The Encrypted Password (rev)

PUBLISHED ON 06/04/2020 — EDITED ON 06/04/2020 — 247CTF, INFOSEC

Intro

This is my write-up of a Reversing challenge The Encrypted Flag on the CTF site 247CTF.com.

Howto

This one is a bit embarrassing for me, as it took way too much time. I was basically frustrated with this, should be so easy, but apparently still to hard for me to crack quickly. A few weeks later, I have learned about a tool called ltrace.

Run the binary through ltrace and for input, put in some random stuff (aa in this example):

$ ltrace ./encrypted_password
...
puts("Enter the secret password:"Enter the secret password:
)                                                                              = 27
fgets(aa
"aa\n", 33, 0x7fc3e03e8980)                                                                               = 0x7fff766848b0
strcmp("aa\n", "142c85ccfb2ae19d8d8c224c4e403dce"...)                                                           = 48
...
+++ exited (status 0) +++

The strcmp revealed its parameters. So we need to use the obtained string (142c85ccfb2ae19d8d8c224c4e403dce) to make the comparison true:

$ ltrace ./encrypted_password
...
puts("Enter the secret password:"Enter the secret password:
)                                                                              = 27
fgets(142c85ccfb2ae19d8d8c224c4e403dce
"142c85ccfb2ae19d8d8c224c4e403dce"..., 33, 0x7f841b424980)                                                = 0x7fffce77d0b0
strcmp("142c85ccfb2ae19d8d8c224c4e403dce"..., "142c85ccfb2ae19d8d8c224c4e403dce"...)                            = 0
printf("You found the flag!\n247CTF{%s}\n", "142c85ccfb2ae19d8d8c224c4e403dce"...You found the flag!
247CTF{142c85ccfb2ae19d8d8c224c4e403dce}
)                              = 61
...
+++ exited (status 0) +++

I have tried to obfuscate the real flag :D

See Also

TAGS: CTF, HACK, LTRACE, X64