riftCTF - Rev 1 Writeup

The challenge

Value: 50 points

The file required to solve the challenge is attached in the directory with the name: chall1.elf

Message: 1. find the correct password for the crackme to display the “Correct Password” message. 2. your goal is not to make the app display “Correct Password” but to find the correct password which does that for you. 3. brute-forcing won’t help but you can do whatever you want. 4. don’t expose this challenge on a real work environment. 5. flag format riftCTF{<---flag-here--->}. Good Luck!

author- X3eRo0

That was a warm up challenge. I fired up Ghidra and decompiled the binary and the flag was available in clear text:

undefined8 FUN_00101175(void)

  int iVar1;
  long in_FS_OFFSET;
  char local_58 [72];
  long local_10;
  local_10 = *(long *)(in_FS_OFFSET + 0x28);
  puts("--=[ Super Easy Crackme ]=--");
  printf("passwd > ");
  iVar1 = strncmp(local_58,"riftCTF{tr4c1ng-mAkes-17-SUPeR-345Y}",0x24);
  if (iVar1 == 0) {
    puts("Correct Password...");
  else {
    puts("Wrong Password...");
  if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) {
                    /* WARNING: Subroutine does not return */
  return 0;

Flag: riftCTF{tr4c1ng-mAkes-17-SUPeR-345Y}

About the author

All your $rip belong to us.