In order to keep this challenge streak alive, I decide to play with another one from pwnable.kr called flag. This time our task is purely reverse enginnering, since we’re only given a binary, with no source code, no listening applications or ssh connections.
I started analyzing by running a file command on the binary.
It shows us that it’s a stripped binary. Running it only prints a message for us, telling how the code works using high level interpretation.
After running strings tool, I’ve noticed these lines - it’s packed with UPX packer. We can use upx tool to unpack the binary into a more readable one. Let’s take a look.
Great, now we’re ready to analyze it with gdb.
Here we have an assembly code of main function. One particular thing that brought my notice is at main+32, where something is passed into rdx. Let’s set a breakpoint line after, at mov+39 and check what rdx is storing.
Great, a flag! But after a little bit of playing with it, I’ve found another place where it’s possible to find a flag. Take a look at main+49 and see what’s in eax.
And here we have the flag, once again.
If you have any suggestions regarding this post or just want to chat together check out these ways to reach out to me.