challenges-descriptions/en/f5_not_allowed.html

40 lines
2.3 KiB
HTML
Raw Permalink Normal View History

2022-02-18 00:20:57 +01:00
So, I've heard you're kinda new to reverse-engineering ?<br>
<br>
Basically, in almost every challenge you'll be provided a binary hiding a secret.<br>
Your goal is generally to break the secret checking function in order to recover the flag.<br>
For this you'll need to understand the assembly code and write back the corresponding C code if you need to (or you can do it in real-time if you're not human).<br>
<br>
To make it easier, i'll give you the flag checking function only and your task will be to recover which input returns 1.<br>
I advise you to do some research about x86 ISA and x86 linux calling convention first.<br>
<br>
Good luck !<br>
<br>
<pre style="color:#cecece; padding-left: 15px; background-color:#000; font-weight: bolder;">
<code>
0000000000001139 &lt;check_secret&gt;:
1139: 55 push rbp
113a: 48 89 e5 mov rbp,rsp
113d: 48 89 7d e8 mov QWORD PTR [rbp-0x18],rdi
1141: 48 8b 45 e8 mov rax,QWORD PTR [rbp-0x18]
1145: 48 89 45 f8 mov QWORD PTR [rbp-0x8],rax
1149: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]
114d: 8b 00 mov eax,DWORD PTR [rax]
114f: 35 40 20 5b 7f xor eax,0x7f5b2040
1154: 89 45 f0 mov DWORD PTR [rbp-0x10],eax
1157: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]
115b: 48 83 c0 04 add rax,0x4
115f: 8b 00 mov eax,DWORD PTR [rax]
1161: 35 53 23 59 76 xor eax,0x76592353
1166: 89 45 f4 mov DWORD PTR [rbp-0xc],eax
1169: 81 7d f0 37 13 37 13 cmp DWORD PTR [rbp-0x10],0x13371337
1170: 75 10 jne 1182 &lt;check_secret+0x49&gt;
1172: 81 7d f4 37 13 37 13 cmp DWORD PTR [rbp-0xc],0x13371337
1179: 75 07 jne 1182 &lt;check_secret+0x49&gt;
117b: b8 01 00 00 00 mov eax,0x1
1180: eb 05 jmp 1187 &lt;check_secret+0x4e&gt;
1182: b8 00 00 00 00 mov eax,0x0
1187: 5d pop rbp
1188: c3 ret
</code>
</pre>
<br>