Skip to content

Instantly share code, notes, and snippets.

View davleop's full-sized avatar
📍
arrived

David Penn davleop

📍
arrived
View GitHub Profile
@davleop
davleop / tbtlctf2024_flagcheck-writeup.md
Created May 13, 2024 00:09
Write-up of TBTL CTF 2024 - RE: Flagcheck (100)

Here we are given a file chall which is a Linux executable; so we can throw it into Ghidra and checkout what it's doing.

image

Here in the main function, we see that the program expects a user input of length 63 and calculates some number to set as the random seed. Next we have this more interesting section where we are validating against a data field, target. The critical piece of code here is: ((int)cVar1 ^ iVar2 % 0x100) != *(uint *)(target + (long)local_6c * 4).

Here, we see cVar1 is a character of our user input and iVar2 is a random integer, denoted by rand(). We know that modulus (%) and exclusive or (^) are commutative, so we can use the given data in target to determine the random numbers, but first we need to extract out our data from Ghidra. I chose the simple approach of copy-pasting into my text editor and making it an integer arra