As a Security Enthusiast who’s interested in reverse engineering, this is definitely a great chance for me to Learn, practice and sharpen my reversing skills, Thanks to FireEye! This was my first year participating in flare-on CTF's that has 12 challenges. I hope to complete them and learn lots of new techniques. So, lets get started.
Challenge 1 - Memecat Battlestation
Tools Used:
dnSpy
CFF Explorer
We were given a .NET binary program, which is a simple cat shooting game – you enter the weapon code and press the fire button. If the weapon code is correct, the cat will fire the weapon. There are two stages, each stage has a different weapon code. The Main() function checks for two weapon codes, if enter the two weapon codes correctly, it will show you the flag.
The executable is a .NET binary which can be disassembled (or decompiled) using dnSpy. For Stage1, check function FireButton_Click of Stage1Form. Looking at the binary you will see a input being compared against the string value “RAINBOW” (plain text). This is the first weapon code.
Next, we analyze isValidWeaponCode function of Stage2Form.
The function uses a for loop to XOR each byte of the string with the value ‘A’. It then compares this value with an array of 12 characters. When decoded with a simple XOR decryption, this will give the weapon code "Bagel_Cannon". Enter the code and you'll get a VICTORY message with the flag.
"from pwn import xor
print xor('\x03 &$-\x1e\x02 //./', 'A')"
FLAG : Kitteh_save_galixy@flare-on.com
Comments
Post a Comment