Contact CTF writeups Notes

[PicoCTF 2018] - misc - Learn GDB

This is one of my writeups for PicoCTF 2018

Problem

Using a debugging tool will be extremely useful on your missions. Can you run this program in gdb and find the flag? You can find the file in /problems/learn-gdb_3_f1f262d9d48b9ff39efc3bc092ea9d7b on the shell server.

Hints :

1.Try setting breakpoints in gdb 2. Try and find a point in the program after the flag has been read into memory to break on 3. Where is the flag being written in memory?

Solution

Being terrible at assembly and reversing, I stumbled through this but still got the flag. First, I downloaded the provided binary and loaded it in Binary Ninja. Looking at the graph, I could see that the "decrypted" flag is stored is a flag_buf variable at 0x6013e8 and that the decrypt_flag function returns at 0x4008c8.

With that information, we can fire up dbg :

gdb run

Then set up a break point at 0x4008c8 and execute until we reach the breakpoint :

break *0x4008c8
run

Once the breakpoint is reached, we read the string stored at 0x6013e8 :

x/s *0x6013e8

And that gives us the flag : picoCTF{gDb_iS_sUp3r_u53fuL_efaa2b29}