<-- back

SCTF 2016 rev2 Writeup

rev2, 45 points, reversing

rev2 is another reverse engineering problem that was in the sctf2016 CTF. It is worth 25 more points than rev1 was but overall it is still a pretty low point total. This challenge was a litle bit harder than rev1 but it is far far far away from impossible even for a n00b like myself. Just like in the previous write up I am going to supply a copy of the binary incase sctf decides not too. The file can be found here.

disassemble1 disassemble2 I started by firing up gdb and disassembling main which is quite a bit longer than rev1.

breakpoint Then we are going to do something very similiar to what we did in rev1 and set a breakpoint at the compare. Now that we have a breakpoint at our compare lets run the program. You can type in whatever you want for the input and press enter, and our execution stops at the breakpoint. Lets go ahead and set our eax register to the value of 0x30dda83 and see what happens.

setreg Awesome! It prints out our flag!

But wait after the excitement dies down it is easy to see this is not our flag and our program did not output correctly, now what?

We can tell from the same compare line that $eax is being compared to a constant that is in the source code so lets go ahead and get 0x30dda83 as a decimal value. Which can easily be done by opening python and typing “print(int(“0x30dda83”, 16))”, by hand, or by finding a website online. Once it is converted you end up with 51239555. So lets try running this program again with this as our password.

flag Awesome, we got another flag! This will probably be my last write up from the sctf because my teammates are posting about the others. I will do one final recap in about a week with my thoughts, opinions, and feelings. In the mean time any questions, feel free to contact me!