Program is not packed x86 executable ELF file.
There is a very easy logic here. Secret information about bank account is generated from input code.
Code which is converted test code to binary is the same as in challenge 31
There is a different check code:
signed int __cdecl check(int *a1) { signed int result; // eax@2 int v2; // eax@3 int v3; // [sp+Ch] [bp-4h]@7 if ( *a1 == 0x65BCFF45 ) { v2 = __ROL__(a1[1], 13); if ( v2 == 0x34A7FB12 ) { if ( *a1 + a1[1] == a1[2] ) { v3 = a1[3]; if ( v3 - 0x75718FF8u <= 0x7C40 && (unsigned __int16)v3 == 0xAB39 ) { if ( (signed int (__cdecl *)(int *))a1[4] == check ) { if ( a1[5] == 0xDEADBABE ) result = 0; else result = -1; } else { result = -1; } } else { result = 1; } } else { result = 1; } } else { result = 1; } } else { result = 1; } return result; } |
So, the easiest way to get a code is to write keygen:
#include <stdio.h> #include <windows.h> unsigned int key[6]; int main(int argc, char* argv[]) { key[0] = 0x65BCFF45; unsigned int tmp = 0x34A7FB12; __asm { push eax mov eax, tmp ror eax, 13 mov tmp, eax pop eax } key[1] = tmp; key[2] = key[1] + key[0]; tmp = 0x75718FF8; key[3] = 0; for (int i = 0; i <= 0x7C40 ; i++) { if (((tmp + i)&0xFFFF) == 0xAB39) key[3] = (tmp + i); } if (key[3] == 0) { printf ("Error! can't generate key[3]!\n"); return -1; } key[4] = 0x080484E4; key[5] = 0xDEADBABE; printf("Secret code: "); for (int i = 0; i < 0x18; i++) printf("%02x", (*((char*)key+i))&0xFF); } |
C:\ctf\~writeups\ictf2011\challenge32>keygen.exe
Secret code: 45ffbc653fa591d884a44e3e39ab7175e4840408bebaadde
Bank account info: 9402901303833-67249270571
