Reverse Engineering
Last updated
Last updated
Given executable files (.exe/.ELF), players analyse low-level binary code/assembly code to understand how it works without knowing the high-level source code. Normally, there will be some hidden information leading players to the final flag. Since this challenge are beginner, I donβt use any tools except for compiler. But in real ctf challenge, some tools are needed such as gdb , ida or ghidra.
Given file format in C. Let read the source code.
Check on line 18, it use strcmp with some strings. As we know, strcmp function use to compare the source with others. In this case, it compare user input with the correct password which So3asy? Let run the code and put the password.
FLAG : FSECSS{So3asy?}
Given file format in C. Let readd the source code.
We have 2 important part here which line 3 β 6 are global variable declaration with value and line 16 strcmp. Same as previous questions. This time it compare with huh. From variable declarations, huh is 3nh4nc3d_l0ck
Flag : FSECSS{3nh4nc3d_l0ck}
Let download the file and check the source.
Let looking on line 18, it convert the strings into integer using atoi function. Then, line 20 is use to check either password enter are equal to 90. Let do calculation a bit.
FLAG : FSECSS{248}
As usual, download the file and see the source code.
This quiet same from previous question but this time using strlen function in line 18.(again).
Strlen mean, it calculate the length of strings.
FLAG : FSECSS{15}
Download the file and see the source code.
Oh oh, this time quite tricky. It appears to have calling function here. But still use strlen and strcmp. HMMMMM. Let analysis it,
For strlen it checks the size of password input. While strcmp, it compares the password using character positions.
That means, the password would look like, Gett1ngHard3r.
Yeah, that correct.
FLAG : FSECSS{Gett1ngHard3r}
Download the file and investigate the source code.
Something new finally. Based on this source code, it have declare variable from line 14 β 16. Next it using strcpy and strcat and also not forgotten one, strcmp.
Strcpy mean it will copy the value into another value.
(strcpy dest source)
Strcat mean concate (combine words).
Let analyze the source code. Line 20, it use strcpy where the value of c will be copy to value a. so now, value a = C0py. Line 21, strcat. It will combine value of b and c and also with a.
Therefor the new value of a will be, C0py3n4teC0py
Last, line 23 compare the value of a with user input password.
FLAG : FSECSS{C0py3n4teC0py}
