babyrev
Last updated
Last updated
IDA Freeware 7.6 has free decompiler for x86-64. Since all the challenges from pwn.college are x86-64 binaries, I highly recommend it. Nowadays, IDA is still the de facto standard for industry. That means, learning IDA is crucial if you plan to work as a security researcher.
Yes, you need "guessing" when you reverse a program. What that means is that you should make a hypothesis on what the program does based on your experience, then you dig into the program and verify your hypothesis. If the hypothesis is a bit off, adjust it and reverify. This trick would make your life a lot easier compared to simply reading disassembly codes line by line.
Starting from level 11, we are going to patch the binary to change its behavior. A good resource is the following video by LiveOverflow:
The program is a license key checker that does three things:
It reads user input using some bizarre method. For this level, the user input is read from argv[1].
It skips some bytes when reading input. For this level, no byte is skipped.
It mangles the input and compares the ouput with an expected result. For this level, there is no mangler.
This pattern holds for future levels as well. To find the correct license key, we need to do three things:
Figure out how user input is read.
Figure out how many bytes the program skips.
Figure out how the mangler works.
The main function compares argv[1] with a constant named EXPECTED_RESULT:
The EXPECTED_RESULT stores the string slv in little-endian format:
Feed in slv as argv[1] and get the flag:
This level can be easily solved in GDB. We set a breakpoint at strncmp and read $rsi (the second argument):
The program reads user input from argv[142]:
The EXPECTED_RESULT stores the string ifu in little-endian format:
Get flag: