Spaceships
In this reverse challenge we need to find the password for spaceships. Huge props to the creator of this challenge it was extremely creative and fun to solve.
The binary file
The main function takes a base16 number as an input and then verifies it:
Here’s a quick look at the verification function:
The verification routine has 3 separate parts:
- It initializes patterns
- It simulates 0x12c generations of the game of life and makes sure nothing happens in the last one (no cell is born or dies)
- It verifies other patterns
How do we understand we are simulating the game of life ?
Here’s a closer look at the simulate_life function:
The verifications with live_cells == 3 setting something to one and 2 > live_cells | 3 < live_cells setting the same thing to zero tipped me off quite fast that this was the game of life.
All we have to do now is extract the initial grid and run the simulation in python to see what’s happening.
Ghidra has a really nice Copy Special\Python List feature.
The grid has dimensions: 144, 0x244.
Equipped with that knowledge, let’s see whats happening
The game of life
Here is a screenshot of the initial state with an empty user input:
And here’s what happens with an input of 0xffffffff:
Here’s the actual challenge
The challenge consist of choosing where to place MiddleWeight SpaceShips. These spaceships run into a 135-degree MWSS-to-G and get transformed into a glider.
We need to prevent the gliders from colliding into our converters by placing MWSSs. However we also lose if we are greedy and place too many spaceships.
A 1 in the binary representation of the flag will place a MWSS while a 0 will leave the slot empty.
Flag
Running the program with 0xbadce115 we get:
./spaceships badce115
Well done, you have successfully neutralized the enemy. Here is your flag: ECW{BADCE115}
FLAG: ECW{BADCE115}
If you through this challenge you discovered a pation for the game of life, head to https://conwaylife.com/wiki