Rev100 ECTF

This is my first post on solving a reversing challenge. I am very surprised that I got the flag yesterday because I never solved any problem on time other than trivia in any CTF. So I am a bit proud of my first flag in reversing.

You are given a binary file. It was a PE file. Open it in IDA pro and you will find some functions that don’t seem very interesting.

Run the binary. And you will find the program exiting without showing anything. analyzing the program leads you to a function call that has got a call to  exit command. 

Using immunity debugger, I edited the instruction to NOP. Further analyzing shows that there is a statement that

“This is not what I am.. Come and find me inside.”

I didn’t find any printf statements in any of the functions inside for printing the flag. So I figured out that I must obtain the flag by going into the function and observing the register values.

You can figure out a function that the program goes through after a jump statement. I went inside the function and analyzed step by step and looked at the registers.

Suddenly I found in one of the registers, a different value :

Damn3a5Y

which is nothing other than the FLAG!!

Advertisements

4 thoughts on “Rev100 ECTF

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s