Below you'll find few notes about one simple RE challenge I found on Hack The Box. Here we go...
This time we'll start here:
To solve this challenge we need to find the HTB{...} flag. I decided to open it in Ghidra and findout more about the code and logic. I started from the strings part to check if there are some interesting hints I can follow:
Double-click on selected string and I landed here:
Again double-click on the XREF and I landed in the ASM code for the main() function:
Trying to understand what is the logic and flow in the code I saw that there is a UD2 mnemonic:
I decided to read more about the purpose of it here:
Now when I clicked on the UD2 instruction in Ghidra - in the right window I saw a new decompiled code contains strlen() function:
I was wondering what is the comparing-part purpose here and that's how I clicked on the next UD2 instruction:
Then I realised that when CMP is invalid - UD2 is used. ;) So following the next and another UD2 we should see the full flag:
To not spoil it too much - I will leave the rest of the flag to find for you. ;)
Probably it wasn't the only one way to solve this challenge but it was nice to read more about mnemonics at all.
See you next time!
Brak komentarzy:
Prześlij komentarz