Challenge #02 Solutions:
Filename: IgniteMe.exe (solution
time: 45 min.)
Analysis:
At
First glance the file is too small and only contains 5 functions. I simply run
the exe to see what it does:
I also do some static view of the
file using HIEW to have some background with the code it used and some string
if there is.
I saw some interesting string in
data section.
And when I cross reference that
string it will bring me to a code where it compares that to some sort of array
character in 0x403180.
I checked also if there is other interesting string on this file.
The entry point of the file is preparing the console to received input and to display string to it using GetStdhandle and WriteFile
It will ask you to input the flag
in console using “ReadFile” API and
saved that to initialized array.
Then it will save the inputted
flag in an array of bytes not including the carriage return byte “0x0A” &
“0x0D”.
After setting up the inputted
password flag it will prepare the initial decryption key value in function
0x00401000 which is “0x04”.
It will now encrypt the inputted
flag using symmetric logical function xor starting from the end of the flag.
Then compare the encrypted flag
inputted by the user to the embedded encrypted password on its body to verify if it
is the password. So I do some python script to reversed the encoded one and
know the actual flag password..
Python script to get the actual
password.
Output of python script:
Output of IgniteMe.exe:
