CSAW CTF: Reversing 100
Binary available at http://repo.shell-storm.org/CTF/CSAW-2012/Reversing/100/
We’re given a PE32 executable file. On executing it, it displays some encrypted key. So basically, the program encrypts the key and we(or something else :P) should decrypt it.
Pop it into IDA. On seeing the disassembly of main, we see something interesting:
lea eax, [ebp+var_18] push eax call encrypt
The more hardcore(and difficult) way of doing it would be to reverse engineer the encrypt method(it’s easy if you have hexrays probably) but I did something far easier.
I noticed a method decrypt was also defined in the binary which should be able to decrypt it. So, I modified the call above to
with the help of Olly, using the memory location available from IDA and voila! We get the flag “welcome_to_csaw”!