This is the Endian - 40

This is the end! Solving this challenge will help you defeat Daedalus's cyborg. You can find more information about endianness and the problem here. The flag is the smallest possible program input that causes the program to print "Access Granted".

When I opened the page, I read over the problem and information. The input was supposed to be entered as a little-endian, meaning that the order of the addresses are reversed (e.g. "12345678" becomes "78563412").

The question wants answer[0] to be equal to 0x52657663 and answer[1] to be equal to 0x30646521. Both have to be equal to those values respectively, else it won't work.

The first thing to be noted is that the '0x' in front of the address should be removed when writing it in the input, so it should be 52657663 and 30646521 instead.

Now, back onto the topic of little-endians and reversed order, when you put in the correct input, the Data Preview box should look like this:

The thing is that if you try input the exact hex values for both answers, it won't even fit. That's because you're not supposed to input the hex value, you're supposed to input an ASCII character.

Let me try to simplify this... I'll start with answer[0]'s value... it's supposed to equal 52657663. I'm going to split the numbers in that value into groups of twos, so it'll now look like this: 52 65 76 63

Because it's a little-endian program, you'd have to enter the ASCII equivalent of 63 76 65 52. Fortunately, rather than Google 'hex to ascii' for a converter, you can simply write \x followed by the two-digit number, and it'll convert it to ASCII for you.

So \x63 would yield c, \x76 would yield v, and so on.

So answer[0]'s input value would be cveR

...But I still needed to input answer[1] as well.

Using the same method, I divided 30646521 into parts: 30 64 65 21. Then I reversed those parts: 21 65 64 30.

I entered \x21 \x65 \x64 \x30, which displayed !ed0

So, in sum, I basically just inputted \x63 \x76 \x65 \x52 \x21 \x65 \x64 \x30 and it was written as cveR!ed0

When I pressed 'Input' and ran the program, it displayed 'Input Granted!', meaning that the input was correct. Because it was correct, cveR!ed0 is the flag.

Edit: This problem inspired me to write a Java program that converts hexadecimal/byte to Little-Endian and Big-Endian. You can see it on my GitHub here, if you'd like, especially if you're having trouble inputting the address as a Little-Endian, or perhaps for future reference.

Easy Overflow - 40

Is the sum of two positive integers always positive?
nc vuln2014.picoctf.com 50000
'nc' is the Linux netcat command. Try running it in the shell.

The rhetorical question in the beginning is actually a good hint by implying that, sometimes in Java, adding a number to another number will make it negative. Basic arithmetic and understanding of ints in Java are helpful in solving this problem.

Rather than running it in the shell, I decided to run it in the 'Terminal' (Mac). By opening 'Terminal' and typing in nc vuln2014.picoctf.com 50000, I was able to run the program. It looked  like this:

The number I was given was 2884043 (note that a different number is generated each time), and it is asking for a positive number that, when added, will make it negative.

I needed to know what the maximum Integer value was for Java, because if a number is added to it, it immediately becomes negative. I typed 'max int java' in Google:

I discovered that the maximum Integer value in Java is 231 - 1, or 2147483647 when expanded.

One would assume that we'd subtract the given number from the maximum Integer value, but that is not the case because we'd yield a non-negative int. So instead, we'd have to subtract the given number from maximum Integer value plus one, a.k.a. 231, or 2147483648 when expanded.

So, 2147483648 - 2884043 gave me 2144599605, which I entered into the Terminal.

The flag, which I highlighted, is That_was_easssy!