Chal8 – Easy ELF Challenge

Posted: January 27, 2016 in Chal8. Easy ELF Challenge
Tags:

Load target to IDA and analyze, we’ll find the function that check the Input Serial. With the help of HexRays, we get the following pseudo code:

int check_Input()
{
  int result; // eax@2

  if ( szInput[1] == '1' )
  {
    szInput[0] ^= 0x34u;
    szInput[2] ^= 0x32u;
    szInput[3] ^= 0x88u;
    if ( szInput[4] == 'X' )
    {
      if ( szInput[5] )
      {
        result = 0;
      }
      else if ( szInput[2] == 0x7C )
      {
        if ( szInput[0] == 0x78 )
          result = szInput[3] == 0xDDu;
        else
          result = 0;
      }
      else
      {
        result = 0;
      }
    }
    else
    {
      result = 0;
    }
  }
  else
  {
    result = 0;
  }
  return result;
}

With the code above, we can identify the Input serial as follows:

szInput[0] ^= 0x34u == 0x78 --> szInput[0] = 0x78 ^ 0x34 = 0x4C = L
szInput[1] == '1' --> szInput[1] = 1
szInput[2] ^= 0x32u == 0x7C --> szInput[2] = 0x7C ^ 0x32 = 0x4E = N
szInput[3] = ^= 0x88u == 0xDDu --> szInput[3] = 0xDD ^ 0x88 = 0x55 = U
szInput[4] == 'X' --> szInput[4] = X

Finally, we have the key is: L1NUX

End.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s