Flash CTF – Clock Out

Challenge Overview

In the “Clock Out” challenge, participants are tasked with exploiting a timing-based side channel vulnerability in a product key validation program. The goal is to deduce a valid product key by observing the time it takes for the program to validate each character of the input.

Understanding the Vulnerability

The vulnerability lies in the verify function of the program, where the validation time varies depending on the correctness of each character in the product key. This discrepancy in execution time can be exploited to infer the correct characters of the product key one by one.

Key Validation Mechanism

The program uses a series of predefined hash values stored in an array called validation. Each character of the input product key is hashed and compared against this array. If a character is correct, the program performs a longer sleep operation, thus taking more time to process:

int verify(char* data, int len)
    int i;
    int f = len * 16;
    for (i=0; i < len; i++)
        if (validation[i] == hashit(data[i]))
            f -= 16;
            f -= 8;
    return f == 0;

Timing Side Channel

The essence of the attack is to measure how long it takes for the program to validate each character. A longer response time for a particular character suggests that the character is correct, as the program executes a longer sleep operation.

Exploitation Strategy

The provided Python script demonstrates how to automate the attack by measuring the execution time for each possible character and selecting the one that results in the longest validation time:

import time
import subprocess

def run_proc(cmd, flag):
    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE)
    out, _ = p.communicate(bytes(flag, encoding='ascii'))
    return out

flag = "MetaCTF{"

for _ in range(22 - len(flag)):
    timings = list()
    for i in range(32, 127):
        temp_flag = flag + chr(i) + '~'*(32-(len(flag) + 1))

        now = time.time()
        out = run_proc(["./clock_out"], temp_flag)
        run_time = time.time() - now

        timings.append((i, run_time))

    timings = sorted(timings, key=lambda x:x[1], reverse=True)

    flag += chr(timings[0][0])

This script iteratively constructs the product key by appending the character that maximizes the response time until the entire key is correctly guessed.

Flag: MetaCTF{time->tm_hour}


This challenge highlights the importance of constant-time operations in security-sensitive code to prevent side-channel attacks. By carefully analyzing the timing of the program’s responses, an attacker can effectively reconstruct sensitive data, underscoring the need for developers to mitigate such vulnerabilities in their applications.

2 thoughts on “Flash CTF – Clock Out

  1. Huh! I solved it without the timing attack, actually, and I hadn’t even considered trying one.

    I saw in the disassembly that it was using SHA256 on each character individually, and the validation data was in there, too. So I basically computed a quick rainbow table for all printable characters, then looked up each entry from the validation data in the rainbow table.

    If that route hadn’t been there, I don’t think I would have finished this one in time.

Leave a Reply

Your email address will not be published. Required fields are marked *


Our goal is to make cybersecurity education accessible and fun.


Copyright: © 2024 MetaCTF. All Rights Reserved.

Terms of Use       Privacy Policy       Contact Us