What is an ogre’s favourite network arrangement? … onion routing
- Author: Sun G
- Attachment: layers
0x1 basic information
Starting the binary, the goal seems simple: enter the correct answers, and something will happen, hopefully we get the flag. Digging deeper using
GDB, we see, that the challenge uses
strcmp in order to check, if the answer we provided is correct. I have looked at the source code using
Ghidra as well, but seemed like the strings are somewhat obfuscated, so I tried going another way, which turned out to be a great idea.
Since we are running this program on our own machine, noone is stopping us from modifying the containts of the registers. This lets us save a ton of work. Let the program deobfuscate the correct answer for itself, then right before the call to
strcmp we can just steal it.
The challenge name suggests, that we are going to have to do this a couple of times, so I went ahead and automated it using
gdb scripts. To not present you a one-click solution, the
gdb script is removed from this writeup, however with the above described method, one should be able to replicate my solution.
The acquired flag is: