6.5.16

[Writeup] iHack2016 - RE 400

RE400
macam biasa cari flag dlm binary
first check packed ke tak, so guna peid kita tahu dia tak packed

btw, binary ni aku patch je
XOR AL,23
ROR AL,5

to

ROL AL,5
XOR AL,25

aku amek memory dump as input, pastu set breakpoint kat
CMP AL,BYTE PTR DS:[ECX+11C728]

F9 all the way

masuk ollydbg; right-click > search for > all referenced string > cari string "Enter the password:"
letak breakpoint ikut kesesuaian, contoh seperti dibawah




so kita dapat algo (input xor 23 ror 5) = FA 5A 32 8A 32 E3 52 82 40 BA 5A 32 48 52 5A 12 02 42 70 42 32 D2 FA

reversekan jadi
FA 5A 32 8A 32 E3 52 82 40 BA 5A 32 48 52 5A 12 02 42 70 42 32 D2 FA
rol 5
xor 23

so dapat
7c 68 65 72 65 5f 69 73 2b 74 68 65 2a 69 68 61 63 6b 2d 6b 65 79 7c

convet hex dapat flag
flag : |here_is+the*ihack-key|

some c codes just for poc
5 najashark.net: [Writeup] iHack2016 - RE 400 RE400 macam biasa cari flag dlm binary first check packed ke tak, so guna peid kita tahu dia tak packed btw, binary ni aku patch je XOR...

No comments:

Post a Comment

Post Comment

< >