4.12.16

[Writeup] KPMG 2016 - re1 Poland

Here is some explaination on re1_4830bb9eb4ec526e999df30852e3cb9f.exe on KPMG Security Challenge 2016.
Basically re1 and re2 use very similar algorithm which
- get 32character
- compared part by part (8 character each)
- checker on full flag on last part

I will not explain in details because it is not a complex algorithm


here you can see it comparing ECX with 0x20, it means that it want 32character to proceed

 so we insert 32 character to the prompt and press ENTER then observe it in debugger.

when you reach until here you can see on register
ECX->password
EAX->our input

so you get a part of the password, step until you find all 4 part of the password.


here you can get your full flag if all the 4 part checker is valid.

Test it to confirm your flag.

7h15 15 4n 345y 0n3!
Please enter the Flag:
42*am1*G50L[=H33~g=%a11Bq27KOO2a
Congratulations! It is correct... The flag is KPMG{42*am1*G50L[=H33~g=%a11Bq27KOO2a}


Thats all
5 najashark.net: [Writeup] KPMG 2016 - re1 Poland Here is some explaination on re1_4830bb9eb4ec526e999df30852e3cb9f.exe on KPMG Security Challenge 2016. Basically re1 and re2 use very simil...

No comments:

Post a Comment

Post Comment

< >