English [Cybercamp 2015] [Reverse 2] Write Up

Description

We have been given a file:

Download

The goal is to return the SHA256 of the plaintext.

Resolution

We began with the file command, to know what kind of file it is.

file nivel2

nivel2: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.0.0, BuildID[sha1]=d4f6577bd42cbb30ebf2ec7f56ceaf8615d569c4, not stripped
It’s an executable file, ok let’s try it then.

Few tests…

./nivel2 abdff

499
dropped flag: V293LCBsZXZlbCAyIGRvbmUhIEdyZWF0LCBicm8hIFNlZSBVIGKwWZ2VGbgQmczASZoRHIul

[…]

./nivel2 lol

dropped flag: DcPh]qMBDt<>]gUSUn=>G.4-QEdyZWF0LCBicm8hIFNlZSBVIGluIHRoZSAzcmQgbGV2ZWwK

The base64 decoded string of V293LCBsZXZlbCAyIGRvbmUhIEdyZWF0LCBicm8hIFNlZSBVIGKwWZ2VGbgQmczASZoRHIul gaves us:
Wow, level 2 done! Great, bro! See U b�Y������I���

We found there are some similarities with the first and second hash found:
V293LCBsZXZlbCAyIGRvbmUhIEdyZWF0LCBicm8hIFNlZSBVIGKwWZ2VGbgQmczASZoRHIul
DcPh]qMBDt<>]gUSUn=>G.4-QEdyZWF0LCBicm8hIFNlZSBVIGluIHRoZSAzcmQgbGV2ZWwK

We tried to combinate the 1st part of the first hash with the 2nd part of the second hash:
V293LCBsZXZlbCAyIGRvbmUhIEdyZWF0LCBicm8hIFNlZSBVIGluIHRoZSAzcmQgbGV2ZWwK

echo V293LCBsZXZlbCAyIGRvbmUhIEdyZWF0LCBicm8hIFNlZSBVIGluIHRoZSAzcmQgbGV2ZWwK | base64 --decode

Wow, level 2 done! Great, bro! See U in the 3rd level

SHA256(Wow, level 2 done! Great, bro! See U in the 3rd level) : 9118db61fc08bf52a2dbb856cc9b82f2409f3c482f27d81fd1273f09ec6b8db8

Flag is 9118db61fc08bf52a2dbb856cc9b82f2409f3c482f27d81fd1273f09ec6b8db8

Leave a Reply

Your email address will not be published.