2023 Business CTF: Cobalt COBOL

#htb #ctf #reverse-engineering #hard #cobol #punch-cards

Challenge Information

AttributeDetails
Event2023 Business CTF
CategoryReverse Engineering
ChallengeCobalt COBOL
DifficultyHard

Summary

Cobalt COBOL is a hard-level reverse engineering challenge involving the analysis of an ancient COBOL program encoded as punch cards. During an interception mission, a team discovered a stack of punch cards that appear to be a code update for an old Asteroid Cobalt Mining Facility. With no active COBOL programmers remaining, the task is to decode and understand this legacy program to extract its secrets.

Challenge Information

The challenge description states:

“When intercepting a delivery towards a quite old Asteroid Cobalt Mining Facility we got our hands on a stack of punch cards, it looks like these are some kind of code update? Since the last COBOL programmer died over a century ago we hoped that maybe you can analyze this ancient relic.”

Challenge Type: Reverse Engineering Difficulty: Hard Docker Support: Not available

Analysis

Understanding Punch Cards

Punch cards were the primary method of encoding programs and data in the 1950s-1980s era. The provided scans.txt file contains visual representations of punch card layouts with:

  • Rows labeled 0-12 (representing card rows)
  • Columns for character positions
  • ‘x’ marks indicating holes punched in the card

Card Format Structure

A standard IBM punch card contains:

  • Columns 1-72: Program/data content
  • Columns 73-80: Card sequence numbers (often ignored)
  • Row 0-9: Digit rows (0-9)
  • Row 11, 12: Zone rows (punch combinations)

Character encoding uses zone/digit combinations:

  • Letters use zone (11, 12, 0) + digit punch
  • Numbers use digit punch alone
  • Special characters use zone + digit combinations

Decoding the Punch Card Data

The visual representation in scans.txt shows:

    __________________________________________________________________________________
   / &-0123456789ABCDEFGHIJKLMNOPQR/STUVWXYZ:#@'=".{(+|!$*);,%_}?                     \
12|  x           xxxxxxxxx                        xxxxx                                |
11|   x                   xxxxxxxxx                    xxxxx                           |
 0|    x                           xxxxxxxxx                xxxxx                      |
 1|     x        x        x        x                                                   |
 2|      x        x        x        x       x          x                               |
...

This represents the character positions across the card. By analyzing which columns have punches in which rows, you can decode the COBOL program.

COBOL Program Structure

Based on the punch card layout, the program likely contains:

  1. IDENTIFICATION DIVISION: Program identification
  2. DATA DIVISION: Variable declarations and data structures
  3. PROCEDURE DIVISION: Program logic and operations

Common COBOL operations for a mining facility controller might include:

  • Mineral processing calculations
  • Equipment status monitoring
  • Resource accumulation tracking
  • Alert/notification logic

Solution

Step 1: Analyze the Punch Card Scans

Extract each character from the visual representation:

def decode_punch_card(card_visual):
    """
    Decode punch card visual representation
    Analyze which columns have punches in which rows
    """
    # For each column, identify the zone and digit punches
    # Map to the corresponding character
    decoded_characters = []


    # Character mapping for standard punch card encoding
    char_map = {
        # (zone_row, digit_row): character
        (0, 0): ' ',     # space
        (12, 1): 'A',    # A
        (12, 2): 'B',    # B
        # ... and so on for all characters
    }


    return ''.join(decoded_characters)

Step 2: Reconstruct the Source Code

Convert the decoded punch card data into readable COBOL source code:

       IDENTIFICATION DIVISION.
       PROGRAM-ID. COBALT-MINING-UPDATE.


       DATA DIVISION.
       FILE SECTION.


       WORKING-STORAGE SECTION.
       01 FACILITY-STATUS PIC X(10).
       01 COBALT-DEPOSIT PIC 9(8).
       01 PROCESSING-RATE PIC 9(5)V99.


       PROCEDURE DIVISION.
       MAIN-LOGIC.
           PERFORM UPDATE-FACILITY.
           PERFORM CALCULATE-YIELD.
           STOP RUN.

Step 3: Analyze the COBOL Logic

Understand the program’s purpose:

  • Is it updating facility parameters?
  • What calculations does it perform?
  • What outputs or side effects does it produce?

Step 4: Extract the Flag

The flag is likely:

  • Encoded in the program logic
  • Hidden in variable names
  • In comments or special output sequences
  • Derived from the program’s computation

COBOL Interpretation Guide

Common COBOL Keywords

KeywordPurpose
IDENTIFICATION DIVISIONProgram metadata
DATA DIVISIONVariable declarations
PROCEDURE DIVISIONProgram logic
PERFORMCall a procedure
IF…ELSEConditional execution
MOVEAssign value
COMPUTEArithmetic calculation
DISPLAYOutput to console

Punch Card Character Reference

The standard punch card character set includes:

  • Uppercase letters: A-Z (Zone 12, 11, or 0 + digit)
  • Numerals: 0-9 (Digit alone)
  • Special characters: Space, period, comma, parentheses, etc.

Key Takeaways

  • Legacy Code Analysis: Understanding historical programming paradigms is valuable
  • Encoding Formats: Punch cards represent a unique encoding method
  • Program Reconstruction: Converting between formats requires attention to detail
  • Documentation: Legacy systems often lack good documentation
  • Automated Tools: Consider writing tools to automate punch card decoding
  • Historical Context: Understanding the purpose helps interpret ancient code

Resources

For understanding COBOL and punch cards:

  1. COBOL syntax and structure documentation
  2. IBM punch card reference guides
  3. Historical computing documentation
  4. Online COBOL interpreters for verification