mix-compare

Description

이 문제는 사용자에게 문자열 입력을 받아 입력값을 검증하고 플래그를 출력하는 프로그램이 주어집니다.
해당 바이너리를 분석하여 플래그를 찾으세요!

플래그 형식은 DH{…} 입니다.

Files

chall: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=8f6e0c1b173c41785a0221d32ab8dc81a63e1f13, for GNU/Linux 3.2.0, not stripped

64비트 리눅스용 실행 파일

Solution

result = [0x39, 0xFFFFFF9B, 0x2C, 0xC6, 0x59, 0x58, 0x39, 0xAB,\
          0xFFFFFFCE, 0xC6, 0x18c, 0x190, 0xFFFFFFDA, 0x73, 0x52, 0x66]
result_2 = [0xFFFFFFAB, 0xFFFFFFAF, 0xFFFFFFD9, 0xFFFFFFAD, 0xFFFFFFAE, 0xFFFFFFB0, 0xFFFFFFB2, 0xFFFFFFE0,\
            0xFFFFFFE2, 0xFFFFFFE1]   
result_3 = [0x4F, 0x53, 0x4C, 0x53, 0x4F, 0x57, 0x83, 0x54, 0x59, 0x87]
result_4 = [0xC, 0x13, 0x3E, 0x3B, 0x3E, 0x39, 0x3A, 0x38, 0xD, 0x34]
result_5 = [0x958, 0x92e, 0xa20, 0x12f3, 0xaf0, 0x1452, 0xb94, 0x14b4, 0xa56, 0xb9a]
result_6 = [0x63, 0x5f, 0x8f, 0x59, 0x8c, 0x89, 0x8c, 0x55, 0x24]

flag = []

def solve_check():
    flag.append(result[0] - 9)
    flag.append((result[1] - 0xffffffff) * -1)
    flag.append(result[2] + 4)
    flag.append(int(result[3]/2))
    flag.append(result[4] - 34)
    flag.append(result[5] - 40)
    flag.append(result[6] + 40)
    flag.append(int(result[7]/3))
    flag.append((result[8] - 0xffffffff) * -1)
    flag.append(int(result[9]/2))
    flag.append(int(result[10]/4))
    flag.append(int(result[11]/4))
    flag.append(19 - result[12] + 0xffffffff + 1)
    flag.append(result[13]-17)
    flag.append(result[14]-30)
    flag.append(result[15])

def solve_check_not():
    for i in range(len(result_2)):
       j = i + 16
       flag.append((result_2[i] - j - 0xffffffff) * -1) 

def solve_check_add():
    for i in range(len(result_3)):
        j = i + 26
        flag.append(result_3[i] - j) 

def solve_check_dec():
    for i in range(len(result_4)):
        j = i + 36
        flag.append(result_4[i] + j) 

def solve_check_mul():
    for i in range(len(result_5)):
        j = i + 46
        flag.append(int(result_5[i] / j)) 

def solve_check_la():
    for i in range(len(result_6)):
        j = i + 56
        flag.append((result_6[i] + j - 100) ) 

solve_check()
solve_check_not()
solve_check_add()
solve_check_dec()
solve_check_mul()
solve_check_la()

for i in range(len(flag)):
    print(chr(flag[i]), end='')
print("")

아주 쉽게 역산을 통해 플래그를 구할 수 있었다.

Flag

ubuntu@29c7cfc91700:~/CTF/dreamhack.io/mix-compare$ ./chall
Input: 
0d0c70a91ccd9b4fda8eedc657580618c37d08dbfbdc9a426c8f9d1674e0dbf0
Nice!
Flag is DH{0d0c70a91ccd9b4fda8eedc657580618c37d08dbfbdc9a426c8f9d1674e0dbf0}

DH{0d0c70a91ccd9b4fda8eedc657580618c37d08dbfbdc9a426c8f9d1674e0dbf0}

Description

Files

Solution

Flag

답글 남기기 응답 취소