DOMECTF2020
The challenge provides a zip file, which has 3 files - assem.c, assem.s and out.txt. charasm function called in the assem.S,
.intel_syntax noprefix
.global charasm
charasm:
push ebp
mov ebp,esp
mov ax,DWORD PTR [ebp+0x8]
mov bx,DWORD PTR [ebp+0xc]
mov bx, ax
mov ax, bx
mov esp,ebp
pop ebp
ret
This function returns its first parameter.
#include <stdio.h>
#include <stdlib.h>
#define size 1000
int i;
int len;
char str[6];
int charasm(int,int);
int readFlag(char f[], char string[]);
int main(int argc, char* argv[]){
char string[size];
int a;
readFlag("flag.txt",string);
while(a<41){
if(a%2 == 1){
printf("%x", ~(string[a]));
a+=1;
}
else{
printf("%x", charasm(string[a],string[a+1]));
a+=1;}
}
}
int readFlag(char f[], char string[]){
FILE *fptr;
char c;
int i = 0;
if ((fptr=fopen(f, "r")) == NULL){
printf("Error: can not open file %s\n", f);
exit(1);
}
while ((c = fgetc(fptr)) != EOF)
string[i++] = c;
string[i] = '\0';
return i;
}
This c function takes a string input:
not operation is performed in the bytes at odd positions bytes at even position is written as same(since charsm function returns the first parameter of its input)
Out.txt contains:
“64ffffff906dffffff9a63ffffff8b66ffffff8457ffffffad35ffffff8b34ffffff9d4affffffaa49ffffffb749ffffff9564ffffff937affffffc651ffffff8b58ffffffc748ffffffb067ffffffb565ffffffb636ffffff9875ffffffb255ffffffb37d”
So, Not operation should be performed on bytes at odd positions. The resulting hexadecimal value when converted into ASCII will give the output:
domectf{WR5t4bJUIHIjdlz9QtX8HOgJeI6guMUL}
And that’s our flag!
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
