Rangoon
10 points Easy

This is the third in a series of introductory Reversing Challenges; Reyjkavik, Riyadh and Rangoon. These are designed for people new to Reversing. A little gdb, C and Assembler knowledge should be enough to solve this challenge. Good Luck!

Note that once you solve the challenge, you can use the flag to decrypt the source file used to create the challenge if you are interested in seeing the original C program.

The LiveOverflow channel on YouTube has some great tutorials on reversing, this video has almost everything you need to solve this challenge: https://www.youtube.com/watch?v=VroEiMOJPm8

Rangoon.zip
Flag
Rating 4.63
5
4
3
2
1

Discussion

I really enjoyed solving this one. Thanks!

0

This challenge is definitely worth more than just 10 points :/

1

I made it 10 points because it is a very simple reversing challenge. I understand that is more complex than RubberDuck which is also only worth 10 points.

0
Protected
0

Nice challenge. Hint: Probably need to combine static + dynamic RE to solve it quickly.

0

Sneaky... To anyone who is confused: maybe you should look at how buffer, to which flag is compared, changes. Is it always the same or does it depend on something? Final hint: what is ASCII character for 0x5F?

Anyway, great challenge, definitely worth more than just 10 points. Thanks for your work, will move on to your next CTF!

0

Should we compare address of 0x5F with address of string buffers?OR should we compare 0x5F with address of string buffers? Any help would be greatly appreciated

0

If you pay attention, the presence of 0x5f is checked in the flag mutiple times. From which we can infer that at those positions 0x5f should be present in the flag. Now rewrite the input flag and proceed to do dynamic analysis.

0
Protected
0

Look in the assembly for checks against the location of the '_' character. Then compare that location to the size of the available input strings. Look at how those checks affect local variables.

0

Great challenge, you really had me captivated for a night, I dreamed about what to do and solved it this morning haha

0

Glad you liked it and great job hanging in there to solve it!

0