NCS Competition 2021 Writeup
Search…
BM01 - 250pts
Briefing
Download the file and find a way to get the flag. Contents: program
Challenge Files:
Solution
- 1.Running the program shows strange text. We can paste this into Google Translate to find that it is Russian.
Какой пароль?translates toWhat password?. Entering some input producesневерный, which translates toincorrect. - 2.Let's decompile the binary using Ghidra.
mainfunction:1undefined8 main(void)23{4byte bVar1;5byte bVar2;6int iVar3;7long in_FS_OFFSET;8uint local_74;9byte local_67 [15];10char local_58 [72];11long local_10;1213local_10 = *(long *)(in_FS_OFFSET + 0x28);14puts("\x1b[36mКакой пароль?\x1b[0m");15printf("> ");16fgets(local_58,0x3c,stdin);17iVar3 = strcmp("молоток123\n",local_58);18if (iVar3 == 0) {19local_67[0] = 0xe4;20local_67[1] = 100;21local_67[2] = 0xa6;22local_67[3] = 0x90;23local_67[4] = 0x7c;24local_67[5] = 0xa6;25local_67[6] = 0x75;26local_67[7] = 0xb8;27local_67[8] = 0xa4;28local_67[9] = 0xd;29local_67[10] = 0xc;30local_67[11] = 0x7f;31local_67[12] = 0x7e;32local_67[13] = 0xf3;33local_67[14] = 1;34local_74 = 0;35while (local_74 < 0xf) {36bVar2 = (byte)local_74;37bVar1 = ~(~(~-((local_67[local_74] ^ 0xa5) - bVar2 ^ bVar2) ^ 0x8d) - 0xb);38local_67[local_74] = (((bVar1 << 5 | bVar1 >> 3) + 0x37 ^ 0xe5) - 7 ^ bVar2) - 0x39;39local_74 = local_74 + 1;40}41printf("\x1b[32mверный!\x1b[0m\n\n\x1b[33mфлаг: %s\x1b[0m\n",local_67);42}43else {44puts("\x1b[31mневерный.\x1b[0m");45}46if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) {47/* WARNING: Subroutine does not return */48__stack_chk_fail();49}50return 0;51}Copied!The program compares the user input toмолоток123, which translates tohammer123. - 3.Running the program and entering
молоток123outputsверный! флаг: wh1te%BluE$R3d(Translation:Right! Flag:wh1te%BluE$R3d), which is the flag.
Flag
wh1te%BluE$R3dLast modified 1yr ago