An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
chicago
Challenge description
Keygenme...sort of
Author:
akhbaar
The keygen
As usual, we start by trying to run the executable.
./chicago
but unfortunately, we get
... Bad lenght! ...
Opening the file with ghidra, we see that the file is a rust compiled executable, with A TON of functions (I suppose from the rust standard library). After some time we find the main
, with an interesting portion of code:
if (local_1a8 < 10) { FUN_00107480("Bad length ...
So the length of the input must be at least 10.
Also, after some analysis and variable renaming, we find that
actual_num = input[i] - 0x30; // 0x30 is the ascii code for '0'
So every character of the input must be a digit.
if (((i & 1) != 0) && (actual_num = actual_num * 2, L'4' < (uint)input[i])) { actual_num = (uint)(byte)((char)(actual_num & 0xff) + (char)((actual_num & 0xff) / 10) * -9);}
So if the index of the character is odd, we multiply it by 2.
Also, if the original number is greater than 4, we replace it with $x + x / 10 * -9$, where $x$ is the original number.
Then, at least that's what I thought, it gets compared to the first character of the input, and if it's equal we get the flag.
The real keygen
After spending much more time than I should have, and after writing a python script to bruteforce the flag, I was so surprised when the first number it tried checked all the conditions.
As you could have guessed, the first and most obvious string that my script tried was 0000000000
, and it worked .
To get the flag, I then just had to run the program with ./chicago 0000000000
.
Original Link: https://dev.to/ulisse/chicago-1hai
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To