CTFlearn-Writeups/Reverse/RE_verseDIS/README.md

1.5 KiB

Lost In The Binary

The main idea finding the flag by IDA.

Step-1:

After we get the link: https://mega.nz/#!XOwVmCSC!ut_5r6b32j2kD6EvlvsvJhmm58pbswusUXF08yI93Zo, we get the the binary file problem.

Step-2:

After opening it in ida64, we get this code,

code

So its pretty clear that we use Anti-Debugging Technique for which hints are given in the question. That leads to LABEL_2.
We will avoid from that by changing jnz to jmp in ida64.

Step-3:

ptrace
picture url

As you can see there is output "Input password" and our input go to the variable input. After that the value in key that is IdontKnowWhatsGoingOn mov to key2.

Step-4:

In the next instruction we put in msg the result of "str[4 * i] ^ LOBYTE(key2[i]);".

Later we are going through every letter in out input and checking if this equal to the letter ing msg.

So our only job is to break before the check and see what in msg .

Step-5:

First thing find our address to break.

Using Radar2 and accessing the data stored in RAX, we get the message in 0x555555755140 RAX's data.

Step-6:

Finally the flag becomes: AbCTF{r3vers1ng_dud3}