Description: Find the flag!
First thing to do : download and run the file provided during the challenge.
When we input something (in this case the word “flag”), the program outputs “Try again”.
Ok, so user’s input is compared to the flag during the process and the program indicates either the input corresponds to the flag or not.
So, let’s use radare2 to see what’s going on.
As we can see, there are some char comparisons of the user input.
A little bit of explanations : - 0x40117A is the address of the first element of user input (a char tab) - esi register is set on address 0x40117a (user input) - al is affected with the value at the address currently pointed by esi - al is compared to an hex value (cmp ASM instruction) - jnz is a conditional jump to an adress (if the previous char comparison fails, jump to 0x40013d) - esi is incremented -> it points to next address (inc ASM instruction) - al is re affected with current value pointed by esi, then compared with another hex value - this goes on until all comparisons are done
We can deduce that the flag is composed of all hex values our input is compared with . So Let’s gather them all :
- 47 48 31 36 7b 72 33 76 33 72 73 31 6e 67 5f 31 73 5f 63 30 30 6c 21 7d
Seems like the flag in ascii values ! Let’s use any hex to ascii online conversion tool 🙂