picoCTF – GDB baby step4 writeup

Posted on By Sagahiko
CTF, Pico CTF

Description

main calls a function that multiplies eax by a constant. The flag for this challenge is that constant in decimal base. If the constant you find is 0x1000, the flag will be picoCTF{4096}.Debug this.

I think this exercies is very useful.

I will share 2 solutions of the exercise.

Solution 1

We can simply disassemble the function.

If we disassemble main, we see the func1.

In the same way, we disassemble the func1.

Then, we can see the multiplication at *func1+14 and the value is 0x3269.

We we change the hex value to decimal value which is 12905.

Solution 2

The second solution is to calculate the constant by comparing the values before and after the func1.

(gdb)break *main+46
(gdb)run
(gdb) x/w $rbp-0x4
0x7ffc4132c97c: 0x0000028e //654

(gdb) x/w $rbp-0x8
0x7ffc4132c978: 0x0080c83e //8439870

We found the values in the registers before and after the func1.

Then we can divide it to caculate the constant.

8439870/654=12905.

You may also like

Practical Binary Analysis
Practical Binary Analysis chapter2 exercises
CTF
picoCTF – Picker IV write-up
Practical Binary Analysis
Chapter 5 of Practical Binary Analysis Review 2
Practical Binary Analysis
Chapter 5 of Practical Binary Analysis Review 1