BM01 - 250pts

Briefing

Download the file and find a way to get the flag. Contents: program
Challenge Files:

Solution

  1. 1.
    Running the program shows strange text. We can paste this into Google Translate to find that it is Russian. Какой пароль? translates to What password?. Entering some input produces неверный, which translates to incorrect.
  2. 2.
    Let's decompile the binary using Ghidra.
    main function:
    1
    undefined8 main(void)
    2
    3
    {
    4
    byte bVar1;
    5
    byte bVar2;
    6
    int iVar3;
    7
    long in_FS_OFFSET;
    8
    uint local_74;
    9
    byte local_67 [15];
    10
    char local_58 [72];
    11
    long local_10;
    12
    13
    local_10 = *(long *)(in_FS_OFFSET + 0x28);
    14
    puts("\x1b[36mКакой пароль?\x1b[0m");
    15
    printf("> ");
    16
    fgets(local_58,0x3c,stdin);
    17
    iVar3 = strcmp("молоток123\n",local_58);
    18
    if (iVar3 == 0) {
    19
    local_67[0] = 0xe4;
    20
    local_67[1] = 100;
    21
    local_67[2] = 0xa6;
    22
    local_67[3] = 0x90;
    23
    local_67[4] = 0x7c;
    24
    local_67[5] = 0xa6;
    25
    local_67[6] = 0x75;
    26
    local_67[7] = 0xb8;
    27
    local_67[8] = 0xa4;
    28
    local_67[9] = 0xd;
    29
    local_67[10] = 0xc;
    30
    local_67[11] = 0x7f;
    31
    local_67[12] = 0x7e;
    32
    local_67[13] = 0xf3;
    33
    local_67[14] = 1;
    34
    local_74 = 0;
    35
    while (local_74 < 0xf) {
    36
    bVar2 = (byte)local_74;
    37
    bVar1 = ~(~(~-((local_67[local_74] ^ 0xa5) - bVar2 ^ bVar2) ^ 0x8d) - 0xb);
    38
    local_67[local_74] = (((bVar1 << 5 | bVar1 >> 3) + 0x37 ^ 0xe5) - 7 ^ bVar2) - 0x39;
    39
    local_74 = local_74 + 1;
    40
    }
    41
    printf("\x1b[32mверный!\x1b[0m\n\n\x1b[33mфлаг: %s\x1b[0m\n",local_67);
    42
    }
    43
    else {
    44
    puts("\x1b[31mневерный.\x1b[0m");
    45
    }
    46
    if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) {
    47
    /* WARNING: Subroutine does not return */
    48
    __stack_chk_fail();
    49
    }
    50
    return 0;
    51
    }
    Copied!
    The program compares the user input to молоток123, which translates to hammer123.
  3. 3.
    Running the program and entering молоток123 outputs верный! флаг: wh1te%BluE$R3d (Translation: Right! Flag: wh1te%BluE$R3d), which is the flag.

Flag

wh1te%BluE$R3d
Last modified 1yr ago
Copy link