PACTF_2018: Getting To Know GDB

Category: Lovelace Points: 50 Description:

A friend sent me a mysterious binary. It’s supposed to print out the flag, but it’s giving me a weird poem and some hex instead.

Write-up

This challenge was lazily solved, where I dumped the stack rather than properly reverse engineer the challenge.

# r2 mysterious_elf.771c3c9447cd  -d
r_config_set: variable 'asm.cmtright' not found
Process with PID 10096 started...
= attach 10096 10096
bin.baddr 0x562d1d6e3000
Using 0x562d1d6e3000
asm.bits 64
 -- In Soviet Russia, radare2 has documentation.
[0x7f5a5a42ec30]> doo
Wait event received by different pid 10096
Process with PID 10097 started...
File dbg:///root/downloads/mysterious_elf.771c3c9447cd  reopened in read-write mode
= attach 10097 10097
WARNING: bin_strings buffer is too big (0xffffaa6df2c863c8). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffaa6df2c79138). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffaa6df2c76c98). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
10097
[0x7f38e52d1c30]> dc
This is the string you're allowed to see...
  It is here for viewing, no matter what your intention may be...

But something more interesting below this sea...
  Fortunately for you, there is such a thing as GDB!

The solution is simple, but you have been baited...
  For the println that reveals the flag has been truncated!

The flag was in there, all ready to go–but not anymore...
  Now all that remains is some random base 64!

The flag is:
 --> Z2ZRZHkwTDVEMDFMQmdZWQ== <--^Cchild stopped with signal 2
[+] SIGNAL 2 errno=0 addr=0x00000000 code=128 ret=0
[0x7f38e4cb8c00]> e search.in=dbg.stack
[0x7f38e4cb8c00]> / good
0x7ffe7e481320  0x000000000000003c   <....... ascii
0x7ffe7e481328  0x0000003000000002   ....0...
0x7ffe7e481330  0x000055920d9b9870   p....U.. heap R W 0x67616c6620656854 (The flag is: why_use_breakpoints_if_you_have_good_timing ) -->  ascii
0x7ffe7e481338  0x0000000000000039   9....... ascii
0x7ffe7e481340  0x0000000000000039   9....... ascii

Therefore, the flag is why_use_breakpoints_if_you_have_good_timing.

results matching ""

    No results matching ""