際際滷

際際滷Share a Scribd company logo
BSides Delhi CTF 2018 WriteUp
krev (Reversing 200points)
by    (Alchemic)
2
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
れ螻 螳 覓語螳 譯殊伎.
覓語 る朱 覲伎 , NetBSD 貉る 覈 覿 覓語 蟆 螳給.
覓語 殊 豢 朱 譯殊伎覃, 豢 伎覃 れ螻 螳 れ 朱れ 誤 
給.
朱れ 危エ覲企 貉る 覈(chall1.kmod), NetBSD ろ 企語(netbsd.img), 蠏碁Μ螻
qemu 覦 gdb れ襯  ろ襴渚碁れ 誤  給.
覓語 貉る 覈企朱 瑚 朱襦 chall1.kmod 殊 [IDA Pro]襯 
 朱 覿 讌襦 蟆給.
3
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
4
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
 覈襦 譴 豌朱 螳    [get_flag_ready]  [chall1_read] 
企襦,   襯 襾殊 覲企襦 蟆給.
襾殊 覓伎瑚襯 ル 襦 覲伎讌 [chall1_read] 襯 覲企襦 蟆給.
5
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
[chall1_read  朱] [chall1_read   貊]
6
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
[chall1_read]  C ろ  貊襯 覲企
轟 覓語伎 襷譟燕蟆 覃 [get_flag_ready]
襯 語 蟆 誤  給.
, 覲 v4  覲 dword_80006AC
螳 l伎朱 蟆 誤  給.
襾殊, 豌覯讌碁 覦危碁ゼ 觜蟲 覿覿
覓語襦 覲伎讌 Decimal ASCII襦 覲
覃 れ螻 螳 覓語伎 誤  給.
103 105 118 101 95 116 104 ...
 give_this_to_get_flag
讀,  覓語願骸 觜蟲襯  , [get_flag_ready]
襯 語 蟆.
7
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
[get_flag_ready  朱] [get_flag_ready   貊 朱]
8
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
[get_flag_ready]  C ろ  貊襯
覲願 覃, md5hash()  sha1hash() 
  ろ 覈 螻,
[*(&v2 + i) xor *(&byte_80006D5 + i)]
一一  覿覿 誤  給.
[*(&v2 + i)] [get_flag_ready]  v2覿
v41蟾讌 ル 轟 覦危碁れ 覩誤覃,
[*(&byte_80006D5 + i)] 企 蟆語 語
伎狩 螳 給.
一 一一 讌蠍   螳 伎 襯
蟇一覩襦, 伎れ 誤企慨襦 .
 伎 襯 蟇一覃伎 xor 一一 
[*(&byte_80006D5 + i)] 螳
襷れ伎 蟆朱 豢
9
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
襾殊, [md5hash]  C ろ  貊襯 誤企慨覃, [chall1_read]  覲伎
覲 s 覓語伎伎 give_this_to_get_flag md5 伎螳 byte_80006B4 
 蟆 誤  給.
md5(give_this_to_get_flag) = 29c5d56f77a0d0369c55101c53005050
10
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
[sha1hash]  C ろ  貊襯
覲願 覃, md5 伎螳 れ 螳語
sha1 伎襯 讌螻, 伎螳  誤
[get_flag_ready]  [&byte_80006D5]
襦 ロ 蟆 誤  給.
讀, ル 豕譬 伎螳
sha1(md5(give_this_to_get_flag))
= 001b6a634bee73d9fe2d88bb4435fb1ee3ad7918
.
11
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
れ [get_flag_ready]  C ろ 
貊襦  豕譬朱 覿 讌襦
蟆給.
蟆郁記 dword_80006AC[i] flag襦 豢 
 覦危碁れ 一磯 ル 蟆企手 螳
  給.
讌蠍蟾讌 覿 蟆 襦 dword_80006AC襯
誤企慨襦 蟆給.
12
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
=> dword_80006AC[i]
13
BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
flag 螳 谿場給!
The flag is... flag{netB5D_i5_4ws0m3_y0u_sh0uld_7ry_i7}
Thank You!
Contact
sehands@sju.ac.kr

