Post

Bbbbloat

Posted Updated
By Nyxthewarlock
1 min read

This is a small reverse engineering challenge on picoCTF called Bbbbloat which I thought would be a nice intro into me doing reverse engineering writeups

First thing that catches my eye due to my prior knowledge of reverse engineering other than the printf function asking for a specific number, is the scanf function being used which takes input from the user, the next thing I see is the if statement line which is stating that local_48 equals 0x86187, the flag will be printed. This got me thinking what is the decimal value of local_48 so when i threw it in python I got the value 549255 which I input which asked for the favorite number and got the flag.

picoCTF{cu7_7h3_bl047_36dd316a}

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

undefined8 FUN_00101307(void)

{
  long in_FS_OFFSET;
  int local_48;
  undefined4 local_44;
  char *local_40;
  undefined8 local_38;
  undefined8 local_30;
  undefined8 local_28;
  undefined8 local_20;
  long local_10;
  
  local_10 = *(long *)(in_FS_OFFSET + 0x28);
  local_38 = 0x4c75257240343a41;
  local_30 = 0x3062396630664634;
  local_28 = 0x68653066635f3d33;
  local_20 = 0x4e623665625f64;
  local_44 = 0xd2c49;
  printf("What\'s my favorite number? ");
  local_44 = 0xd2c49;
  __isoc99_scanf(&DAT_00102020,&local_48);
  local_44 = 0xd2c49;
  if (local_48 == 0x86187) {   
    local_44 = 0xd2c49;
    local_40 = (char *)FUN_00101249(0,&local_38);
    fputs(local_40,stdout);
    putchar(10);
    free(local_40);
  }
  else {
    puts("Sorry, that\'s not it!");
  }
  if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) {
                    /* WARNING: Subroutine does not return */
    __stack_chk_fail();
  }
  return 0;
}
This post is licensed under CC BY 4.0 by the author.