zctf-arm64-re300

Re300-arm64

???? is a 64-bit ARM program. Using Ida to load, pop out of this box, that is, IDA6.6 has not yet implemented relocation analysis of ARM64-bit programs.

???? Because of this, even the call to the LIBC library function is not visible. As the start function:

???? Even __libc_start_main can not see, in addition, the program to STRLEN,MALLOC,MEMSET,SCANF and other library function calls are not seen, good one bad. If you look at the. Got.plt, you will find the reason is here,. GOT.PLT is really not what we want to see.

In order to solve this problem, I use readelf to help me.

?

???? With these things, I rename some of the function names in the program manually, so I can analyze them. Now look at start, is not much better?

???? After that, you can analyze it. The main function is simple, read into the string, processed, and if required, output congratulations.

????

???? Below you can analyze the algorithm of the program, I use QEMU to build an arm architecture of the 64-bit Ubuntu server, and then also can debug.

???? The final analysis of the algorithm is: read a string of strings, take out 3 characters, 3 characters is 24 bits, from 24 bits to remove 6 bits in turn as a character, then 3 characters are changed to 4 characters, if the user entered a string of length 15, then processed to get a string length of 20. For this processed string, the program takes 5 characters in turn and lists 5 equations (obtained by the analysis algorithm). Then we can determine the 5 characters by solving these 5 equations, and then we can determine the input.

?

?

?

?

zctf-arm64-re300