Skip to content

CSAW CTF: Reversing 100

October 1, 2012

Binary available at http://repo.shell-storm.org/CTF/CSAW-2012/Reversing/100/

We’re given a PE32 executable file. On executing it, it displays some encrypted key. So basically, the program encrypts the key and we(or something else :P) should decrypt it.

Pop it into IDA. On seeing the disassembly of main, we see something interesting:

lea eax, [ebp+var_18]
push eax
call encrypt

The more hardcore(and difficult) way of doing it would be to reverse engineer the encrypt method(it’s easy if you have hexrays probably) but I did something far easier.

I noticed a method decrypt was also defined in the binary which should be able to decrypt it. So, I modified the call above to

call decrypt

with the help of Olly, using the memory location available from IDA and voila! We get the flag “welcome_to_csaw”!

Advertisements

From → CTF/BIOS

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: