csictf 2020

CTF Writeup - https://ctftime.org/event/1081

Home csictf 2020 Writeups Home
22 July 2020

Vietnam

by AnandSaminathan

The Viet Cong in transmitting a secret message. They built a password checker so that only a selected few can view the secret message. We’ve recovered the binary, we need you to find out what they’re trying to say.

Files

Solution

On decompiling using Ghidra:

undefined8 main(void)

{
  undefined *puVar1;
  int iVar2;
  int local_18;
  int local_14;
  char *local_10;
  
  local_10 = (char *)malloc(0x400);
  fgets(local_10,0x400,stdin);
  setbuf(stdout,(char *)0x0);
  while (puVar1 = sa, *local_10 != '\0') {
    switch(*local_10) {
    case '!':
      tmp = sa;
      sa = sb;
      sb = sc;
      sc = puVar1;
      break;
    case '$':
      sa = sa + 1;
      *sa = 1;
      break;
    case '+':
      sa[-1] = *sa + sa[-1];
      sa = sa + -1;
      break;
    case ',':
      iVar2 = getchar();
      *sa = (char)iVar2;
      break;
    case '-':
      sa[-1] = sa[-1] - *sa;
      sa = sa + -1;
      break;
    case '.':
      puVar1 = str + 1;
      *str = *sa;
      str = puVar1;
      break;
    case '[':
      if (*sa == '\0') {
        local_14 = 1;
        while (local_14 != 0) {
          local_10 = local_10 + 1;
          if (*local_10 == '[') {
            local_14 = local_14 + 1;
          }
          else {
            if (*local_10 == ']') {
              local_14 = local_14 + -1;
            }
          }
        }
      }
      break;
    case ']':
      if (*sa != '\0') {
        local_18 = 1;
        while (local_18 != 0) {
          local_10 = local_10 + -1;
          if (*local_10 == '[') {
            local_18 = local_18 + -1;
          }
          else {
            if (*local_10 == ']') {
              local_18 = local_18 + 1;
            }
          }
        }
      }
    }
    local_10 = local_10 + 1;
  }
  str = STR;
  iVar2 = strcmp(STR,"HELLO\n");
  if (iVar2 == 0) {
    puts(str);
    system("cat flag.txt");
  }
  else {
    puts("Failed.");
  }
  return 0;
}

Although there are a lot of cases, , and . looks interesting. , takes a single character input (ivar2) and . appends ivar2 to the string STR. After all this, if STR is “HELLO\n”, the flag will be printed. So the flag can be obtained using the following input:

,.,.,.,.,.,.
HELLO

Flag

csictf{l00k_4t_th3_t0w3rs_0f_h4n01}
tags: Reversing