180010027
/
CTFlearn-Writeups
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
CTFlearn Writeups
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
11 MiB
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
CTFlearn-Writeups/Reverse/RE_verseDIS
rishitsaiya 53fd30619d
Added CTFlearn writeups 		4 years ago
..
README.md Added CTFlearn writeups 4 years ago
problem Added CTFlearn writeups 4 years ago

README.md

Lost In The Binary

The main idea finding the flag by IDA.

Step-1:

After we get the link: https://mega.nz/#!XOwVmCSC!ut_5r6b32j2kD6EvlvsvJhmm58pbswusUXF08yI93Zo, we get the the binary file problem.

Step-2:

After opening it in ida64, we get this code,

code

So its pretty clear that we use Anti-Debugging Technique for which hints are given in the question. That leads to LABEL_2.
We will avoid from that by changing jnz to jmp in ida64.

Step-3:

ptrace
picture url

As you can see there is output "Input password" and our input go to the variable input. After that the value in key that is IdontKnowWhatsGoingOn mov to key2.

Step-4:

In the next instruction we put in msg the result of "str[4 * i] ^ LOBYTE(key2[i]);".

Later we are going through every letter in out input and checking if this equal to the letter ing msg.

So our only job is to break before the check and see what in msg .

Step-5:

First thing find our address to break.

Using Radar2 and accessing the data stored in RAX, we get the message in 0x555555755140 RAX's data.

Step-6:

Finally the flag becomes: AbCTF{r3vers1ng_dud3}