March 2011 PlaidCTF 2011 Write up - Appstore [Reversing] [250 pts]

Post date: May 8, 2011 7:43:45 AM

By Darkfloyd x AlanH0

We simply download the .app file and extract the Unix-formatted binary from it after renaming the file as .zip extension.

We open the binary with IDA Pro and examine the viewdidload function, which is one of the standard functions in iPhone Appliation

We have found that there are two type of messages:

1 .Input various colors, calling and sending message and get a smiley icon

2. add[Color] calling and sending a message

For the first message, we have identified blue, yellow, blue, red, red, red, blue, purple, yellow, green, orange, blue, blue. We are quite naive to enter it as the key, but we can't get any result. :-)

Afterwards, we examine each add[Color] function called from ViewDidLoad method in ReverseMeViewController, we figure out that addRed is not readily adding red color and here are the rules

addBlue -> add Red color (in bitch)

addGreen -> add Yellow color (in weareTheKnightNi)

addRed -> add Blue color (in allDayHomeBoy)

addYellow -> add Green color (in MyLifeBeLike)

addPurple -> add Purple color (in blameGalagra)

addOrange -> add Orange color (in brooooooooo)

We made the conversion: redyellowgreenredblueblueblueredpuroplegreenyelloworangeredred and get the smiley finally