What will you learn?:
Decompilation
- What is decompilation and how does it work?
Analyze the programming language used (if you're not familiar with it)
- Analyze the programming language used
- What kind of byte used to made this flag
BONUS!! (Shhh! DON'T SKIP TO BONUS! READ FIRST, OK?)
Analyze the file format
As you look at the Description of this challenge and the file format given to us.
It's hard to analyze what kind of file it could be. But. Let's decompile this file and see what it's written in.
Decompilation is a process of converting a file into it's original state back, where it was being first coded before converting it into a computer readable file.
Before we could run an app for example "Steam.exe" or any executable files. File itself need to be convert into computer language. This is the process of "compilation" or simply known as, Compil- (ing/er). After we coded our our program and wanted it to ran as executable file. We first need to send that program file we made to the compiler. This compiler will then convert the script into binary/ computer language.
DECOMPILE
(Reverse the process of compiling)
As you can see from the left side image.
I took the file into an online decompiler. And when I try to play around with different compilers. I find that BinaryNinja actually more readable (my opinion). So, as I analyze this script. I find out that the byte I found on the if statement (Condition loop): 0x62 0x6c 0x61 0x68 0x61 0x6a 0x7b 0x77 0x68 0x34 0x37 0x5f 0x44 0x33 0x43 0x30 0x4d 0x50 0x31 0x4c 0x33 0x72 0x5f 0x64 0x30 0x5f 0x79 0x30 0x55 0x5f 0x55 0x73 0x33 0x3f 0x7d. Looks like a hexadecimel. I eded up go desamble it into x86. (This part clue 3 I explain more)
Okay, I think I went to fast over here, let me slow down and explain and correspond to what I mean in the previous clue.
I know that I couldn't make a guess out of the file format given to me. So that's the actual point of reverse engineering, right?
We want to find out what's the original with the corrupted or formatted file itself. We don't know if it's gonna be written in python or so on, we just don't know that part.
Since we only have the file, we could try to decompile it and see if we could recover the original script/ code written.
Now, we need to find a decompiler software, but for me I used an online decompler, I mean I just want use less resources then downloading and waste my memory space, don't ever complaint me that I'm cheating. It's all about getting a smart solution, modern problems need modern solution and modern creativity!
Analyze script
&
Convertion
As you can see the script beside me (I actually cut all the way until the clue of the script. So, it minimize the time to look at it).
You can see that the condition loop contains an operator with a byte (the if statement! But this one you're looking at us just pure nothing but if sttement with no context, at all. Because I cut it. And the byte basically I'm mention those "0x**"). So, now we know what's going on with the script itself. We are able to find the flag. The flag in this case basically all the 0x**. So, just put it somewhere on notepad or a text editor. So, you now with this weird byte/string:
0x62 0x6c 0x61 0x68 0x61 0x6a 0x7b 0x77 0x68 0x34 0x37 0x5f 0x44 0x33 0x43 0x30 0x4d 0x50 0x31 0x4c 0x33 0x72 0x5f 0x64 0x30 0x5f 0x79 0x30 0x55 0x5f 0x55 0x73 0x33 0x3f 0x7d.
This is where some of us had no idea or any clue what this could be. So, in this case ChatGPT came to play for your CTF. Let's say you don't know are are the different type of string or hashes. And you couldn't identify what kind of string it could be. When we ask GPT, it might say it's an hexadecimel. And it is indeed hexadecimel.
Okay, but for me I overthink and ended up decode it to disemble x86 and gotten this string: 626C6168616A7B776834375F443343304D50314C33725F64305F7930555F5573333F7. And next what I did was converting it into plaintext. Sometime CTF Challenge, they could give us a string or a hash to convert it into plaintext. But don't be afraid to ask GPT, it could help you in a small part. In this case, I use 20% GPT and 80% hard work.
Tip:
Analyze if statement/condition loops
- Sometime the flag actually asked you to piece all the information into 1
Understanding the script by sectioning it.
- Break the script into chunck of lines. Sometime when you understand the logics line by line, it could help you tackle the problem.