{"id":828,"date":"2023-09-22T18:40:29","date_gmt":"2023-09-22T09:40:29","guid":{"rendered":"https:\/\/h4ck.kr\/?p=828"},"modified":"2024-05-22T16:49:29","modified_gmt":"2024-05-22T07:49:29","slug":"easy_elf","status":"publish","type":"post","link":"https:\/\/h4ck.kr\/?p=828","title":{"rendered":"Easy_ELF"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">File<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"raw\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ubuntu@29c7cfc91700:~\/CTF\/reversing.kr$ file Easy_ELF\nEasy_ELF: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter \/lib\/ld-linux.so.2, for GNU\/Linux 2.6.15, BuildID[sha1]=8edb9e400a3882319cd4582f89dd2373b7e1745c, stripped<\/pre>\n<\/div>\n<\/div>\n\n\n\n<p>32\ube44\ud2b8 \ub9ac\ub205\uc2a4\uc6a9 \uc2e4\ud589\ud30c\uc77c \ud558\ub098.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Decompile<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">main<\/h3>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"c\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">int __cdecl main()\n{\n  write(1, \"Reversing.Kr Easy ELF\\n\\n\", 0x17u);\n  sub_8048434();  \/\/__isoc99_scanf(&amp;unk_8048650, &amp;byte_804A020);\n  if ( sub_8048451() )\n    sub_80484F7();  \/\/write(1, \"Correct!\\n\", 9u);\n  else\n    write(1, \"Wrong\\n\", 6u);\n  return 0;\n}<\/pre>\n<\/div>\n<\/div>\n\n\n\n<p>sub_8048451() \ud568\uc218\uc5d0\uc11c true\ub97c \ubc18\ud658\uc2dc\ucf1c\uc57c \ub41c\ub2e4.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">sub_8048451<\/h3>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"c\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">_BOOL4 sub_8048451()\n{\n  if ( byte_804A021 != '1' )\n    return 0;\n  byte_804A020 ^= 0x34u;\n  byte_804A022 ^= 0x32u;\n  byte_804A023 ^= 0x88u;\n  if ( byte_804A024 != 'X' )\n    return 0;\n  if ( byte_804A025 )\n    return 0;\n  if ( byte_804A022 != 124 )\n    return 0;\n  if ( byte_804A020 == 120 )\n    return byte_804A023 == 0xDDu;\n  return 0;\n}<\/pre>\n<\/div><\/div>\n<\/div>\n<\/div>\n\n\n\n<p>\uc77c\ubd80 \ubb38\uc790\ub294 XOR \uc5f0\uc0b0\ud558\uace0 \uac01\uac01\uc758 \ubb38\uc790\ub97c \ud655\uc778\ud55c\ub2e4. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Solution<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"266\" src=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2023\/09\/solved-1-1024x266.png\" alt=\"\" class=\"wp-image-831\" srcset=\"https:\/\/h4ck.kr\/wp-content\/uploads\/2023\/09\/solved-1-1024x266.png 1024w, https:\/\/h4ck.kr\/wp-content\/uploads\/2023\/09\/solved-1-300x78.png 300w, https:\/\/h4ck.kr\/wp-content\/uploads\/2023\/09\/solved-1-768x200.png 768w, https:\/\/h4ck.kr\/wp-content\/uploads\/2023\/09\/solved-1-1536x399.png 1536w, https:\/\/h4ck.kr\/wp-content\/uploads\/2023\/09\/solved-1-2048x532.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>\uc790\uc138\ud55c \uc124\uba85\uc740 \uc0dd\ub7b5\ud55c\ub2e4..<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:100%\">\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"raw\" data-enlighter-theme=\"dracula\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ubuntu@29c7cfc91700:~\/CTF\/reversing.kr$ .\/Easy_ELF \nReversing.Kr Easy ELF\n\nL1NUX\nCorrect!<\/pre>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>File 32\ube44\ud2b8 \ub9ac\ub205\uc2a4\uc6a9 \uc2e4\ud589\ud30c\uc77c \ud558\ub098. Decompile main sub_8048451() \ud568\uc218\uc5d0\uc11c true\ub97c \ubc18\ud658\uc2dc\ucf1c\uc57c \ub41c\ub2e4. sub_8048451 \uc77c\ubd80 \ubb38\uc790\ub294 XOR \uc5f0\uc0b0\ud558\uace0 \uac01\uac01\uc758 \ubb38\uc790\ub97c \ud655\uc778\ud55c\ub2e4. Solution \uc790\uc138\ud55c \uc124\uba85\uc740 \uc0dd\ub7b5\ud55c\ub2e4..<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[16],"tags":[24],"class_list":["post-828","post","type-post","status-publish","format-standard","hentry","category-reversing-kr","tag-reversing"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/828","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=828"}],"version-history":[{"count":4,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/828\/revisions"}],"predecessor-version":[{"id":834,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/828\/revisions\/834"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=828"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=828"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=828"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}