Contact CTF writeups Notes

[PicoCTF 2018] - misc - Learn GDB

This is one of my writeups for PicoCTF 2018


Using a debugging tool will be extremely useful on your missions. Can you run this program in gdb and find the flag? You can find the file in /problems/learn-gdb_3_f1f262d9d48b9ff39efc3bc092ea9d7b on the shell server.

Hints :

1.Try setting breakpoints in gdb 2. Try and find a point in the program after the flag has been read into memory to break on 3. Where is the flag being written in memory?


Being terrible at assembly and reversing, I stumbled through this but still got the flag. First, I downloaded the provided binary and loaded it in Binary Ninja. Looking at the graph, I could see that the "decrypted" flag is stored is a flag_buf variable at 0x6013e8 and that the decrypt_flag function returns at 0x4008c8.

With that information, we can fire up dbg :

gdb run

Then set up a break point at 0x4008c8 and execute until we reach the breakpoint :

break *0x4008c8

Once the breakpoint is reached, we read the string stored at 0x6013e8 :

x/s *0x6013e8

And that gives us the flag : picoCTF{gDb_iS_sUp3r_u53fuL_efaa2b29}