CSAW CTF 2023 - Impossibrawler! [Reversing]
Last week, i participated in CSAW CTF 2023 with the Kernel Escape team and managed to solve several challenges. One of the challenges that I solved was the Impossibrawler! (Reversing).
Challenge Description:
How do I beat these guys?!
Author: barrwani
Attachment:
Impossibrawler.pck
Impossibrawler.exe
Overview:
I’m trying to see what this game is like first. It’s known to be a shooting game where there are enemies and two stages. Our goal in this game is to kill all the enemies. If all the enemies are killed, then it will advance to stage 2, and will get a flag if all the enemies also die in that stage.
Idea:
My idea to solve this is “How can i advance to stage 2 without killing the enemies, and how can i obtain the flag in stage 2 without killing the enemies as well?”
Tools:
gdsdecomp
Godot Engine Editor
Decompiling:
What is PCK file extension? a PCK file is a resource pack created by Godot Engine, an open-source game engine used to create 2D and 3D games. Sources
So, how i can decompile PCK file? Based on this article here, we can decompile the PCK file for analysis using the decompiler tool named gdsdecomp.
Okay, lets decompile the PCK file first.
Steps to Decompile:
- Open Godot RE Tools (gdsdecomp)
- Click RE Tools Menu
- Click Recover Project
- Browse PCK file
- Choose Full Recovery
- Set Destination folder
- Extract
Here is the output after decompiling the PCK file:
All the source code are inside the “Scripts” directory:
Let’s move to the Godot Engine Editor to analyze the Source Code within the “Scripts” directory.
Analysis:
Here is the initial view using the Godot Engine for debugging and analyzing the source code of the PCK file.
For analysis, i am focusing on the “Level_1.gd” and “Level_2.gd” files in the “Scripts” directory because they are related for obtaining the flag.
After reviewing both files, i am focused on its “if condition”.
Level_1.gd
There is a condition that checks if the remaining enemies are equal to “0”. If so, it will initiate a seeding process and generate a random number before transitioning to scene 2.
Level_2.gd
Same as Level_1.gd, there is a condition that checks if the remaining enemies are equal to “0”. The different is, this is final stage. Where the enemies left are “0”, we will obtain the flag.
Solver:
Since the if condition in both files only checks if the remaining enemies are equal to “0”, we can modify it to check for not equal to “0”. Therefore, when the game is played, as long as there are remaining enemies greater than “0”, it will proceed to stage 2. The same applies to stage 2, and it will immediately display the flag.\
Level_1.gd modified:\
\
Level_2.gd modified:\
\
Save, Play the Project, and We got the Flag!
FLAG: csawctf{302e323032323732}
Thank you for reading this article, i hope it was helpful :-D
Follow me on: Linkedin, Medium, Github, Youtube, Instagram
Last week, i participated in CSAW CTF 2023 with the Kernel Escape team and managed to solve several challenges. One of the challenges that I solved was the Impossibrawler! (Reversing).
Challenge Description:
How do I beat these guys?!
Author: barrwani
Attachment:
Impossibrawler.pck
Impossibrawler.exe
Overview:
I’m trying to see what this game is like first. It’s known to be a shooting game where there are enemies and two stages. Our goal in this game is to kill all the enemies. If all the enemies are killed, then it will advance to stage 2, and will get a flag if all the enemies also die in that stage.
Idea:
My idea to solve this is “How can i advance to stage 2 without killing the enemies, and how can i obtain the flag in stage 2 without killing the enemies as well?”
Tools:
gdsdecomp
Godot Engine Editor
Decompiling:
What is PCK file extension? a PCK file is a resource pack created by Godot Engine, an open-source game engine used to create 2D and 3D games. Sources
So, how i can decompile PCK file? Based on this article here, we can decompile the PCK file for analysis using the decompiler tool named gdsdecomp.
Okay, lets decompile the PCK file first.
Steps to Decompile:
- Open Godot RE Tools (gdsdecomp)
- Click RE Tools Menu
- Click Recover Project
- Browse PCK file
- Choose Full Recovery
- Set Destination folder
- Extract
Here is the output after decompiling the PCK file:
All the source code are inside the “Scripts” directory:
Let’s move to the Godot Engine Editor to analyze the Source Code within the “Scripts” directory.
Analysis:
Here is the initial view using the Godot Engine for debugging and analyzing the source code of the PCK file.
For analysis, i am focusing on the “Level_1.gd” and “Level_2.gd” files in the “Scripts” directory because they are related for obtaining the flag.
After reviewing both files, i am focused on its “if condition”.
Level_1.gd
There is a condition that checks if the remaining enemies are equal to “0”. If so, it will initiate a seeding process and generate a random number before transitioning to scene 2.
Level_2.gd
Same as Level_1.gd, there is a condition that checks if the remaining enemies are equal to “0”. The different is, this is final stage. Where the enemies left are “0”, we will obtain the flag.
Solver:
Since the if condition in both files only checks if the remaining enemies are equal to “0”, we can modify it to check for not equal to “0”. Therefore, when the game is played, as long as there are remaining enemies greater than “0”, it will proceed to stage 2. The same applies to stage 2, and it will immediately display the flag.\
Level_1.gd modified:\
\
Level_2.gd modified:\
\
Save, Play the Project, and We got the Flag!
FLAG: csawctf{302e323032323732}
Thank you for reading this article, i hope it was helpful :-D
Follow me on: Linkedin, Medium, Github, Youtube, Instagram