Description:
So I like to make my life difficult, and instead of a password manager, I make challenges that keep my secrets hidden. I forgot how to solve this one and it is the key to my house… Can you help me out? It’s getting a little cold out here.
NOTE: Flag is not in normal flag format.
Running the file we end up with a message: “?W?h?a?t h?a?p?p?e?n?”
Let’s open the exe in IDA and view it’s strings looking for interesting strings.
```asm
.rdata:00AB52B8 00000029 C C:\\Users\\CSAW2016\\haha\\flag_dir\\flag.txt
.rdata:00AB52E4 00000016 C ?W?h?a?t h?a?p?p?e?n?
.rdata:00AB52FC 00000021 C |------------------------------|
.rdata:00AB5320 00000021 C |==============================|
.rdata:00AB5344 00000021 C \\ /\\ /\\ /\\ /\\==============|
.rdata:00AB5368 00000021 C \\/ \\/ \\/ \\/ \\=============|
.rdata:00AB538C 00000021 C |-------------|
.rdata:00AB53B0 00000015 C Congrats You got it!
.rdata:00AB53C8 00000012 C =W=r=o=n=g=K=e=y=
```
We have 4 interesting strings:
- A path: C:\\Users\\CSAW2016\\haha\\flag_dir\\flag.txt
- The known message: ?W?h?a?t h?a?p?p?e?n?
- Good key: Congrats You got it!
- Bad key: =W=r=o=n=g=K=e=y=
Visiting the function that uses the path string (X-ref) we understand the program is trying to read the key from it, if it doesn’t exists we would get: ?W?h?a?t h?a?p?p?e?n?
I Created the txt file with “aaa” inside and ran again, this time I set a breakpoint before the decision whether to jump to the success or failure message.
<img src="./asm_key_csaw.png" />
Now let’s see what we have in what seem like the comparison function.
Stepping the lines we can see that my “aaa” is compared with a string.
<img src="./csaw_key_eax.png" />
This string is the key “<em>idg_cni~bjbfi|gsxb</em>” and also the flag to the challenge.
Eat Veggies
Eat Veggies
