ImaginaryCTF 2024 BF Challenge Write-Up

Difficulty Level: Medium
URL: https://github.com/ImaginaryCTF/ImaginaryCTF-2024-Challenges-Public/tree/main/Reversing/bf

ImaginaryCTF 2024 is a cybersecurity competition that took place from July 19 to July 21. Participants tackled various challenges in areas such as cryptography, web exploitation, forensics, and reversing.

Reversing Challenge: BF (100 points) Link to heading

Challenge Author: NoobMaster
Description: Simple equations… but in BF?!!!
Solves: 225

Participants were provided with a Brainfuck (BF) program in bf.txt. Brainfuck is a minimalistic and esoteric programming language known for its simplicity and difficulty.

bf.txt:

,>>+++++++++++[<+++>-]<[-<+>]<------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++++++[<+++++++>-]<[-<+>]<-------------------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>+++++++++++[<++++>-]<[-<+>]<----------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++++++[<+++++++>-]<[-<+>]<----------------------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>+++++++++++++++++[<+++>-]<[-<+>]<------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++++[<++++++++>-]<[-<+>]<-----------------------------------------------------------------------------------------------------------------[><],>>+++++++++++++[<+++++>-]<[-<+>]<----------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>+++++++++++[<++++>-]<[-<+>]<----------------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++[<+++++>-]<[-<+>]<----------------------------------------------------------------------------------[><],>>+++++++++++[<+++++>-]<[-<+>]<---------------------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>+++++++++[<+++++++>-]<[-<+>]<------------------------------------------------------------------------------------------------------------------[><],>>+++++++++++[<+++>-]<[-<+>]<--------------------------------------------------------------------------------------------------------------------------------[><],>>+++++++++++++++++[<+++>-]<[-<+>]<------------------------------------------------------------------------------------------------------[><],>>+++++++++++[<+++++>-]<[-<+>]<--------------------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++++[<+++++++>-]<[-<+>]<--------------------------------------------------------------------------------------------------------[><],>>++++++[<+++++>-]<[-<+>]<------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++++[<+++++++>-]<[-<+>]<------------------------------------------------------------------------------------------------------------[><],>>+++++++++[<+++++++>-]<[-<+>]<-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++[<+++++>-]<[-<+>]<-------------------------------------------------------------------------------------------------------------------------------------[><],>>+++++++++[<+++++>-]<[-<+>]<--------------------------------------------------------------------------------------------------[><],>>++++++++++[<+++++>-]<[-<+>]<-------------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++++++[<+++++++>-]<[-<+>]<-----------------------------------------------------------------------------------------------------------------------------[><],>>++++++++++[<+++++++>-]<[-<+>]<--------------------------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++++++[<++++++>-]<[-<+>]<----------------------------------------------------------------------------------------------------------------[><],>>+++++++++++++++++[<+++>-]<[-<+>]<---------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>+++++++++++[<++++>-]<[-<+>]<-----------------------------------------------------------------------------------------------[><],>>+++++++++++++++++++++++[<++>-]<[-<+>]<-----------------------------------------------------------------------------------------------------------------------------------------------[><],>>+++++++++++++++++++++++[<+++>-]<[-<+>]<----------------------------------------------------------------------------------------------------------------------[><],>>+++++++++++++++++++[<+++>-]<[-<+>]<-----------------------------------------------------------------------------------------------------------------------------------------------------------[><],>>++++++[<+++++>-]<[-<+>]<-----------------------------------------------------------------------------------------------------------------------------------------------------------[><]

Brainf**k in 100 Seconds Link to heading

Solution to BF Challenge Link to heading

Here’s a detailed breakdown of how I solved the BF challenge:

Step 1: Identify and Simplify Link to heading

The BF code contains multiple infinite loops ([><]) and input commands (,), which are unnecessary. After removing these, we found 30 constructions, indicating a flag of 30 characters (including ictf{}).

Step 2: Analyze a Section Link to heading

Consider the following code segment:

>>+++++++++++[<+++>-]<[-<+>]<------------------------------------------------------------------------------------------------------------------------------------------

Initialization: >>+++++++++++
- Moves the pointer to cell 2 and fills it with the value 11.
Multiplication Loop: [<+++>-]
- Multiplies the value in cell 2 by 3 and stores it in cell 1. Now, cell 0 is 0, cell 1 is 33, and cell 2 is 0.
Value Transfer: <[-<+>]
- Moves the pointer to cell 1 and transfers the value from cell 1 to cell 0, setting cell 0 to 33 and cell 1 to 0.
Decrement: <------------------------------------------------------------------------------------------------------------------------------------------
- Moves the pointer to cell 0 and decrements cell 0 by 138.

Here’s why the decrement operation works and what it accomplishes:

Step 3: Desired Value Link to heading

We need the first character of the flag to be i, which corresponds to ASCII value 105. The BF code, however, decrements the current value of cell 0 (33) by 138, which seems to result in a negative value. But since Brainfuck cells are 8-bit unsigned integers (values between 0 and 255), we need to interpret the decrement operation in this context.

Here’s the detailed calculation:

Current Value: After the initialization and value transfer, cell 0 has the value 33.
Required ASCII Value: We want the ASCII value 105 for the character i.
Calculation:
- In 8-bit unsigned arithmetic, subtracting a larger number from a smaller one wraps around using modulo 256.
- The operation 33 - 138 is equivalent to adding 256 and then subtracting 138 to stay within the 8-bit range:
  33 - 138 = 33 + 256 - 138 = 151
- To correct this and get the desired value of 105, we need to adjust the equation to: 138 - 33 = 105

Step 4: Repeat for Each Section Link to heading

By performing similar steps for every segment of the Brainfuck code, we decode each character of the flag.

Final Flag Calculation Link to heading

After correcting the decrement values for all segments, we derive the flag:

ictf{1_h4t3_3s0l4ng5_7d4f3a1b}

This solution showcased a good understanding of Brainfuck operations and ASCII values, even though it was the unintended solution.

For more details and the challenge files, visit the ImaginaryCTF 2024 Challenges Repository.

Conclusion Link to heading

ImaginaryCTF 2024 was an exciting event, providing engaging and educational challenges for all participants. Solving the BF challenge was a great exercise in understanding Brainfuck and applying logical thinking to decode the hidden flag.