@((%/(%%.#..&@&(****@(****//*,,
@((%/(%%.#//((((#(@.@((**%(%@**
@((%##((((((((((((((@((%.(((%&(
****#%#((((((((((((((((((((((%%((((%&
....((((((((((((#. ,,,#((((%(((%%*
**((((((((((((( .,%((((((%%%.......%.%
*((((((((((((( #@@ ,((((((%%%%%((#,#%.%
@(((((((((((((& /((((((((((%%%@,#%.%
@(@*,,,*@((((((@ @((((((((((((((%%%@.%
/, ,&((((((((@@@@(((((((((((((((((((((%%%%....
@ @@ ,@(@*,/@%@((((((((((((((((((((((((((%%%...
* ,((@% @@@(%((((((((((((((((((((((((((%%%@,
..%. #((((((((((((((((((((((((((((((((((((((%%%/
\$$&%((((((((((((((((((((((((((((((((((((((((%%%@
&%.@&*@(((((((((((((((((((((((((((((((((((%%%*
&%.@&*#/*((((((((((((((((((((((((((((((((%%%@(
#########((((((((((((((((((((((((((((((#%%%@,,
*********(((%@((((((((((((((((((((((((((%&....
.........#*.*,,@((((((((((((((((((%&(((%&(((((
.........#*.*,,%.&@(((((((((((%%%%@@((%@......
.........#*.*,,%.&#..@#/@@@@#%@
@((%@
This was a reversing challenge from the DefCamp CTF 2020 rated with 293 points. The description said:
I heard you can’t redo what’s deleted. Is that true?
Flag: ctf{sha256(original_message)}
First, let’s run the binary they give us.
Well, as the description said, this challenge is about getting the original message. So, let’s check how that message is encoded.
Let’s open the binary inside Cutter. Looking at the amount of functions and some names like go.runtime.gogo we know this is a Go binary (the name said it too).
Let’s open the main function, which is sym.go.main.main. We are going to analyze it step by step.
First, it’s printing something. After that, another print
Then, it loads some bytes and encrypts them with AES.
Finally, it converts it to string and prints something again.
It’s time for some dynamic analysis. Let’s put a break on the instruction and run the program. After stepping to the first print, we can see what the first print was all about:
The second print output also looks familiar:
After that, when we first run it, it shows us the encoded message so it looks like all the AES encryption is about the original message.
Then, the stringtoslicebyte is executed. After the call, we can check the rax register to find the result of the function (the address of the contents)
According to the chars, that looks like the passphrase for the AES encryption. So the original message must be loaded before the call.
We can see that the address 0x4c0e36 is loaded into rax. Let’s check that.
After that instruction, it’s actually loading the size of the message to encode, which is 0x10 (or 16 bytes). Let’s grab 16 chars from that previous address: g01sn0tf0rsk1d1e.
We have the original message! We can double check that. We can write a Golang program to decrypt it (because we know the passphrase)
We run it and:
We were right.
Let’s get the sha256 of that string:
Put that uppercase letters to lowercase and we have the flag:
ctf{a4e394ae892144a54c008a3b480a1b22a6b64dd26c4b0c9eba498330f511b51e}