Spacegame

This is a writeup of the rev challenge SPACEGAME from the DUCTF(https://play.duc.tf/) CTF

Level: medium, Score: 182

Premise

ALL YOUR BASE ARE BELONG TO US. YOU ARE ON THE WAY TO DESTRUCTION.

Challenge files:

SPACEGAME.zip containing:

• distrlib (folder)
• • SPACEGAME.exe containing:
• • • aud (folder) with the files: boom.wav hit.wav and bowsers-castle-sincx.ogg
• • • img (folder) containing boss.png, bullet.png, player.png and playerbullet.png
• • • Boss.lua
• • • Bullet.lua
• • • conf.lua
• • • constants.lua
• • • main.lua
• • • mathutil.lua
• • • Player.lua
• • • PlayerBullet.lua
• • license.txt
• • love.dll
• • lua51.dll
• • mpg123.dll
• • msvcp120.dll
• • msvcr120.dll
• • OpenAL32.dll
• • SDL2.dll

Observations

In this challenge we have a few files, but the most notable one is the actual game, contained within SPACEGAME.exe. Running the game, we have what appears to be a bullet hell game where we play as a smaller spaceship fighting a larger one, and it seems the objective of the challenge is to beat the game.

Solution

In the official writeup of the challenge, we’re expected to edit the Player.lua file to override the kill function of the player.

This is however not the only method, as another alternative will be provided here.

Using the tool beloved by any flash game cheater/hacker: Cheat Engine, we can see if we can cheat in the actual game rather than by changing the coding of it.

By attaching the game process to cheat engine, we can scan the game with it with the option box "Pause the game while scanning" checked.

If we then run the scan, we see that we’re able to build up a “bullet stream” that attacks the enemy ship very fast, allowing us to kill it much easier than playing the conventional way.

After a successful attempt of this, we manage to destroy the enemy ship and get the following printout:

Giving us our flag:

DUCTF{your_journey_is_over_a1eb723d}

Tools used:

• Cheat engine 7.5
• any screenshot tool