As with almost every reversing challenge, let’s run cutter, leave it to analyse for a few minutes and then cancel it. Search for the addresses of the following functions:
maybe_flag 0xFFFFAAAA
no_flag 0xFFFFAAAB
print_flag 0xFFFFAAAC
Based on the challenge name, doing a search yields us with interesting idea:
angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic (“concolic”) analysis, making it applicable to a variety of tasks.
Useful reading where I got the code:
https://cexplr.com/writeups/angr/3_angr_post_1.html
#!/usr/bin/env python3
import angr
import sys
# Create the project and load the binary
project = angr.Project("./angr-y_binary")
# Create a state based on the current loaded binary
state = project.factory.entry_state()
# Construct the simulation manager set with the current state
simmgr = project.factory.simulation_manager(state)
# Find the address to find and avoid
find = 0xFFFFAAAC
avoid = 0xFFFFAAAB
# Start exploring different inputs and hopefully find the find function that we want
simmgr.explore(find=find,avoid=avoid)
# if there is a solution,
if simmgr.found[0]:
print("found a solution")
# Print out the input that Angr had found
print(simmgr.found[0].posix.dumps(sys.stdin.fileno()))
else:
print("No found solutions")
Use the brute forced password to login and obtain the flag.