SECT 2018 EzDOS Reversing Challenge
This challenge was fairly easy and one of the first one to be solved as well along with my team mate,4rbit3r!
We were given the file and as the name suggests, it was a DOS
file. Firing it up in IDA would give you a fair idea of what actually happens and also would help you to see that a key is being taken as the input which is 13 in length.
Further moving ahead, we can see that there is a comparison being done along with the characters shown below:
In the beginning, I was trying to run the file using the DOS emulator which did not work and giving strings command gave me a few strings which was later important. There was a string being moved as you can see here which was nothing else but 1337SHELL
which was a guess as that was the only string which was not being used anywhere else. You can use r2 or gdb to print out what was there in that address, 26Bh
.
The rest was pretty straighforward as the string 1337
stayed there and the rest of our input was being xored SHEL
and compared with the strings shown below
More of like:
if inp[4] != '-':
exit(0)
if inp[5] ^ buf[4] != 'f':
exit(0)
In order to get the
We can get that the resulting four characters after the -
:
In [1]: chr(ord('S')^ord('f'))
Out[1]: '5'
In [2]: chr(ord('H')^ord('y'))
Out[2]: '1'
In [3]: chr(ord('E')^ord('t'))
Out[3]: '1'
In [4]: chr(ord('L')^ord('y'))
Out[4]: '5'
Now we have four characters after -
which is 5115
. We can see a flag file being opened and hence send the final string to the server where it is hosted.
NOTE:String comparison is only done against first 9 characters
The final string is, 1337-5115
:)
Any questions, reach to us in Twitter.
Enjoy Reading This Article?
Here are some more articles you might like to read next: