PassGen for F-secure cyber challenge Qualification 2020


I will only covered for this write up for the challenges since this is the challenge I got to obtain. Thank to my teammates for cover other challenges. I will try my best to explain more to make you understand. So, let get started:

PassGen

We get the file which is PassGen. It is an executable require to input and output something. It seem like we have to input something to output the flag. I try with open with IDA.

After try look at the assembly, I understand that the input will compare with some character and will output something if match the compare.

We can see from the picture it is cmp eax,[something value]->this is mean compare with something. But this is a trap, this will do nothing with the challenges. (Ya. Don't hit me, I being trapped too).

Then, I look with x96dbg, this make sense after all.

There are an loop in there, so it is probably, there are something (system) combine with (input) character by character. I guess.

The solution I think is we can just take something (from system) and ignore input (we key in). So, in logically, we must do some operation such as load something to process the (add, minus, xor or so on).

What I found in this operation is xor esi,eax. It is xor eax and store in esi(source index). That was the thing we look for. I just use modify xor to mov, since the thing of esi will be output.


And then we patch it and run one more time and keep plain with the input.


PS:I patch the filename with "pass"

Yeah. We got the flag.

Hope you guys enjoy this write up and learn something along the challenges. Maybe there are some error messages I brought to, but who haven't done error in life. I will try my best to cover more write up. Stay tuned. (If I done my project and assignement)