Learn _ Play _

1. First Challenge was given python compiled File Used Python decompiler to get the original code. root@Vijay:~/Desktop/inctf 14/reverse# file one one: python 2.7 byte-compiled I got the printable sequence array values. eflag = [131, ... 138, ... 219, ... 198, ... 201, ... 158, ... 151, ... 154, ... 134, ... 129, ... 128, ... 177, ... 135, ... 157, ... 177, ... 157, ... 154, ... 135, ... 130, ... 130, ... 177, ... 141, ... 129, ... 129, ... 130, ... 201, ... 199] >>> eflag [131, 138, 219, 198, 201, 158, 151, 154, 134, 129, 128, 177, 135, 157, 177, 157, 154, 135, 130, 130, 177, 141, 129, 129, 130, 201, 199] >>> >>> flag = ''.join(map(chr, map(lambda x: x ^ 238, eflag))) >>> >>> print flag md5('python_is_still_cool') Next is the compiled java class file, I used jad decompiler to get the original class file root@Vijay:~/Desktop/inctf 14/reverse# file two.class two.class: compiled Java

Hi this is my first reverse engineering with GDB. Challenge was to get the flag from the display_function. First we should disassemble the executable file with objdump to see how the program control works. root@Vijay:~/Desktop/inctf 14/reverse# objdump -d four four: file format elf32-i386 Disassembly of section .init: 080482f4 <_init>: 80482f4: 53 push %ebx 80482f5: 83 ec 08 sub $0x8,%esp 80482f8: e8 b3 00 00 00 call 80483b0 <__x86.get_pc_thunk.bx> 80482fd: 81 c3 03 1d 00 00 add $0x1d03,%ebx 8048303: 8b 83 fc ff ff ff mov -0x4(%ebx),%eax 8048309: 85 c0 test %eax,%eax 804830b: 74 05 je 8048312 <_init+0x1e> 804830d: e8 3e 00 00 00 call 8048350 <__gmon_start__@plt> 8048312: 83 c4 08 add $0x8,%esp 8048315: 5b pop %ebx 8048316: c3 ret Disassembly of section .plt: 08048320 : 8