[Internetwache CTF 2016] [Reverse 70 – ServerfARM] Write UpDescription
Internetwache CTF 2016 : ServerfARM
Category: Reversing Points: 70 Solves: 156 Description:Description: Someone handed me this and told me that to pass the exam, I have to extract a secret string. I know cheating is bad, but once does not count. So are you willing to help me?
Attachment: rev70.zip
Resolution
We start by launching a file on the binary:
laxa:Challenges:00:28:45$ file serverfarm serverfarm: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0xa0f66f9d4bcb99d0102ce6b6bb838f84098b1023, not stripped
Then we fire IDA to see that the program is executhing that method:
int __fastcall handle_task(int result, char *a2)
{
size_t v2; // ST0C_4@5
char *s; // [sp+0h] [bp-1Ch]@1
int v4; // [sp+4h] [bp-18h]@1
size_t i; // [sp+8h] [bp-14h]@2
unsigned int v6; // [sp+Ch] [bp-10h]@1
v4 = result;
s = a2;
v6 = 0;
switch ( result )
{
case 0:
for ( i = 0; strlen(s) > i; ++i )
v6 += (unsigned __int8)s[i];
v2 = v6 / strlen(s);
printf("%s", "Here's your 1. block:");
if ( (signed int)v2 <= 35 )
{
printf("%s", "IW{");
putchar(83);
result = printf("%c%c\n", 46, 69);
}
else
{
result = puts("I{WAQ3");
}
break;
case 1:
printf("%s", "Here's your 2. block:");
if ( (unsigned __int8)*s % (signed int)(unsigned __int8)s[1] == 65 )
{
printf("%s", ".R.");
putchar(86);
result = printf("%c%c\n", 46, 69);
}
else
{
result = puts("WI{QA3");
}
break;
case 2:
printf("%s", "Here's your 3. block:");
if ( !strcmp(s, "1337") )
result = puts(".R>=F:");
else
result = printf("%c%s%c\n", 46, "Q.D.Q", 33, s, v4);
break;
case 3:
if ( *a2 )
result = printf("%c%s%c\n", 65, ":R:M", 125, a2, result);
break;
default:
return result;
}
return result;
}
From there, it’s pretty straighforward, given that the flag is this format: IW{xxxxx} we only have one possibilty for the flag to be.
Flag is: IW{S.E.R.V.E.R>=F:A:R:M}