REbase
Binary RE, 400 points
You receive an ELF binary which you must unlock with a key. Find the key and it will contain your flag.
So I read writeups about solving the challenge the "correct" way and I wanted to share my own solution which does not require any reverse engineering.
╭─[email protected] ~/stemctf
╰─$ ./rebase
Usage: ./REbase flag
╭─[email protected] ~/stemctf
╰─$ ./rebase zzzzzz
6
tfh5tfh5
ZXFWtmKgDZCyrmC5B+CiVfsyXUCQVfsyZRFzDU4yX2YCD/F5Ih8=
Try Again :(
╭─[email protected] ~/stemctf
╰─$ ./rebase MCA{test}
9
ZXFWt2Kse2K8
ZXFWtmKgDZCyrmC5B+CiVfsyXUCQVfsyZRFzDU4yX2YCD/F5Ih8=
Try Again :(
So the binary asks for a flag in argument, and outputs
- the length of the flag we provided
- some kind of encrypted version of the flag we provided
- something that is probably the encrypted version of the actual flag.
We can also notice starting our input with
MCA{
makes the first characters of the two ciphers match up. Also, it looks like base64 butWith some groping around, we can find the password without actually reverse engineering the binary. It is just a bit long to do it manually (but still totally doable). I wrote a script to automatize the process (rebase.py).
I am not entirely sure about my script because the farthest it goes only yields this portion of the flag:
MCA{[email protected]_L3m0n_SqU33z
. We can easily deduce the true flag from there, though.╭─[email protected] ~/stemctf
╰─$ ./rebase MCA{[email protected]_L3m0n_SqU33zy}
38
ZXFWtmKgDZCyrmC5B+CiVfsyXUCQVfsyZRFzDU4yX2YCD/F5Ih8=
ZXFWtmKgDZCyrmC5B+CiVfsyXUCQVfsyZRFzDU4yX2YCD/F5Ih8=
Congratulations!
Enjoy!
Last modified 4yr ago