Task:
By observing assembly there is a clear distractor place where 4 strings that looks like a flag are concatenated and something is done with them.
But as always clear things doesn't help to solve a problem or probably it is another way to solve it. Let's go to the place where the flag is printed. This place contains 37 calls to << operator which is exactly how much we need (5 for ASIS + 32 for md5).
We know that the first 5 bytes are "ASIS_" that will help us in a minute. Let's look into a block.
There are two parameters for each block: offset from the start of some key string(it is not presented on the screenshot because it is equal to 0 however other blocks will contain "add rax, 1" after assigning rax value from the rbp-some_val) and offset from the character which results in some flag character. It is notable that first offset that is index in string is not incremented by more than 6. So guessing 7 bytes of the key will provide us with the flag. As we know first 5 bytes we can recover 5 bytes of the key (not the flag) which are "Perfe". After deducing other bytes key becomes "Perfect" which is 7 bytes long. After that we can recover all bytes of the flag. Some intermediate work is on the screenshot:
So the flag is ASIS_5ad523f1f2efbbc3b804c948e4482487.
Find the flag. file
By observing assembly there is a clear distractor place where 4 strings that looks like a flag are concatenated and something is done with them.
We know that the first 5 bytes are "ASIS_" that will help us in a minute. Let's look into a block.
There are two parameters for each block: offset from the start of some key string(it is not presented on the screenshot because it is equal to 0 however other blocks will contain "add rax, 1" after assigning rax value from the rbp-some_val) and offset from the character which results in some flag character. It is notable that first offset that is index in string is not incremented by more than 6. So guessing 7 bytes of the key will provide us with the flag. As we know first 5 bytes we can recover 5 bytes of the key (not the flag) which are "Perfe". After deducing other bytes key becomes "Perfect" which is 7 bytes long. After that we can recover all bytes of the flag. Some intermediate work is on the screenshot:
No comments:
Post a Comment