In this task we are given a x86-64 binary that prints a string.
It seems that according to the time or random functions one of the string is picked to be printed. This idea may be easily checked using strace utility.
Indeed there is a time function call.
Let's try to find those strings. They are seems to be encrypted because strings view doesn't contain any of them. Next step is to disassemble the binary. There are couple of notable places:
First one is where pointers to encrypted strings are placed onto the stack and one is chosen among them.
There is a call to pick_number (called by me) function that selects one from them. We can place breakpoint at the 0x401067 and set eax equal to 7. (All other strings are printed in an ordinary way of execution, so we are interested in the last one). Program refuses to print string even after we change picked_number.
Another intersting place is where we can get decrypted char from the string.
We can place a breakpoint at the 0x4010AD and peek at edi register. It will contain a character from string.
The result is : "The Flag is: c816a8eab33a67947cd647a7fc9fb254"
It seems that according to the time or random functions one of the string is picked to be printed. This idea may be easily checked using strace utility.
Let's try to find those strings. They are seems to be encrypted because strings view doesn't contain any of them. Next step is to disassemble the binary. There are couple of notable places:
First one is where pointers to encrypted strings are placed onto the stack and one is chosen among them.
Another intersting place is where we can get decrypted char from the string.
Great, Thanks !
ReplyDelete