CSAW 2012 – Reversing 100
b86cf945ba845c4c9932b4021f7ce55a csaw2012reversing.exe
Running the executable displays a messagebox with an encrypted key.
Opening the excutable in IDA/Hex-Rays:
key[0] = 0x88u; key[1] = 0x9Au; key[2] = 0x93u; key[3] = 0x9Cu; key[4] = 0x90u; key[5] = 0x92u; key[6] = 0x9Au; key[7] = 0xA0u; key[8] = 0x8Bu; key[9] = 0x90u; key[10] = 0xA0u; key[11] = 0x9Cu; key[12] = 0x8Cu; key[13] = 0x9Eu; key[14] = 0x88u; key[15] = 0xDEu; key[16] = 0;
There is also a decrypt function (the executable has its symbols not stripped).
unsigned int __cdecl decrypt(char *string) { unsigned int size; // [sp+0h] [bp-4h]@1 size = 0; while ( *string ) { *string = ~*string; ++string; ++size; } return size; }
So, the key is bitflipped: welcome_to_csaw!
Leave a comment