Challenge Description

Flag? What’s a flag?

Provided Files

$ file anti_flag
anti_flag: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b8de97bc12c627606510140e43fc13e2efffcee5, for GNU/Linux 3.2.0, stripped

Solution

In Ghidra, we notice some mismatch between the assembly code and the disassembled one. We solve this by unchecking Eliminate unreachable code under Edit/Tool Options, and we find that there is a condition that is never met in the following function:

undefined8 FUN_00101486(undefined8 param_1,undefined8 param_2,undefined8 param_3,undefined8 param_4,
            undefined8 param_5,undefined8 param_6) {
<SNIP>
  else if (false) {
    FUN_001013ff("2asdf-012=14",&DAT_00102011,(long)__s);
    puts(__s);
  }
<SNIP>

Changing false to true is a matter of patching the relative assembly instruction of JZ to JNZ.

So, we go from this:

00101510 75 13           JNZ        LAB_00101525

to this:

00101510 74 13           JZ        LAB_00101525

The execution of the patched binary give us the flag:

$ ./patched_anti_flag       
HTB{y0u************0d!!!}

Challenge Description#

Provided Files#

Solution#

Challenge Description

Provided Files

Solution