dc2019q - know_your_mem
This was a jeopardy challenge, part of dc2019q. (CTFtime)
Was solved by: 122 teams
You may spawn the server:
On your laptop
On your laptop (full source)
Hosted by OOORight now we're asking players to login first.
Find the flag page in memory, 64-bit edition. Timeouts are strict, please test locally first! There's a simplified version to help with that.
This was an introductory, easy challenge.
FYI, the v1 version allows for an easier solution that the one that is suggested. If you wish, v2 is slightly harder.
Hint 1Start by looking at syscalls. Only a few are allowed by the seccomp filter.
Hint 2Many syscalls can be used "indirectly" to check if memory is allocated at a certain address or not, without using signals or /proc/self/maps. How?
Hint 3Build a simple memory scanner using a syscall. Start on 32-bit. Can you make it faster? Can you distinguish read-write or read-only?
Hint 4Experiment with mmap() -- how does it behave with regards to memory that is already allocated? Try it on the local code.
Hint 5Use mmap() to first scan large chunks of memory. Try a chunk size of 64 KB. Look at the randomization function: not all memory addresses are possible.
Hint 6Once you drill down to find allocated single pages, how can you determine if the flag is there or not? See the source code.
Hint 7Once you drill down to find allocated single pages, how can you determine if the flag is there or not? See the source code.
If you wish, you can contribute more.