Rio32
40 points Medium

This is a 32 bit C program reversing challenge. The challenge is designed to be solved from gdb, although disassembling in Ghidra or IDA would probably help find some key information. I provide some screen shots from Ghidra if you are not familiar with Ghidra. If you are new to Reversing, you can solve this challenge from within gdb using set $eax=value (and maybe a few other registers too). There is a function InitData() with a lot of data used to hide the flag in the exe. You do not need to step into or debug InitData(). This is also true for the function GetFlag()... you don't need to understand this function to solve the challenge.

Some versions of Ubuntu do not ship with 32 bit libraries for gcc. If you can't run the Rio32 program, instructions are included in the readme to install the package you probably need.

If you run angr on the Rio32 exe, please leave a comment indicating if angr could find the flag.

Thanks to @Rivit and @Vidar for solving versions of the challenge while it was under development, they helped make it better!

Once you solve the challenge you can use the flag to decrypt the sources and see how the challenge was created if that interests you. Instructions are provided in the readme.

Thanks and good luck!

Rio32.zip
Flag
Rating 4.75
5
4
3
2
1

Discussion

Protected
0

Why don't you try Binary Ninja: https://binary.ninja/ Ghidra may just not do a good job here.

1
Protected
0
Protected
0

nice challenge

0

The flag look a little weird compared to the other flags I've seen on this site. When you see something it doesn't hurt to just try submitting first even when it has other characters.

0

Someone else commented on that also... I just felt the flag might be easy to guess so I made it different from my other flags.

0
Protected
0
Protected
0

Nice challenge! Reasonably easy to reverse what is needed, I feel like trying to solve InitDate() and GetFlag() could be a challenge on its own.

0

It was meant as an easy reversing challenge, and I put a lot of work into InitData and GetFlag so that the flag cannot be found with strings or just by xor'ing some bytes. Certainly reversing those two functions would be more challenging.

0