CSAW CTF: Reversing 400
After downloading the executable, I use file to get some information:
Uh oh. My system is 32 bit and I don’t have any cross compilers installed. Luckily, I have an Amazon AWS account. I spin up a generic Ubuntu 64 bit micro instance, transfer the file, and begin investigating.
A quick run of the program prints the target key, but it’s encrypted. No command line arguments are accepted, therefore this problem requires a patch.
I fire up gdb and start snooping around in the binary. To my luck, the ELF still has debugging symbols, so all of the function calls have obvious names:
The only three non library calls are encrypt, decrypt, and done. There are no
branching instructions switching between calling encrypt and decrypt, so
So instead of patching the binary, which would be tough with gdb, I decide to modify its state at runtime. I set a breakpoint on the call to encrypt and run the program. It hits and I change RIP (not EIP, this is 64 bit) to the call of decrypt.
This problem had the same solution to Reversing 100, except it was an ELF binary instead of an EXE. What a quick 400 points!