
Welcome to the CTFlearn.com Reversing Challenge "Rotterdam" by kcbowhunter

This challenge is written in Assembly language and is written for people new to reversing and assembly.
The challenge focuses on working with registers, and with xor, add, sub, mul, div as the main
instructions needed to reverse engineer the flag.

There is also some shifting and the use of the and instruction to isolate some of the bytes in registers
for some math operations.

If you have some assembly language programming and reversing experience you can probably finish this challenge in 2 to 4 hours.
The flag kernel is of the format:
a_b_c_d_e

So there are 5 words in the flag kernel, separated by '_'.  Finding each word is a separate step in solving the challenge.
I added labels in the code Step1, Step2 etc that loosely correspond to finding each word a, b, c, d, e in the
flag kernel.

This challenge does not include any debugger detection timing checks to allow people new to gdb to linger
in the debugger and examine the registers without having to worry about getting kicked out of the
debugger.

There are 1024 constants in this challenge, and I created a function GetTData to load a constant into the rax
register.  I designed the GetTData function to make it tedious to reverse engineer in IDA / Ghidra / Binary Ninja.
You can try and solve this challenge using only one of those disassembly tools, but I think that will require more
work than just solving it in gdb where you can look at the register values.  Look at the rax register after the
GetTData function to see the value of the constant being used as part of the mechanism to hide the flag.

This challenge has some obfuscation features that are loosely based on some of the ideas found here:
https://binary.ninja/2020/07/14/solving-an-obfuscated-crackme-with-binaryninja-and-triton.html
I'm planning on using more of these techniques in a future challenge.

-------------------------------------------------------------
NASM Information:
Good description of .data, .bss and little and big endian
http://courses.ics.hawaii.edu/ReviewICS312/morea/X86NASM/ics312_nasm_data_bss.pdf

Intel x86 Assembly Reference:
https://www.felixcloutier.com/x86/

rdtsc reference:
https://en.wikipedia.org/wiki/Time_Stamp_Counter

-------------------------------------------------------------

Please do not post solutions to this challenge to any website, blog, github etc

-------------------------------------------------------------

After you solve this challenge you can use openssl to decrypt the sources files used to create the challenge
if this is interesting to you.

openssl enc -d -pbkdf2 -aes-256-cbc -in sources.zip.enc -out sources.zip -k kernel

where kernel is the flag kernel defined as CTFlearn{kernel}

You need to solve the challenge first to find the actual kernel and then you can use that to decrypt the sources.

You can use
>openssl enc -help

to get more information on encrypting and decrypting using openssl.

https://wiki.openssl.org/index.php/Enc is a good reference for openssl.

If you are on a mac you may need to install openssl, some users have reported problems with the forked version used
on the mac.

Good Luck!

-------------------------------------------------------------

I am available to answer specific questions about this challenge on Twitter and Discord as @kcbowhunter,
but you must study Assembly Language programming and Reversing on your own.  Good Luck!