CTF Reversing challenge, beginner.

9 months ago

Latest Post Hacking an NES Classic by Colin Senner
This is part of a series of CTFs for an awesome security company.  
As these are still part of their hiring process I won't be disclosing their name.

If you'd like to try yourself before reading the CTF write-up you can download the binary here: AreYouReady.exe.

sha256: 629248a843224470ccffb26c701da4cf54cf4fa957fd81dde9200cfa0f375ad1

When running the program normally you get an “Error Code: 1” message and the program exits. Let’s take a look at the assembly and see what we can find.

After the windows loader has run it’s bits, initterm_e, initterm, etc. We’re dumped directly to where we want to be.

This function is main(argc, *argv[], *envp[]).

Right off the bat we spot a check for the existence of 1 additional argument passed via the command line to this program. (argc is always at least 1 because the first pointer of argv points to the full path of the exe).

The program then converts the argument to an integer from a string, does a check if it’s greater than 1000d and less than 2000d, displaying different message when:

An argument is passed, but is unparseable as an int or less than 1000. Take those mental shackles off, cute!

The argument is greater than 1000d but less than 2000d (and not 1337). Now you’re breaking away.

The argument is greater than 2000d. Your focus has been taken away.

I'll leave it as an exercise to the reader to find the correct value.

Colin Senner

Published 9 months ago