This is my write-up of a Reversing challenge The Encrypted Flag on the CTF site 247CTF.com.
This one is a bit embarrassing for me, as it took way too much time. I was basically frustrated with this, should be so easy, but apparently still to hard for me to crack quickly. A few weeks later, I have learned about a tool called ltrace.
Run the binary through ltrace and for input, put in some random stuff (aa in this example):
$ ltrace ./encrypted_password
...
puts("Enter the secret password:"Enter the secret password:
) = 27
fgets(aa
"aa\n", 33, 0x7fc3e03e8980) = 0x7fff766848b0
strcmp("aa\n", "142c85ccfb2ae19d8d8c224c4e403dce"...) = 48
...
+++ exited (status 0) +++
The strcmp revealed its parameters. So we need to use the obtained string (142c85ccfb2ae19d8d8c224c4e403dce) to make the comparison true:
$ ltrace ./encrypted_password
...
puts("Enter the secret password:"Enter the secret password:
) = 27
fgets(142c85ccfb2ae19d8d8c224c4e403dce
"142c85ccfb2ae19d8d8c224c4e403dce"..., 33, 0x7f841b424980) = 0x7fffce77d0b0
strcmp("142c85ccfb2ae19d8d8c224c4e403dce"..., "142c85ccfb2ae19d8d8c224c4e403dce"...) = 0
printf("You found the flag!\n247CTF{%s}\n", "142c85ccfb2ae19d8d8c224c4e403dce"...You found the flag!
247CTF{142c85ccfb2ae19d8d8c224c4e403dce}
) = 61
...
+++ exited (status 0) +++
I have tried to obfuscate the real flag :D