challenges-descriptions/en/f5_not_allowed.html

So, I've heard you're kinda new to reverse-engineering ?<br>
<br>
Basically, in almost every challenge you'll be provided a binary hiding a secret.<br>
Your goal is generally to break the secret checking function in order to recover the flag.<br>
For this you'll need to understand the assembly code and write back the corresponding C code if you need to (or you can do it in real-time if you're not human).<br>
<br>
To make it easier, i'll give you the flag checking function only and your task will be to recover which input returns 1.<br>
I advise you to do some research about x86 ISA and x86 linux calling convention first.<br>
<br>
Good luck !<br>
<br>
<pre style="color:#cecece; padding-left: 15px; background-color:#000; font-weight: bolder;">
<code>
0000000000001139 &lt;check_secret&gt;:
    1139:       55                      push   rbp
    113a:       48 89 e5                mov    rbp,rsp
    113d:       48 89 7d e8             mov    QWORD PTR [rbp-0x18],rdi
    1141:       48 8b 45 e8             mov    rax,QWORD PTR [rbp-0x18]
    1145:       48 89 45 f8             mov    QWORD PTR [rbp-0x8],rax
    1149:       48 8b 45 f8             mov    rax,QWORD PTR [rbp-0x8]
    114d:       8b 00                   mov    eax,DWORD PTR [rax]
    114f:       35 40 20 5b 7f          xor    eax,0x7f5b2040
    1154:       89 45 f0                mov    DWORD PTR [rbp-0x10],eax
    1157:       48 8b 45 f8             mov    rax,QWORD PTR [rbp-0x8]
    115b:       48 83 c0 04             add    rax,0x4
    115f:       8b 00                   mov    eax,DWORD PTR [rax]
    1161:       35 53 23 59 76          xor    eax,0x76592353
    1166:       89 45 f4                mov    DWORD PTR [rbp-0xc],eax
    1169:       81 7d f0 37 13 37 13    cmp    DWORD PTR [rbp-0x10],0x13371337
    1170:       75 10                   jne    1182 &lt;check_secret+0x49&gt;
    1172:       81 7d f4 37 13 37 13    cmp    DWORD PTR [rbp-0xc],0x13371337
    1179:       75 07                   jne    1182 &lt;check_secret+0x49&gt;
    117b:       b8 01 00 00 00          mov    eax,0x1
    1180:       eb 05                   jmp    1187 &lt;check_secret+0x4e&gt;
    1182:       b8 00 00 00 00          mov    eax,0x0
    1187:       5d                      pop    rbp
    1188:       c3                      ret
</code>
</pre>
<br>
first commit 2022-02-18 00:20:57 +01:00			`So, I've heard you're kinda new to reverse-engineering ?<br>`
			`<br>`
			`Basically, in almost every challenge you'll be provided a binary hiding a secret.<br>`
			`Your goal is generally to break the secret checking function in order to recover the flag.<br>`
			`For this you'll need to understand the assembly code and write back the corresponding C code if you need to (or you can do it in real-time if you're not human).<br>`
			`<br>`
			`To make it easier, i'll give you the flag checking function only and your task will be to recover which input returns 1.<br>`
			`I advise you to do some research about x86 ISA and x86 linux calling convention first.<br>`
			`<br>`
			`Good luck !<br>`
			`<br>`
			`<pre style="color:#cecece; padding-left: 15px; background-color:#000; font-weight: bolder;">`
			`<code>`
			`0000000000001139 <check_secret>:`
			`1139: 55 push rbp`
			`113a: 48 89 e5 mov rbp,rsp`
			`113d: 48 89 7d e8 mov QWORD PTR [rbp-0x18],rdi`
			`1141: 48 8b 45 e8 mov rax,QWORD PTR [rbp-0x18]`
			`1145: 48 89 45 f8 mov QWORD PTR [rbp-0x8],rax`
			`1149: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]`
			`114d: 8b 00 mov eax,DWORD PTR [rax]`
			`114f: 35 40 20 5b 7f xor eax,0x7f5b2040`
			`1154: 89 45 f0 mov DWORD PTR [rbp-0x10],eax`
			`1157: 48 8b 45 f8 mov rax,QWORD PTR [rbp-0x8]`
			`115b: 48 83 c0 04 add rax,0x4`
			`115f: 8b 00 mov eax,DWORD PTR [rax]`
			`1161: 35 53 23 59 76 xor eax,0x76592353`
			`1166: 89 45 f4 mov DWORD PTR [rbp-0xc],eax`
			`1169: 81 7d f0 37 13 37 13 cmp DWORD PTR [rbp-0x10],0x13371337`
			`1170: 75 10 jne 1182 <check_secret+0x49>`
			`1172: 81 7d f4 37 13 37 13 cmp DWORD PTR [rbp-0xc],0x13371337`
			`1179: 75 07 jne 1182 <check_secret+0x49>`
			`117b: b8 01 00 00 00 mov eax,0x1`
			`1180: eb 05 jmp 1187 <check_secret+0x4e>`
			`1182: b8 00 00 00 00 mov eax,0x0`
			`1187: 5d pop rbp`
			`1188: c3 ret`
			`</code>`
			`</pre>`
			`<br>`