Sunday, September 22, 2013

CSAW CTF 2013 :: REVERSING 2 (200 points)

For this puzzle we are given a window executable.

Hmm but the program keeps on crashing when i tried opening it...
Whatever... lets try firing up ollydbg to see what is going on. Hmmm... we got a messagebox call... but the text seems to be encrypted...

If we were to fire up IDA pro, we can see that there is a branch condition. Apparently by default the program will directly jump to address 0040106E to display the MessageBox.

Lets try to change this flow in ollydbg and see what will happen. I got a feeling that the other path might decrypt and display out the plain key.... Lets set breakpoint at address 00401040. On break change EAX to 0.  Once that is done, step through the program till you hit the messagebox.

Ermmm... the messagebox pops up... but no key is inside what possibly could have gone wrong???

Lets take a look on what has been passed in to the messagebox function. We can see that there is a push ESI @ address 00401075. But the text is empty! Let me Follow in dump on ESI.. Ahhh key found! 

Always Lazing

No comments:

Post a Comment