Write-up – lehack 2019 – Reverse 50 – Gladiator

This chall started with the downloading of an executable file named gladiator. We first tried to execute the program : it was a simple cli rpg game where you choose between a berserk or a guardian and fight a bot.


After a few rounds, we agreed that we can’t defeat the bot fairly. Let’s go patch the binary to enhance the attack caracterstic of our character’s class. To achieve this goal, we used IDA Pro. First, we used one of its coolest features : c code generation from a binary file. We focused on searching the default integers represnting the character attack, life points etc.


On the above code, we can see that a c struct is populated with all the caracteristics of the beserker class. Let’s go back to IDA at 0x0000000000008DED to patch the bytes!


On this asm code, we changed life points and attack to 255 to beat the bot in just one attack. Let’s patch the binary and win this game!


So…. we won the game but no flag?.. At this point we went back to the c code and found an interesting function that seemed to generate the flag. There was an if statement that checked that before game ending, the player life is set to the integer value 42


Let’s go back to IDA and patch the player life! After that, we launched the game, attacked and… FLAG!

The Flag : LH{lUj?]T_VAR94$+N

Thank you to Wiserix that worked with me on this one!

4 thoughts on “Write-up – lehack 2019 – Reverse 50 – Gladiator

  1. nlegall Reply


    I tried to reproduce the path to patch the binary, but I can’t figure out how you did it. I don’t see any difference in the assembly in the file and your screenshot. Can you provide me some more explanations for the way to how you modify the code with IDA ?

    Thanks in advance 🙂

  2. nlegall Reply

    Yeah, thanks for the help. Just stupid and too old memories with IDA to remember. I did it. Thanks again and maybe see you next year 🙂

  3. Pingback: LeHack19 ! – KZSLAB : Kaizen Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.