Vernilo hacks stuff
  • Home
  • 📦Hack The Box Write-ups
    • 📋Challenges
      • 🟢Reversing: Baby RE
      • 🟢Crypto: Templed
      • 🟢Crypto : Bank Heist
      • 🟢Web: emdee five for life
      • 🟠Web: Freelancer
    • 🖥️Machines
      • 🟢Spectra
      • 🟢Blunder
      • 🟢Cap
      • 🟢Knife
      • 🟠The Notebook
  • 🌧️Try Hack Me Write-ups
    • 🟢RootME
    • 🟢Pickle Rick
    • 🟢Ignite
    • 🟢Bounty Hacker
    • 🟠Dogcat
  • 📝Blog Posts
    • 🔗Understanding potential vulnerabilities in authentication mechanisms
Powered by GitBook
On this page
  1. Hack The Box Write-ups
  2. Challenges

Reversing: Baby RE

Description

"Show us your basic skills! (P.S. There are 4 ways to solve this, are you willing to try them all?)"

and we have a file, which by unzipping we give a file without extension called "baby"

seeing the strings of this file we see an interesting thing, like

HTB{B4BYH
_R3V_TH4H
TS_Ef

"Don't run "strings" on this challenge, that is not the way!!!!"

insert key:
abcde122313

but for me what most caught my attention were the following strings

puts
stdin
strcmp
GCC: (Debian 9.2.1-8) 9.2.1 20190909
baby.c

because it indicates that this file is a file that can be decompiled into a C file

for this, I used the reverse engineering program called Ghidra

after decompiling and recompiling this program in a C code, we have this:

and passing these strings from hexadecimal to ASCII

we have :

is strange because it refers to memory addresses, that is, these strings are backward, but in pairs

example : 0x7d5a is 0x5a 0x7d

then fixing, we have:

0x594234427b425448
0x3448545f5633525f
0x455f5354
0x7d5a

==>

48 54 42 7b 42 34 42 59
5f 52 33 56 5f 54 48 34
54 53 5f 45
5a 7d

now, if we convert this from hex to ASCII, we have the right flag

PreviousChallengesNextCrypto: Templed

Last updated 3 years ago

📦
📋
🟢
image