2013
Oct.03

## The rook problem… generalized

GUESS WHO’S BACK. BACK AGAIN. (forever this time)

A few months ago, on IRC, a friend and I were discussing a mathematical problem, which was as follows: Given an mxm board, 3×3 in my case, and R rooks. How many possible arrangements are there for these R rooks, on this mxm board, so that they can not attack each other?

Or so I thought this was the problem. It seems this isn’t typically done with an m x m board, or even an m x n board. Also, it is not for a set number of rooks. The result is a polynomial that stems a generating function that describes the number of placements for all R rooks on an abstractly shaped and sized board. However, this approach I have given is a little more general, and is an accurate solution for parts of the overall problem, as described by my friend.

Anyway, after a while, I came up with this solution (the code is self explanatory, apart from the hideous variable and function names):

#include <stdio.h>
#include <stdlib.h>

/* PROOF: Let the board, 3x3, "m x m", and "r" rooks, therefore, m!m! / r!(m - m)!
Also, let p = (m - m)!
Note: This assumes a 3x3 board, which 3!3! = 36
2nd Note: (m - m)! is 0, therefore can be removed. The only use in it is if you have an m x n board.
Excellent variable names... */

double proof(int);
int main(int argc, char *argv[]){
int i, p, f, m = atoi(argv[1]), r = atoi(argv[2]);
long n;

f = proof(r);
p = proof(m - m);
i = proof(m);
i *= i;

n = i / (f * p);
printf("Possible locations of no attack: %ld\n", n);

return 0;
}

double proof(int n){
if(n == 0)
return 1;
else
return(n * proof(n-1));
}


And although I put the maths as a comment in the code, here it is in LaTeX to make this post look beautiful:

$\frac{m!m!}{r!(m - m)!}$

The code is run by ./rook 3 2. The first integer being the mxm board, and the second, the number of rooks on the board:

{13-10-03 19:03}s0ul:~ batman% ./rook 3 2
Possible locations of no attack: 18

VN:F [1.9.22_1171]
2012
Oct.19

## HackYou CTF RE challenges

October 17th, 10pm. Someone on IRC told me they were partaking in a CTF, which I apparently didn’t know was on. The Leetmore (Hackyou) CTF had been running from October 8th, so I had one day to finish it. I decided to see what challenges were avaiable and just have fun. The challenges I did were very easy, RE100 and RE200.

I decided to do a writeup to make up for the lack of content, and while I fix up all my other drafts. Also note, I am trying to find the mirrored files for RE300 so I can finish all of the reverse eningeering challenges, but for now, I only have these two (RE100 and RE200) to write about. Enjoy

## RE100 – Open Source

This challenge took a minute or so. Knowledge of C is required. You are given the source code of a program which when given the correct arguements, will compute the keyword for you to submit as the flag. Lets take a look at it:

#include <stdio.h>
#include <string.h>

int main(int argc, char *argv[]) {
// we need to provide 3 argv's. the first one (argv[0]) is actually the program name, so we start at argv[1]
if (argc != 4) {
printf("what?\n");
exit(1);
}

// argv[1] gets taken as an int using atoi, and it has to match 0xcafe
unsigned int first = atoi(argv[1]);
if (first != 0xcafe) {
printf("you are wrong, sorry.\n");
exit(2);
}

// MATHS
unsigned int second = atoi(argv[2]);
if (second % 5 == 3 || second % 17 != 8) {
printf("ha, you won't get it!\n");
exit(3);
}

// compare argv[3] with h4cky0u
if (strcmp("h4cky0u", argv[3])) {
printf("so close, dude!\n");
exit(4);
}

printf("Brr wrrr grr\n");

// compute our "hash"!
unsigned int hash = first * 31337 + (second % 17) * 11 + strlen(argv[3]) - 1615810207;

// win?
printf("%x\n", hash);
return 0;
}


VN:F [1.9.22_1171]
2012
Sep.20

## N00B Linux CrackMe

I had two “free” lesons at school today where I just caught up on some math (yay). Once I’d finished it, I still had another 30 minutes or so, and needed to waste some time. Through natural instinct I just decided to hop on my VPS (prgmr are awesome!) and play around with my “secret project”

I did this for 15 minutes or so because there wasn’t much I could do, since I already had a few updated versions of code on my own box. With 10 minutes remaining, I decided to download me a nice and easy Linux crackmes, something that would take 5 minutes or less. CrackMes.de was unblocked on my school’s network… hehehe.

ANYWAY, enough with the intro, and let’s get to the baby crackmes. mycrk… a newbie crackme to do with 5 minutes, just to waste time. The crackme is by “cli3nt” so props to him. Aight, we download it, load it up in ~/Files/CrackMes and get to work.

Ok, great, now, first things are first; file, strings and readelf.

curi0us@n0plord:~/Files/CrackMes$file mycrk mycrk: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.0.0, not stripped curi0us@n0plord:~/Files/CrackMes$ strings mycrk
/lib/ld-linux.so.2
_Jv_RegisterClasses
__gmon_start__
libc.so.6
printf
scanf
_IO_stdin_used
__libc_start_main
GLIBC_2.0
PTRh
Type cd-key:
wrong!
curi0us@n0plord:~/Files/CrackMes$readelf -h mycrk ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Intel 80386 Version: 0x1 Entry point address: 0x8048300 Start of program headers: 52 (bytes into file) Start of section headers: 6936 (bytes into file) Flags: 0x0 Size of this header: 52 (bytes) Size of program headers: 32 (bytes) Number of program headers: 7 Size of section headers: 40 (bytes) Number of section headers: 33 Section header string table index: 30  Read More >> VN:F [1.9.22_1171] Rating: 4.6/5 (5 votes cast) 2012 Sep.08 ## GNU Hurd… what? Hello. Before I start, lemme say that this is just a small informative blog post, and that I *am* working on actual posts which you should all love Anyway… some of you may be aware of the GNU project, Hurd. What is it? Well, the GNU project say that it is a replacement for UNIX. There is no stable version for Hurd, so to run it you will need to download the gzip un-stable release from Git and QEMU to be able to run it. You can download it from here http://people.debian.org/~sthibault/hurd-i386/debian-hurd.img.tar.gz. The download is 254MB compressed. You will also need QEMU, although some distros may already have it. If not, do an apt-get, or download it and compile the code. QEMU is available from http://wiki.qemu.org/Download. Once you’ve got Hurd downloaded, extracted, and QEMU installed, it’s time to run it. $ qemu -m 512 -net nic,model=rtl8139 -net user -drive cache=writeback,index=0,media=disk,file=\$(echo debian-hurd-*.img)


Sweet, once you got that, and if QEMU has been installed correctly, you should have Hurd load and boot.

Hurd booting in QEMU

VN:F [1.9.22_1171]
2012
Jul.14

## Raspberry Pi | Welcome

Hello!
The blog hasn’t been too active since I’ve been busy coding and finishing other real life stuff, although my finals are over. Anyway, as a first “new” post, insted of finishing the wargame ones or putting up some code and my other usual stuff, I decided to update on my new Raspberry Pi, Model B, which I have been waiting for, forever!

I forgot to buy an SD card, so I haven’t booted it up yet (I’m an idiot), but I have ideas on what to code, and what to build with it, especially since I am taking part in the Raspberry Pi Summer Coding Competition. Well, here it is:

HELLO