Rio32
40 points Medium

This is a 32 bit C program reversing challenge. The challenge is designed to be solved from gdb, although disassembling in Ghidra or IDA would probably help find some key information. I provide some screen shots from Ghidra if you are not familiar with Ghidra. If you are new to Reversing, you can solve this challenge from within gdb using set $eax=value (and maybe a few other registers too). There is a function InitData() with a lot of data used to hide the flag in the exe. You do not need to step into or debug InitData(). This is also true for the function GetFlag()... you don't need to understand this function to solve the challenge.

Some versions of Ubuntu do not ship with 32 bit libraries for gcc. If you can't run the Rio32 program, instructions are included in the readme to install the package you probably need.

If you run angr on the Rio32 exe, please leave a comment indicating if angr could find the flag.

Thanks to @Rivit and @Vidar for solving versions of the challenge while it was under development, they helped make it better!

Once you solve the challenge you can use the flag to decrypt the sources and see how the challenge was created if that interests you. Instructions are provided in the readme.

Thanks and good luck!

Rio32.zip
Flag
Rating 4.59
5
4
3
2
1

Discussion

Fun challenge - doesn't work on WSL Ubuntu.

0
Protected
0
Protected
1
Protected
2

I got to "oops something went wrong", but then I don't see what to do next (as the problems says not to step into getflag), does the 'wrong flag' signify something?

edit: got it, if you get to "oops something went wrong" that means you haven't found all places that require register change

1

I spend most of my time configuring the file execution environment because I can't find a proper solution in wsl Ubuntu 18.04 to excute Rio32. Finally, I excute Rio32 in VM Ubuntu 18.04. Maybe there is something differet in wsl.<br /> I solved this with IDA and gdb. Set a few proper breakpoints in gdb and change some register values referring to IDA's disassembly. This could be easily solved.

0
Protected
0

Another cool challenge. Thank you.

0

You're welcome Mike.

0
Protected
0

Why don't you try Binary Ninja: https://binary.ninja/ Ghidra may just not do a good job here.

1