The Encoder - KnightCTF 2022

Posted on by NomanProdhan

Hello crackers

I hope you are doing lots of cracking 🤟

In this reverse engineering challenge, we're given a binary file and some numbers. Running the binary, it asks for input limited to fewer than 40 characters. After entering a string, it outputs numbers that look similar to those provided with the challenge.

0x00401196      55             push rbp
│           0x00401197      4889e5         mov rbp, rsp
│           0x0040119a      4883ec40       sub rsp, 0x40
│           0x0040119e      c745f8390500.  mov dword [var_8h], 0x539   ; 1337
│           0x004011a5      c745f4000000.  mov dword [var_ch], 0
│           0x004011ac      488d05550e00.  lea rax, str.Welcome_to_the_encoder ; 0x402008 ; "Welcome to the encoder"
│           0x004011b3      4889c7         mov rdi, rax                ; const char *s
│           0x004011b6      e875feffff     call sym.imp.puts           ; int puts(const char *s)
│           0x004011bb      488d055e0e00.  lea rax, str.Please_give_me_a_plain_text_of_max_40_characters ; 0x402020 ; "Please give me a plain text of max 40 characters"
│      ╎│   0x004011f8      8945f4         mov dword [var_ch], eax
│      ╎│   0x004011fb      8b55f4         mov edx, dword [var_ch] ; var_ch is our input
│      ╎│   0x004011fe      8b45f8         mov eax, dword [var_8h] ; var_8h is 1337
│      ╎│   0x00401201      01d0           add eax, edx  ;here its adding 1337 to the ASCII value of our characters

I used Radare2, a tool I like for analyzing binaries, to look inside the binary. By examining the main function within the binary, I found that it performs a straightforward operation: it adds 1337 to the ASCII value of each character from our input and then outputs the resulting numbers. This simple mechanism is responsible for the output we observe after running the binary.

To generate the flag for this challenge, you simply need to subtract 1337 from each number provided. This will revert the earlier operation done by the binary and give you the ASCII values of the characters in the flag. Convert these ASCII values back to characters, and you'll have your flag.

Its an easy challenge and I hope you enjoyed the writeup.