Sebastian's Blog

software developer. security enthusiast.

HACKVent 2019

HV19.20 i want to play a game

Sebastian
Challenge Description

The attached zip file contains a binary named game. Using ghidra to analyze the file showed, that this is some PS4 executable. The code opens a file /mnt/usb0/PS4UPDATE.PUP, validates the md5 hash and xors some content of the file with a key contained in the executable. As ghidra was unable to properly resolve references, it took some time to find the right key. Finding the PS4UPDATE.PUP online was no problem tho. I recreated the code using a small c program.

#include <stdio.h>
#include <stdlib.h>

int main() {
	FILE* bin = fopen("PS4UPDATE.PUP", "rb");

	int offset = 0x1337;
	char key[26] = {0xCE, 0x55, 0x95, 0x4E, 0x38, 0xC5, 0x89, 0xA5, 0x1B, 0x6F, 0x5E, 0x25, 0xD2, 0x1D, 0x2A, 0x2B, 0x5E, 0x7B, 0x39, 0x14, 0x8E, 0xD0, 0xF0, 0xF8, 0xF8, 0xA5};

	char data[26];

	do {
		fseek(bin, offset, 0);
		fread(data, 26, 1, bin);

		int i = 0;
		do {
			key[i] = key[i] ^ data[i];
			i = i + 1;
		} while (i != 0x1a);
		offset += 0x1337;
	} while (offset != 0x1714908);

	for (int i = 0; i < 26; i++) {
		printf("%c", key[i]);
	}
	printf("\n");
}

Running this returns the flag HV19{C0nsole_H0mebr3w_FTW}.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top