This particular binary was what I spent most of my time on. HackIM used an adaptive scoring engine this year, and this challenge ended up being worth 497 points out of 500 possible. This is a pretty strong scoring challenge, with a total of only 11 solves and I came in 6th on it.

 

Challenge text:

I opened this in GHIDRA but it crashed. halp pls

Binary here

The HackIM challenge "Web6" was an interesting introduction into a technology called JSON Web Tokens. I had not actually noticed this standard prior to the challenge, but it's an interesting concept. The goal of JWT (as defined in RFC 7519) is to standardize a means to securely transfer "claims" between multiple services, allowing the client to hold said claim. This is certainly not a new concept, but a newer (2015) implementation.

For this challenge we were given an address and port to connect to, but little other information. Upon connecting, we received the following:

                    __
          PyJail   /__\
       ____________|  |
       |_|_|_|_|_|_|  |
       |_|_|_|_|_|_|__|
      A@\|_|_|_|_|_|/@@Aa
   aaA@@@@@@@@@@@@@@@@@@@aaaA
  A@@@@@@@@@@@@@@@@@@@@@@@@@@A
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[!] Rule
1. After 3 day, the Light will be Turned Off then you Cannot see anything.
2. Cannot Use Some Special Characters in PyJail.
3. For 10 days, You can enter 38 characters per day.

Can You Escape from Here ??

 Name : [day-1]
################## Work List ##################
  coworker        : Find Coworker For Escape
  tool            : Find Any Tool
  dig             : Go Deep~
  bomb            : make boooooooomb!!!
###############################################

This challenge was interesting in that the solution speaks to a core principle in cryptography. The challenge presented you with two, random looking character strings, and asked you to determine which was XOR encrypted data, and which was just random noise.