The Encoder - KnightCTF 2022
Hello crackers
I hope you are doing lots of cracking 🤟
In this reverse engineering challenge, we're given a binary file and some numbers. Running the binary, it asks for input limited to fewer than 40 characters. After entering a string, it outputs numbers that look similar to those provided with the challenge.
0x00401196 55 push rbp
│ 0x00401197 4889e5 mov rbp, rsp
│ 0x0040119a 4883ec40 sub rsp, 0x40
│ 0x0040119e c745f8390500. mov dword [var_8h], 0x539 ; 1337
│ 0x004011a5 c745f4000000. mov dword [var_ch], 0
│ 0x004011ac 488d05550e00. lea rax, str.Welcome_to_the_encoder ; 0x402008 ; "Welcome to the encoder"
│ 0x004011b3 4889c7 mov rdi, rax ; const char *s
│ 0x004011b6 e875feffff call sym.imp.puts ; int puts(const char *s)
│ 0x004011bb 488d055e0e00. lea rax, str.Please_give_me_a_plain_text_of_max_40_characters ; 0x402020 ; "Please give me a plain text of max 40 characters"
│ ╎│ 0x004011f8 8945f4 mov dword [var_ch], eax
│ ╎│ 0x004011fb 8b55f4 mov edx, dword [var_ch] ; var_ch is our input
│ ╎│ 0x004011fe 8b45f8 mov eax, dword [var_8h] ; var_8h is 1337
│ ╎│ 0x00401201 01d0 add eax, edx ;here its adding 1337 to the ASCII value of our characters
I used Radare2, a tool I like for analyzing binaries, to look inside the binary. By examining the main function within the binary, I found that it performs a straightforward operation: it adds 1337 to the ASCII value of each character from our input and then outputs the resulting numbers. This simple mechanism is responsible for the output we observe after running the binary.
To generate the flag for this challenge, you simply need to subtract 1337 from each number provided. This will revert the earlier operation done by the binary and give you the ASCII values of the characters in the flag. Convert these ASCII values back to characters, and you'll have your flag.
Its an easy challenge and I hope you enjoyed the writeup.