Ware

• CTF: 0x41414141 CTF
• Category: reverse
• Writeups

Given

My plaintext has been encrypted by an innocent friend of mine while playing around cryptographic libraries, can you help me to recover the plaintext , remembers it's just numbers and there's a space between some numbers which you need to remove the space and submit the recovered plain text as a flag.

Author: ElementalX

• ELF file skidw4re

Analysis

Running the program gives the following output:

This is the only message--------> ae385c6f1dd72132b2afcd4c25b9d35e0000000000000000
32 The message has been encrypted and written

A quick look in ida suggests its UPX packed, we unpack it with upx upx -d skidw4re

When we open the unpacked program in IDA we find a lot of subroutines. But one named main_EncryptAES catches my eye.

We can see that it accepts a plaintext and encrypts it. I set a breakpoint at the end of the subroutine and start the debugger.

We can see that we indeed have a plaintext and that it it is a bunch of numbers with a space in between.

Implementation

Nothing much to do here. 321174068998067 98980909 was extracted from the debug. Knowing that the format of a flag is flag{x} and the intro text said remembers it's just numbers and there's a space between some numbers which you need to remove the space and submit the recovered plain text as a flag..

I reconstruct the flag as flag{32117406899806798980909}

Flag found! flag{32117406899806798980909}