binex/inaccesible

Description

I wrote a function to generate the flag, but don't worry, I bet you can't access it!

Hints

• you could reverse engineer the function, but it's not necessary

• see if you can use any debugging tools to just call the function

Summary

There is a uncalled function named win. Basically the win function wil generate the flag and print it. i cannot got the flag just by reverse engineer the binary because it is generated run time. Here we can use debugging tool such as gdb to call the uncalled function using jump function. this way the program will jump and continue the execution from the address given after the jump function.

Solutions

The challange has given a simple binary.

I use cutter.re for reversing the binary. Here i found main function that will instantly print string "No flag for you". I also find there is a function called win. Upon analyzing the win function basically it will generate a flag (on my assumption) and print it to the console. So the challange is really straightforward. I need to run the win function somehow.

Now i will use GDB with Peda Extension to solve this challange. I will try to disassemble the main function within the gdb first. here we can see that some how we need to change the execution before the mov edi, 0x400754 which will generate the text to be printed i need to change the flow of the program to run the win function. Here i need to set a breakpoint at main address +4 or 0x4006bc.

From here now i will try to run the program. The program will stop at the breakpoint i set earlier. Now call the jump function from gdb and give the address of win function.

Flag

bcactf{W0w_Y0u_m4d3_iT_b810c453a9ac9}