Destination: Defcon CTF Quals 2012 - Binary l33tness 200
Your tour guides: fLa, p4fg, psc, Peppe [fangAflaggaN]

Intro
=====
File is: bin200-be19a9cbf33eaec013653cac2cac0ecf
ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), for FreeBSD 9.0 (900044), stripped


Analyze
=======
Program forks and runs as user grease. It starts by reading 4 bytes of userinput and verifies it is 0x94A4C265,
this is repeated 3 more times checking for codes 0xFE732D6F, 0xEEF814CB and finally 0x6EC8A126.
Next it expects a size as userinput(4u) and then two sets of data with this size.
The two blocks is then checked to make sure they are not identical, if not they are passed on to a some hash algorithm.
If the hash algo produces the same hash, a collision, we win - the key is sent back.
(Remember...you should never ever ever implement crypto yourself! Prof. D.B!)


Solution
========
First we tried with a SHA-1 collision, this was wrong and we took a closer look on the algorithm. The IVs gave
it away, they match the Tangle hash function, that indeed has documented collisions. Google to find some and stich it
together and fire away:

00000000  94 a4 c2 65 fe 73 2d 6f  ee f8 14 cb 6e c8 a1 26  |...e.s-o....n..&|
00000010  28 00 00 00 c8 19 00 00  00 00 00 00 00 00 00 00  |(...............|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 c8 19 00 80  |................|
00000040  00 00 00 80 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 80  |................|
00000060  00 00 00 80                                       |....|
00000064


/fLa, p4fg, psc, Peppe