CSAW 2012 – Reversing 100

Dutch CTF "team pong" write-ups and other stuff

CSAW 2012 – Reversing 100

b86cf945ba845c4c9932b4021f7ce55a  csaw2012reversing.exe

Running the executable displays a messagebox with an encrypted key.
Opening the excutable in IDA/Hex-Rays:

  key[0] = 0x88u;
  key[1] = 0x9Au;
  key[2] = 0x93u;
  key[3] = 0x9Cu;
  key[4] = 0x90u;
  key[5] = 0x92u;
  key[6] = 0x9Au;
  key[7] = 0xA0u;
  key[8] = 0x8Bu;
  key[9] = 0x90u;
  key[10] = 0xA0u;
  key[11] = 0x9Cu;
  key[12] = 0x8Cu;
  key[13] = 0x9Eu;
  key[14] = 0x88u;
  key[15] = 0xDEu;
  key[16] = 0;

There is also a decrypt function (the executable has its symbols not stripped).

unsigned int __cdecl decrypt(char *string)
{
  unsigned int size; // [sp+0h] [bp-4h]@1

  size = 0;
  while ( *string )
  {
    *string = ~*string;
    ++string;
    ++size;
  }
  return size;
}

So, the key is bitflipped: welcome_to_csaw!

Written by teampong

October 24, 2012 at 5:36 am

Posted in Uncategorized

team pong

CSAW 2012 – Reversing 100

Leave a comment Cancel reply

Search

Recent Posts

Tags

Archive

Links

team pong

CSAW 2012 – Reversing 100

Share this:

Related

Leave a comment Cancel reply

Search

Recent Posts

Tags

Archive

Links