Wednesday, October 17, 2012

hackyou CTF: Reversing 200

This challenge presents you with a random number guesser where the user has to guess a randomly generated number. The good thing about this is that it does not use what we enter to generate the key. The relevant assembly is shown below.


The easy way to do this is to switch the comparison to something simpler.
cmp     eax, ecx
cmp     eax, eax
This changes the hexidecimal from 39 C8 to 39 C0 (Intel x86 opcode). A screenshot of the hex that we are looking to change is shown below.


When the C8 is changed to a C0, the program thinks that we win always and it spits out the key, oh_you_cheat3r.

-- suntzu_II

3 comments:

  1. Ah, much nicer than my approach. I patched the values of the register holding your guess (eax IIRC) to be equal to the value of the rand (ecx) in real time on the debugger.

    ReplyDelete
  2. What a disassembler is used in the first picture?

    ReplyDelete
    Replies
    1. The disassembler used is IDA. The free version is available at http://www.hex-rays.com/products/ida/support/download_freeware.shtml

      Delete