🚩babyrev
Notes
IDA Freeware
IDA Freeware 7.6 has free decompiler for x86-64. Since all the challenges from pwn.college are x86-64 binaries, I highly recommend it. Nowadays, IDA is still the de facto standard for industry. That means, learning IDA is crucial if you plan to work as a security researcher.
Making Educated Guesses
Yes, you need "guessing" when you reverse a program. What that means is that you should make a hypothesis on what the program does based on your experience, then you dig into the program and verify your hypothesis. If the hypothesis is a bit off, adjust it and reverify. This trick would make your life a lot easier compared to simply reading disassembly codes line by line.
Patching
Starting from level 11, we are going to patch the binary to change its behavior. A good resource is the following video by LiveOverflow:
Level 1
Challenge
Program Analysis
The program is a license key checker that does three things:
It reads user input using some bizarre method. For this level, the user input is read from
argv[1].It skips some bytes when reading input. For this level, no byte is skipped.
It mangles the input and compares the ouput with an expected result. For this level, there is no mangler.
This pattern holds for future levels as well. To find the correct license key, we need to do three things:
Figure out how user input is read.
Figure out how many bytes the program skips.
Figure out how the mangler works.
Solution 1: Static Analysis
The main function compares argv[1] with a constant named EXPECTED_RESULT:
The EXPECTED_RESULT stores the string slv in little-endian format:
Feed in slv as argv[1] and get the flag:
Solution 2: Dynamic Analysis
This level can be easily solved in GDB. We set a breakpoint at strncmp and read $rsi (the second argument):
Level 2
Challenge
Solution
The program reads user input from argv[142]:
The EXPECTED_RESULT stores the string ifu in little-endian format:
Get flag:
Last updated