For this challenge we were give a PE32 executable. Its a dice game, we have to throw some correct sequence of numbers to get the flag.
[*] We have to throw the sequence 3 - 1 - 3 - 3 - 7 to get flag
[*] Binary randomly generates numbers between 1 to 6 and does the comparison
We simply patched the essential JNZ instructions to JZ instruction, such that binary will stop execution only when right numbers are thrown. Here is the IDA dif file we used for patching
[ctf@renorobert EBCTF]$ file ebCTF-Teaser-BIN100-Dice.exe ebCTF-Teaser-BIN100-Dice.exe: PE32 executable for MS Windows (console) Intel 80386 32-bit [ctf@renorobert EBCTF]$ wine ebCTF-Teaser-BIN100-Dice.exe [*] ebCTF 2013 Teaser - BIN100 - Dice Game To get the flag you will need to throw the correct numbers. [*] You will first need to throw a three, press enter to throw a dice! ------- | O O | | | | O O | ------- [*] You rolled a 4 That is not a three :/ [*] Game over!Analysing the binary with IDA, we noticed the following
[*] We have to throw the sequence 3 - 1 - 3 - 3 - 7 to get flag
[*] Binary randomly generates numbers between 1 to 6 and does the comparison
We simply patched the essential JNZ instructions to JZ instruction, such that binary will stop execution only when right numbers are thrown. Here is the IDA dif file we used for patching
ebCTF-Teaser-BIN100-Dice.exe 00000D2B: 75 74 00000F92: 75 74 00001069: 75 74 000013A5: 75 74 0000163D: 75 74 000016D6: 85 84 00001A29: 75 74 00001A50: 85 84Now execute the binary, we got the flag in the first run
[*] You rolled a seven, with a six sided dice! How awesome are you?! [*] You rolled 3-1-3-3-7, what does that make you? ELEET! \o/ [*] Nice job, here is the flag: ebCTF{64ec47ece868ba34a425d90044cd2dec}Flag for the challenge is ebCTF{64ec47ece868ba34a425d90044cd2dec}
No comments :
Post a Comment