Reverse Engineering Series — 2

Hey Squad,

Hey Squad,

This is going to be a series on Reverse Engineering. Let’s learn RE together. Any suggestion is appreciated.

link to part 1 is here : https://gowthamaraj-rajendran.medium.com/reverse-engineering-series-1-1a40eba00bc

file:

link: https://github.com/d0minikkkk/reversinghero-contents/tree/master/2

Tools:

  • file
  • ltrace
  • strings
  • ghex
  • ida64
  • Ghidra

Binary Analysis

file x2

we find that the file is 64-bit elf.

we find that the function printf, fdopen, fclose, memset, memcmp, strlen, fgets, strcspn being used.

IDA PRO Analysis

Let’s analyse using IDA PRO.

cmp_shuffled_input compares the input and the stored number. Once it passes, we will go to loc_4005A5 where we get the flag.

cmp_shuffled_input block

cmp_shuffled_input block has the shuffler function which shuffles the input given by the user.

shuffler block

shuffler block calls manipulator to get a random index to exchange elements between buffer and s2.

The above code be rewritten in python as the given below:

Hence, the input will be “31415926535897932384626433832795”

Ghidra Analysis

main function

shuffle algorithm,

It is much easier when we use ghidra.

Cracking the challenge


Please give a clap if you found it to be useful and follow me to get more hacking knowledge.