"CTF" Reverse CSC2015 120

Source: Cyber Security Challenge

Title: Crackme

Type: Reverse

Score: 120

Difficulty: medium (difficult to easy three levels)

Description: we found this binary, but we lost the password. Retrieve it for us.

Topic Links: https://github.com/ctfs/write-ups-2015/tree/master/cyber-security-challenge-2015/reverse-engineering/ Reverse-that-binary

Answer: Tnvrzsb0agugv2hhbgvz

?

?

?

Problem Solving Ideas:

Take a look at the file format, Linux 64-bit program

Put it in Ida. Find the main function, can make the following analysis, 1. Need to run the program with parameters 2. Parameter length is 20

By analyzing the assembly code, you can see that the IDA Analysis Const_return function has one less parameter.

Next we can analyze the framework of the entire program:

Convert input string to bit

To be removed from the rear and converted to int according to the predetermined length

Call Const_return to verify

Flag is output by calibration

?

Because there are many functions called in the Const_return, one-by-one analysis is too cumbersome, here you can write the so library to call the Const_return function, so that the different inputs can get the corresponding return value

From here we can get the address of the called 12 function sequentially, so we can write the following inject.c file

Compile the inject.c into inject.so

Let Crackme load the inject.so library by setting Ld_preload

Crackme executes our init function and successfully outputs a value that satisfies the condition. Considering the number of 01 in the string, here we choose the maximum value to calculate the Flag,python script as follows

Run to get flag

?

?

@Reference Bluecake

@Reference https://github.com/ctfs/write-ups-2015/tree/master/cyber-security-challenge-2015/reverse-engineering /reverse-that-binary

?

"CTF" Reverse CSC2015 120