S3r14l_Br34k3r
Last updated
Was this helpful?
Last updated
Was this helpful?
here is the executable file to download
the executable is 64 bit that means that addresses will be 8 bytes and the exe is stripped that means we cannot view the function names even if we reverse engineer it
to reverse engineer an executable file you can use a variety of debuggers like ghidra, IDA Pro that have a GUI Interface or use a debugger that doesn't have a GUI but very powerful in terms of Dynamic Analysis like GDB or Radar2
in this case i will use ghidra, if u dont have ghidra installed on your linux machine install it using apt package manager running this command
and then to open ghidra run this command
now ghidra should be opened after a few seconds, now create a new Project
now we have created a new project now let's import the executable into the ghidra application so it can analyze it and decompile it for us
now few popups will be shown just click on yes and analyze
now let's open the Functions and take a look at all the functions that we have we can see that the functions names are random because the executable as i said in the beginning is stripped
now take a look at all the functions when u spot the __libc_start_main that mains that u have found the main function (ENTRY) double click on the function to see the decompiled code of the main function
and this is the decompiled main function
let's start explaining this code because if you didn't understand the code you will not be able to reverse it in the first place
the first thing is initializing and reserving space for variables and then take the input of username and the serial number from the user and storing them into the username and Serial_number variables respectivly
and then storing the length of the Serial number that the user have given us into te variable sVar1
Serial_Length variable will take the int value of the sVar1 variable which is the Serial Number's Length
and then we will start a loop that iterates based on the serial number's Length if it's 1 then we will iterate once
and then we will xor the Serial Number given by the user with the value 1 and store it in the Serial Number Variable
after the loop is finished we will compare the Serial Number after the XOR operation with the value 0 if it's indeed 0 then strcmp will return 0 if not it will return 1
then if the strcmp is returning 0 that means that the if statement will be true and Congratulation will be outputed if it's returning 0 then Invalid Serial Number will be outputed
so now after we have understood the mechanisms of this code let's reverse it and find a way into making the if statement true
to do this we have to find a serial number that xors 1 and outputs 0
since we can input the serial number with the length that we want we will use the serial number of 1 which will be xored with 1 once because the length of the serial number is 1 and 1 ^ 1 = 0 => the condition is true
let's now run the program and do it
to find the flag we have to hash the serial number that we have found which is 1, we will use an online MD5 hashing generator
DEFENSYS{c4ca4238a0b923820dcc509a6f75849b}
Greetings from Sayonara
