40 lines
2.3 KiB
HTML
40 lines
2.3 KiB
HTML
|
So, I've heard you're kinda new to reverse-engineering ?<br>
|
||
|
<br>
|
||
|
Basically, in almost every challenge you'll be provided a binary hiding a secret.<br>
|
||
|
Your goal is generally to break the secret checking function in order to recover the flag.<br>
|
||
|
For this you'll need to understand the assembly code and write back the corresponding C code if you need to (or you can do it in real-time if you're not human).<br>
|
||
|
<br>
|
||
|
To make it easier, i'll give you the flag checking function only and your task will be to recover which input returns 1.<br>
|
||
|
I advise you to do some research about x86 ISA and x86 linux calling convention first.<br>
|
||
|
<br>
|
||
|
Good luck !<br>
|
||
|
<br>
|
||
|
<pre style="color:#cecece; padding-left: 15px; background-color:#000; font-weight: bolder;">
|
||
|
<code>
|
||
|
0000000000001139 <check_secret>:
|
||
|
1139: 55 push rbp
|
||
|
113a: 48 89 e5 mov rbp,rsp
|
||
|
113d: 48 89 7d e8 mov QWORD PTR [rbp-0x18],rdi
|
||
|
1141: 48 8b 45 e8 mov rax,QWORD PTR [rbp-0x18]
|
||
|
1145: 48 89 45 f8 mov QWORD PTR [rbp-0x8],rax
|
||
|
1149: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]
|
||
|
114d: 8b 00 mov eax,DWORD PTR [rax]
|
||
|
114f: 35 40 20 5b 7f xor eax,0x7f5b2040
|
||
|
1154: 89 45 f0 mov DWORD PTR [rbp-0x10],eax
|
||
|
1157: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]
|
||
|
115b: 48 83 c0 04 add rax,0x4
|
||
|
115f: 8b 00 mov eax,DWORD PTR [rax]
|
||
|
1161: 35 53 23 59 76 xor eax,0x76592353
|
||
|
1166: 89 45 f4 mov DWORD PTR [rbp-0xc],eax
|
||
|
1169: 81 7d f0 37 13 37 13 cmp DWORD PTR [rbp-0x10],0x13371337
|
||
|
1170: 75 10 jne 1182 <check_secret+0x49>
|
||
|
1172: 81 7d f4 37 13 37 13 cmp DWORD PTR [rbp-0xc],0x13371337
|
||
|
1179: 75 07 jne 1182 <check_secret+0x49>
|
||
|
117b: b8 01 00 00 00 mov eax,0x1
|
||
|
1180: eb 05 jmp 1187 <check_secret+0x4e>
|
||
|
1182: b8 00 00 00 00 mov eax,0x0
|
||
|
1187: 5d pop rbp
|
||
|
1188: c3 ret
|
||
|
</code>
|
||
|
</pre>
|
||
|
<br>
|