More Related Content

BSides Delhi CTF 2018 [krev (Reversing 200pts)] WriteUp

  • 1. BSides Delhi CTF 2018 WriteUp krev (Reversing 200points) by (Alchemic)
  • 2. 2 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] れ螻 螳 覓語螳 譯殊伎. 覓語 る朱 覲伎 , NetBSD 貉る 覈 覿 覓語 蟆 螳給.
  • 3. 覓語 殊 豢 朱 譯殊伎覃, 豢 伎覃 れ螻 螳 れ 朱れ 誤 給. 朱れ 危エ覲企 貉る 覈(chall1.kmod), NetBSD ろ 企語(netbsd.img), 蠏碁Μ螻 qemu 覦 gdb れ襯 ろ襴渚碁れ 誤 給. 覓語 貉る 覈企朱 瑚 朱襦 chall1.kmod 殊 [IDA Pro]襯 朱 覿 讌襦 蟆給. 3 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)]
  • 4. 4 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] 覈襦 譴 豌朱 螳 [get_flag_ready] [chall1_read] 企襦, 襯 襾殊 覲企襦 蟆給. 襾殊 覓伎瑚襯 ル 襦 覲伎讌 [chall1_read] 襯 覲企襦 蟆給.
  • 5. 5 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] [chall1_read 朱] [chall1_read 貊]
  • 6. 6 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] [chall1_read] C ろ 貊襯 覲企 轟 覓語伎 襷譟燕蟆 覃 [get_flag_ready] 襯 語 蟆 誤 給. , 覲 v4 覲 dword_80006AC 螳 l伎朱 蟆 誤 給. 襾殊, 豌覯讌碁 覦危碁ゼ 觜蟲 覿覿 覓語襦 覲伎讌 Decimal ASCII襦 覲 覃 れ螻 螳 覓語伎 誤 給. 103 105 118 101 95 116 104 ... give_this_to_get_flag 讀, 覓語願骸 觜蟲襯 , [get_flag_ready] 襯 語 蟆.
  • 7. 7 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] [get_flag_ready 朱] [get_flag_ready 貊 朱]
  • 8. 8 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] [get_flag_ready] C ろ 貊襯 覲願 覃, md5hash() sha1hash() ろ 覈 螻, [*(&v2 + i) xor *(&byte_80006D5 + i)] 一一 覿覿 誤 給. [*(&v2 + i)] [get_flag_ready] v2覿 v41蟾讌 ル 轟 覦危碁れ 覩誤覃, [*(&byte_80006D5 + i)] 企 蟆語 語 伎狩 螳 給. 一 一一 讌蠍 螳 伎 襯 蟇一覩襦, 伎れ 誤企慨襦 . 伎 襯 蟇一覃伎 xor 一一 [*(&byte_80006D5 + i)] 螳 襷れ伎 蟆朱 豢
  • 9. 9 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] 襾殊, [md5hash] C ろ 貊襯 誤企慨覃, [chall1_read] 覲伎 覲 s 覓語伎伎 give_this_to_get_flag md5 伎螳 byte_80006B4 蟆 誤 給. md5(give_this_to_get_flag) = 29c5d56f77a0d0369c55101c53005050
  • 10. 10 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] [sha1hash] C ろ 貊襯 覲願 覃, md5 伎螳 れ 螳語 sha1 伎襯 讌螻, 伎螳 誤 [get_flag_ready] [&byte_80006D5] 襦 ロ 蟆 誤 給. 讀, ル 豕譬 伎螳 sha1(md5(give_this_to_get_flag)) = 001b6a634bee73d9fe2d88bb4435fb1ee3ad7918 .
  • 11. 11 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] れ [get_flag_ready] C ろ 貊襦 豕譬朱 覿 讌襦 蟆給. 蟆郁記 dword_80006AC[i] flag襦 豢 覦危碁れ 一磯 ル 蟆企手 螳 給. 讌蠍蟾讌 覿 蟆 襦 dword_80006AC襯 誤企慨襦 蟆給.
  • 12. 12 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] => dword_80006AC[i]
  • 13. 13 BSides Delhi CTF 2018 WriteUp [krev (Reversing 200points)] flag 螳 谿場給! The flag is... flag{netB5D_i5_4ws0m3_y0u_sh0uld_7ry_i7}