1.5 KiB
Lost In The Binary
The main idea finding the flag by IDA.
Step-1:
After we get the link:
https://mega.nz/#!XOwVmCSC!ut_5r6b32j2kD6EvlvsvJhmm58pbswusUXF08yI93Zo, we get the the binary file problem
.
Step-2:
After opening it in ida64, we get this code,
So its pretty clear that we use Anti-Debugging Technique for which hints are given in the question. That leads to LABEL_2
.
We will avoid from that by changing jnz
to jmp
in ida64
.
Step-3:
As you can see there is output "Input password" and our input go to the variable input
.
After that the value in key that is IdontKnowWhatsGoingOn
mov
to key2
.
Step-4:
In the next instruction we put in msg
the result of "str[4 * i] ^ LOBYTE(key2[i]);".
Later we are going through every letter in out input
and checking if this equal to the letter ing msg
.
So our only job is to break before the check and see what in msg
.
Step-5:
First thing find our address to break.
Using Radar2 and accessing the data stored in RAX,
we get the message in 0x555555755140
RAX's data.
Step-6:
Finally the flag becomes:
AbCTF{r3vers1ng_dud3}