In order to keep this challenge streak alive, I decide to play with another one from pwnable.kr called flag. This time our task is purely reverse enginnering, since we’re only given a binary, with no source code, no listening applications or ssh connections.
I started analyzing by running a file command on the binary.
It shows us that it’s a stripped binary. Running it only prints a message for us, telling how the code works using high level interpretation.
After running strings tool, I’ve noticed these lines - it’s packed with UPX packer. We can use upx tool to unpack the binary into a more readable one. Let’s take a look.
Great, now we’re ready to analyze it with gdb.
Here we have an assembly code of main function. One particular thing that brought my notice is at main+32, where something is passed into rdx. Let’s set a breakpoint line after, at mov+39 and check what rdx is storing.
Great, a flag! But after a little bit of playing with it, I’ve found another place where it’s possible to find a flag. Take a look at main+49 and see what’s in eax.