This page has been machine-translated from the original page.
I took part in Harekaze mini CTF 2021, which was held on 12/24.
I participated as 0neP@adding and finished in 29th place.
I still could not solve the harder Reversing challenges, so I clearly have more work to do.
Crackme(Rev)
Looking at the decompiled output, you can see that it performs a calculation on each input character one by one, and the characters whose result becomes greater than 0 are the characters of the flag.
It looked possible to reverse it and work backward as well, but since it seemed like a brute-force attack would identify the flag within a few minutes, I used the following script to automate GDB analysis and recover the flag.
import gdb
BINDIR = "~/Downloads"
BIN = "crackme"
INPUT = "./in.txt"
BREAK = "0x55555555523f"
gdb.execute('file {}/{}'.format(BINDIR, BIN))
gdb.execute('b *{}'.format(BREAK))
Flag = list("HarekazeCTF{quadrat1c_3quati0n}")
counter = len(Flag)
Flag += ["." for i in range(0x1f-len(Flag))]
table = "_ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!#$=}{"
print("".join(Flag))
while True:
print("===============================================")
for t in table:
Flag[counter] = t
gdb.execute('run {}'.format("".join(Flag)))
if counter > 0:
for i in range(counter):
print("next")
gdb.execute('c')
r = gdb.parse_and_eval("$al")
print(r)
if r != 0x0:
counter += 1
# print("".join(Flag))
break
print("".join(Flag))
gdb.execute('quit')
print("".join(Flag))Summary
It was the last CTF of the year, but next year I want to study more so that I can solve harder challenges as well.