CrossCTF_2018: GoGoGo

Category: Reversing Points: 996 Description:

Go get the password to this crackme! Creator -- quanyang (@quanyang) If your flag doesn't work, contact one of the admins on Discord. crackme-linux-stripped.go

Write-up

This challenge was a test on patience and really fun to crack. Firstly, the binary given is a Golang compiled binary, which means unlike your standard gcc compiled binaries, decompilation and reverse engineering is pure cancer.

To start solving this, search for the address of the string Good Bye!, once you have the address of that, look for it's references to find the main core of the program that checks your password. For brevity, the function starts at 0x80c3500. A small excerpt of the control flow graph can be found below,

flow-graph.

With that, the only thing left is to slowly reverse by reading the assembly. No writeup possible here. After going through all 16 bytes of hexadecimal values, you arrive at the password 10AD701BFA51102CFFD2E940EFD5E7F8.

# ./crackme-linux-stripped.go 
Welcome to CrossCTF 2018!
Enter the password:
10AD701BFA51102CFFD2E940EFD5E7F8
The flag is CrossCTF{969A5107E5FD394A1F4230B79BF08982}

Therefore, the flag is CrossCTF{969A5107E5FD394A1F4230B79BF08982}.

results matching ""

    No results matching ""