CTFHub

Writeup

Vietnam

发表于 分类于
Challenge | 2020 | CSICTF | Reverse | Vietnam

点击此处获得更好的阅读体验

WriteUp来源

https://dunsp4rce.github.io/csictf-2020/reversing/2020/07/22/Vietnam.html

by AnandSaminathan

题目描述

The Viet Cong in transmitting a secret message. They built a password checker so that only a selected few can view the secret message. We've recovered the binary, we need you to find out what they're trying to say.

题目考点

解题思路

On decompiling using Ghidra:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
undefined8 main(void)
{
  undefined *puVar1;
  int iVar2;
  int local_18;
  int local_14;
  char *local_10;
  
  local_10 = (char *)malloc(0x400);
  fgets(local_10,0x400,stdin);
  setbuf(stdout,(char *)0x0);
  while (puVar1 = sa, *local_10 != '\0') {
    switch(*local_10) {
    case '!':
      tmp = sa;
      sa = sb;
      sb = sc;
      sc = puVar1;
      break;
    case '$':
      sa = sa + 1;
      *sa = 1;
      break;
    case '+':
      sa[-1] = *sa + sa[-1];
      sa = sa + -1;
      break;
    case ',':
      iVar2 = getchar();
      *sa = (char)iVar2;
      break;
    case '-':
      sa[-1] = sa[-1] - *sa;
      sa = sa + -1;
      break;
    case '.':
      puVar1 = str + 1;
      *str = *sa;
      str = puVar1;
      break;
    case '[':
      if (*sa == '\0') {
        local_14 = 1;
        while (local_14 != 0) {
          local_10 = local_10 + 1;
          if (*local_10 == '[') {
            local_14 = local_14 + 1;
          }
          else {
            if (*local_10 == ']') {
              local_14 = local_14 + -1;
            }
          }
        }
      }
      break;
    case ']':
      if (*sa != '\0') {
        local_18 = 1;
        while (local_18 != 0) {
          local_10 = local_10 + -1;
          if (*local_10 == '[') {
            local_18 = local_18 + -1;
          }
          else {
            if (*local_10 == ']') {
              local_18 = local_18 + 1;
            }
          }
        }
      }
    }
    local_10 = local_10 + 1;
  }
  str = STR;
  iVar2 = strcmp(STR,"HELLO\n");
  if (iVar2 == 0) {
    puts(str);
    system("cat flag.txt");
  }
  else {
    puts("Failed.");
  }
  return 0;
}

Although there are a lot of cases, , and . looks interesting. , takes a single character input (ivar2) and . appends ivar2 to the string STR. After all this, if STR is "HELLO", the flag will be printed. So the flag can be obtained using the following input:

1
2
,.,.,.,.,.,.
HELLO

Flag

1
csictf{l00k_4t_th3_t0w3rs_0f_h4n01}