BM01 - 250pts
Briefing
Download the file and find a way to get the flag. Contents: program
Challenge Files:
Solution
Running the program shows strange text. We can paste this into Google Translate to find that it is Russian.
Какой пароль?
translates toWhat password?
. Entering some input producesневерный
, which translates toincorrect
.Let's decompile the binary using Ghidra.
main
function:undefined8 main(void) { byte bVar1; byte bVar2; int iVar3; long in_FS_OFFSET; uint local_74; byte local_67 [15]; char local_58 [72]; long local_10; local_10 = *(long *)(in_FS_OFFSET + 0x28); puts("\x1b[36mКакой пароль?\x1b[0m"); printf("> "); fgets(local_58,0x3c,stdin); iVar3 = strcmp("молоток123\n",local_58); if (iVar3 == 0) { local_67[0] = 0xe4; local_67[1] = 100; local_67[2] = 0xa6; local_67[3] = 0x90; local_67[4] = 0x7c; local_67[5] = 0xa6; local_67[6] = 0x75; local_67[7] = 0xb8; local_67[8] = 0xa4; local_67[9] = 0xd; local_67[10] = 0xc; local_67[11] = 0x7f; local_67[12] = 0x7e; local_67[13] = 0xf3; local_67[14] = 1; local_74 = 0; while (local_74 < 0xf) { bVar2 = (byte)local_74; bVar1 = ~(~(~-((local_67[local_74] ^ 0xa5) - bVar2 ^ bVar2) ^ 0x8d) - 0xb); local_67[local_74] = (((bVar1 << 5 | bVar1 >> 3) + 0x37 ^ 0xe5) - 7 ^ bVar2) - 0x39; local_74 = local_74 + 1; } printf("\x1b[32mверный!\x1b[0m\n\n\x1b[33mфлаг: %s\x1b[0m\n",local_67); } else { puts("\x1b[31mневерный.\x1b[0m"); } if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) { /* WARNING: Subroutine does not return */ __stack_chk_fail(); } return 0; }
The program compares the user input to
молоток123
, which translates tohammer123
.Running the program and entering
молоток123
outputsверный! флаг: wh1te%BluE$R3d
(Translation:Right! Flag:
wh1te%BluE$R3d), which is the flag.
Flag
wh1te%BluE$R3d
Last updated
Was this helpful?