Post

Bigger

Description:

Reverse

Difficulty:

easy

Flag:

Flag: AtHackCTF{y0u_h4v3_s0m3_big_1ssu3s_to_s0lv3}

Solve

● after we take a look at the binary, we need to decompile it using IDA The first thing we notice is that The flag length is checked to be 44, it’s split into two parts each one is encoded in hex and converted to a big number.

image

● Both parts are multiplied and added to each other, the results are checked with hardcoded values

image

image

● The first character is also checked and a message is printed.

image

● and i wrote this script to solve this equations

1
2
3
4
5
6
7
8
9
10
11
12
13
14
import sympy as sym
from binascii import unhexlify
part1, part2 = sym.symbols('x, y')
eq2 = sym.Eq(part1 * part2, 0xd228dbbb9c75b236ed609ff61567dbff8b1da117ae0989a1a86deaba9b9259ce37f7b095ce9960fdc225c39)
eq1 = sym.Eq(part1 + part2, 0x74d3aacacaca74c7b9f0aca3d4d3d793e963cbe963ea)
result = sym.solve([eq1,eq2], (part1, part2))
for possible in result:
    part1, part2 = possible
    part1 = unhexlify(hex(part1)[2:])
    part2 = unhexlify(hex(part2)[2:])
    if part1[0] != ord('A'): 
        continue
    print(b"%s%s" % (part1, part2))
    

image

and i got the flag :D

AtHackCTF{y0u_h4v3_s0m3_big_1ssu3s_to_s0lv3}

This post is licensed under CC BY 4.0 by the author.