flag

{"author": ["ret2basic"]}

Challenge

Papa brought me a packed present! let's open it.

Download : http://pwnable.kr/bin/flag

This is reversing task. all you need is binary

Solution

Note that the binary is packed using UPX. Unpack it:

upx -d flag

Open the binary in GDB and disassemble the main function:

0x0000000000401164 <+0>:     push   rbp
0x0000000000401165 <+1>:     mov    rbp,rsp
0x0000000000401168 <+4>:     sub    rsp,0x10
0x000000000040116c <+8>:     mov    edi,0x496658
0x0000000000401171 <+13>:    call   0x402080 <puts>
0x0000000000401176 <+18>:    mov    edi,0x64
0x000000000040117b <+23>:    call   0x4099d0 <malloc>
0x0000000000401180 <+28>:    mov    QWORD PTR [rbp-0x8],rax
0x0000000000401184 <+32>:    mov    rdx,QWORD PTR [rip+0x2c0ee5] # 0x6c2070 <flag>
0x000000000040118b <+39>:    mov    rax,QWORD PTR [rbp-0x8]
0x000000000040118f <+43>:    mov    rsi,rdx
0x0000000000401192 <+46>:    mov    rdi,rax
0x0000000000401195 <+49>:    call   0x400320
0x000000000040119a <+54>:    mov    eax,0x0
0x000000000040119f <+59>:    leave
0x00000000004011a0 <+60>:    ret

The flag is stored at 0x6c2070. Dump the content:

pwndbg> x/s *0x6c2070
PreviousbofNextpasscode

Last updated