Mama Trace was an extension of Baby Trace (baby shark theme much?). For this we're given files similar to baby trace:

Dockerfile, headerquery2, pitas.py, flagleak

pitas.py and the Dockerfile are effectively the same as before. headerquery2 is basically the original headerquery elf except with our leak removed. With that in mind, time to look at flagleak.

This challenge was lovingly called "Program Interactive Tracing as a Symbolic Service" (PITASS). They clearly came up with the acronym first... Regardless, we're given the following four files:

Dockerfile, headerquery, and pitass.py

The Dockerfile was mostly not useful given we were missing a bunch of it. Headerquery is an elf that we can run and pitass the python script that we get dropped into when we connect.

Our once-venerable president has committed the unspeakable crime of dine-and-dashing the pizza during our own club meetings. He's on the run as we speak, but we're not sure where he's headed.

Luckily, he forgot that we had planted a packet sniffer on his laptop, and we were able to retrieve the following capture when we raided his apartment:

https://storage.googleapis.com/utctf/capture.pcapng

He's too smart to email his plans to himself, but I'm certain he took them with him somehow. Can you help us figure out which country he's fleeing to?

by antony

Local download. This challenge was a good example of utilizing both my USB PCAP parsing tool (Gallimaufry) as well as my stego tool (stegoVeritas). It's also a good example of how you can go down the COMPLETELY wrong path initially... It happens.

Attention all UTCTF players, asper is in great danger, and he needs YOUR help to reverse engineer this binary and figure out the password. To do this, he needs IDA Pro and a couple of breakpoints. To help him, all he needs is your credit card number, the three numbers on the back, and the expiration month and date. But you gotta be quick so that asper can secure the flag, and achieve the epic victory R O Y A L.

This was a 1200 point (tied for highest) reversing challenge. I'm guessing they over-estimated the difficulty as there were 21 separate solves. Also, given the challenge description, it was meant to be solved via breakpoints. However, I mostly used angr.

This particular binary was what I spent most of my time on. HackIM used an adaptive scoring engine this year, and this challenge ended up being worth 497 points out of 500 possible. This is a pretty strong scoring challenge, with a total of only 11 solves and I came in 6th on it.

 

Challenge text:

I opened this in GHIDRA but it crashed. halp pls

Binary here