Abdallah Elshinbary

Abdallah Elshinbary

Malware Analysis & Reverse Engineering Adventures.

Pwnable.kr - flag

less than 1 minute read

Challenge description:

Papa brought me a packed present! let’s open it.

This challenge is just a simple reverse engineering task, from the challenge description we can guess that the binary is packed.

Using DIE (detect it easy), we can see that it’s packed using UPX.

1

we can unpack it easily using UPX:

$ upx -d flag
                       Ultimate Packer for eXecutables
                          Copyright (C) 1996 - 2018
UPX 3.95        Markus Oberhumer, Laszlo Molnar & John Reiser   Aug 26th 2018

        File size         Ratio      Format      Name
   --------------------   ------   -----------   -----------
    883745 <-    335288   37.94%   linux/amd64   flag

Unpacked 1 file.

Now that the binary is unpacked, let’s jump to ida and do some reversing.

2

We can see that the main function is copying the flag into rdx, if we follow it to the .data section we will get the flag.

3

Solution:

Flag: UPX...? sounds like a delivery service :)