The 1st challenge under the binary category, worthy of 100 points, kicked off with a binary executable given to participants. Through the use of PEiD, the binary was identified to be a “Microsoft Visual C# / Basic .NET” file. Execution of the binary showed it was a simulation program for a door lock.
As no hint was given for the challenge, the next step would be to put the binary through .NET Reflector to decompile and analyse the code. Out of the 13 objects listed in the object browser, 12 were system-related objects. All focus was on the only remaining object “Crack_Test”.
Although Crack_Test contained several methods, there was one particular method that stood out from the rest – void TransFormable(string).
As observed in line 5 & 7, if the two strings matched, a message box would be shown with a decrypted string which might be the flag for this challenge. Gathering data and function code used for decryption within TransFormable() became the next step towards the goal.
With the above information gathered, a simple PHP was written to perform the decryption based on Rijndael cipher.
And the flag was captured! 100 points in the bag!! Yay!
Cheers,
Braeburn Ladny
No comments:
Post a Comment