Reverse Engineering
{"author": ["ret2basic"]}

not crypto

Solved by: ret2basic

Challenge

there's crypto in here but the challenge is not crypto... 🤔

Solution

The program calls memcmp() for comparing our input with the flag:
memcmp()
The address of memcmp() is 0x13b9:
Address of memcmp()
Since PIE is enabled, this address is only an offset. Now we find the base address of the binary:
PIE base address
Set a breakpoint at 0x555555554000 + 0x13b9 = 0x5555555553b9 and read the flag:
Get flag

Flag

1
picoCTF{c0mp1l3r_0pt1m1z4t10n_15_pur3_w1z4rdry_but_n0_pr0bl3m?}
Copied!

breadth

Solved by: ret2basic

Challenge

Surely this is what people mean when they say "horizontal scaling," right?
TOP SECRET INFO:
Our operatives managed to exfiltrate an in-development version of this challenge, where the function with the real flag had a mistake in it. Can you help us get the flag?

Solution

Compare these two binaries and examine which bytes are different:
1
$ cmp -bl breadth.v1 breadth.v2
Copied!
cmp
Here 610380 refers to the function located at address 0x9504C. Examine this function in IDA:
Function
Get flag:
Get flag

Flag

1
picoCTF{VnDB2LUf1VFJkdfDJtdYtFlMexPxXS6X}
Copied!
Last modified 5mo ago
Copy link