Monday, 29 August 2016

CTF Writeup - IceCTF 2016 - A Strong Feeling (RE 80)

  • Name - A Strong Feeling
  • Category - Reverse Engineering
  • Points - 80
  • Description - Do you think you could defeat this password checker for us? It's making me real pissed off!
  • Binary - Download here

Running the 64-bit ELF and giving it "some_random_input" as the input string:

root@kali: ~/Desktop
root@kali:~/Desktop# ./a_strong_feeling some_random_input Haxx0r ipsum gurfle deadlock exception ctl-c continue Dennis Ritchie. root@kali:~/Desktop#

Running the binary does not reveal anything about the expected input. Loading it in IDA, we're faced with a very complicated graph depicting the main function:

We notice that the last row of instruction blocks is predominantly made up of 2 different type of blocks. An example of each follows:

The red block outputs the Haxx0r message we got earlier whereas the green block contains a compare instruction for each of the characters in our input. Simply put, avoid the boxes with a call _printf instruction. This is done by providing the right character at each compare statement. If the comparison fails, we end up in a bad instruction block at the next round.

Putting breakpoints at each of the compare statements and noting the comparison character at each round, we end up with the flag:

root@kali: ~/Desktop
root@kali:~/Desktop# ./a_strong_feeling IceCTF{pip_install_angr} Wooooohoooo! root@kali:~/Desktop#