Impossible Password

TL; DR

ELF reverseing engineering
Patching code with Ghidra

Problem

In this challenge, the zip file contains an ELF file that when executed prints the string inputed.

First Secret

The first step when making reverse engineering is use strings. This simple trick solves 70% of easy reverse engineer challenges.

Seeing the output, one of them brought my eyes: SuperSekretKey , then I tried use it as input and it works. The first secret is found, let's dig more.

Second Secret

I use GHidra to decompile the code and analyze how the script works. After a few minutes renaming variables and understanding code I got this result:

After all, I came to two conclusions

The second secret is random and changes in execution time after my input;
I need to patch the code

So I decide to change de validation, replacing the assembly instructions JNZ (Jump Not Zero) to JZ (Jump Zero), to make all input a valid secret except by the random 14 characters string generated.

Patching the code

To patch the code I locate the instruction selecting if and in Assembly code in left panel i sleect JNZ and pres CTRL+Shift+G to patch the instruction.

After the change I export the binary in File - > Export Program, changing Format to ELF. So just execute the binary, input the first valid flag and any string as second input and BOOOM the flag was popped in my terminal

PreviousBaby RE NextStego

Last updated 2 years ago