Cyberstakes Online 2015
Like most reversing challenges, the objective of bigkey is to find a flag or a key that satisfies a given binary. However, it is immediately apparent that the key for this challenge is in not the typical short 32 character key format.
The binary starts by loading three offsets into the data segment into
esi and addresses of three buffers on the stack into
edi. It then uses the
movsd op code to move 0x400 double-words from the data segment into the buffers.
Following that, it opens file pointed to by the first argument of the program and reads in onto another buffer. Next, it combines the four buffers xor
buf2, then adding the result with
buf3. If that is equal to the corresponding byte in
file_buf it continues. Otherwise, keyfile is reported invalid.
If it makes it through the entire set of buffers successfully,
print_key is called. In this function, which takes the address of the
file_buf as an argument, loops through the entire buffer adding – adding together 0x40 byte chunks.
As much as I may have wanted to, I didn’t have to do math on 0x1000 characters by hand. Therefore, I wrote a short python script to do it for me.
First I opened the file binary mode (I was confused when it didn’t work before).
I used 16 byte long strings from the start of each buffer to uniquely identify it so that I could read from its starting index.
Finally, I iterated through the arrays in the data segment to produce the proper keyfile and condensed it into the printable flag.