This is a beginner / intermediate reversing challenge that is written in Assembly language. It is aimed at people that know a little assembly and are interested in learning more about Reverse Engineering.
The flag is encoded using xor, add, sub, mul and div operations. The flag kernel is of the form a_b_c_d_e where each letter corresponds to a short word. Each word is based on a single math operation.
There is a function GetTData used to retrieve constants used to hide the flag via math operations. There is no need to step into GetTData... when the function returns the constant is in the rax register.
I have included labels _Step1, _Step2 etc in the assembly that loosely correspond to each of the a/b/c/d/e words in the flag kernel. This allows for easy setting of breakpoints. There are no debugger detection checks in this challenge.
The function GetTData will be tedious to step through or analyze using IDA / Ghidra... I expect most people will use gdb / pwndbg to solve this challenge.
After you solve the challenge you can decrypt the sources.zip.enc file to see the .asm and .py files used to create the challenge. Details are in the readme file.
Good Luck!
Discussion
Congrats on hanging in there and solving it.
That is very interesting because obviously it's not doing that for me. Two others have solved it and are not having the segfault either. I'm open to suggestions on how to fix the problem.
Hey @lchild, are you on discord?
Can you send me a DM on discord to discuss further? Also, are you on a mac / Apple computer? and by +x do you mean on the Rotterdam executable or something else? Thanks for the fast reply.
Thanks... are you on a mac?
I see, does this happen often on wsl? I did not test this program on wsl, only on Ubuntu linux install.
Will be fixing this comment rendering issue... Sorry about that
I think I have found and fixed the problem. A new .zip file was just uploaded, can you try the new exe and let us know if this fixed the problem? Thanks.
Great, thanks for testing the new version, I really appreciate it.
CTFlearn{Rotterda_P0rt_Rh1ne_????????????????????????????????} oh no fake flag :((
Congrats on hanging in there and solving it.
That is very interesting because obviously it's not doing that for me. Two others have solved it and are not having the segfault either. I'm open to suggestions on how to fix the problem.
Hey @lchild, are you on discord?
Can you send me a DM on discord to discuss further? Also, are you on a mac / Apple computer? and by +x do you mean on the Rotterdam executable or something else? Thanks for the fast reply.
Thanks... are you on a mac?
I see, does this happen often on wsl? I did not test this program on wsl, only on Ubuntu linux install.
Will be fixing this comment rendering issue... Sorry about that
I think I have found and fixed the problem. A new .zip file was just uploaded, can you try the new exe and let us know if this fixed the problem? Thanks.
Great, thanks for testing the new version, I really appreciate it.
3 weeks ago
CTFlearn{Rotterda_P0rt_Rh1ne_????????????????????????????????} oh no fake flag :((