallhelper(pwn 600) write-up”

Teaser CTF 2015 writeup(So easy, power level)

Categories Uncategorized

Teaser CTF is launched by Dragon Sector, is a Polish security Capture The Flag team. It was created in February 2013 and currently has 13 active members.

I solved two challenge in the first evening(so easy, power level) and tried to solves the pwnable challenge quine on Sunday Morning but failed, I found a write-any-where vulnerability but I didn’t see how to exploit. Continue reading “Teaser CTF 2015 writeup(So easy, power level)”