[REV] EAAS
We are given an ELF file that encrypts our input data in some way
Also an encrypted_string->“CAS{Y6oduOh_X3_gQu3xn6t_EXF_J3vxhf_Ca_3yM7zln}”
It seems that the index of input characters does not affect the encryption algorithm
Here is the encryption function
it take char by char in rax register then pass it as paramter to shift_char function
this the encryption algorithm , it is one to one encryptin
We can brute force the program by trying all possible ASCII characters to see what matches the encrypted flag
Here is a simple script to accomplish that
import subprocess
flag=[]
def run_with_inp(inp):
process = subprocess.Popen(
['/home/kali/EAAS'],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
text=True
)
process.stdin.write(inp)
process.stdin.flush()
output, _ = process.communicate(timeout=5)
return output[output.find('Encrypted:'):]
inp = ''
target = [0x43, 0x41, 0x53, 0x7b, 0x59, 0x36, 0x6f, 0x64, 0x75, 0x4f, 0x68, 0x5f, 0x58, 0x33, 0x5f, 0x67, 0x51, 0x75, 0x33, 0x78, 0x6e, 0x36, 0x74, 0x5f, 0x45, 0x58, 0x46, 0x5f, 0x4a, 0x33, 0x76, 0x78, 0x68, 0x66, 0x5f, 0x43, 0x61, 0x5f, 0x33, 0x79, 0x4d, 0x37, 0x7a, 0x6c, 0x6e, 0x7d, 0x0a]
def replace_letter(word, index, new_letter):
return word[:index] + new_letter + word[index+1:]
for i in range(47):
for j in range(32, 128):
inp = replace_letter(inp, len(inp)-1, chr(j))
res = run_with_inp(inp)[len("Encrypted: "):-1]
true_res = chr(target[i])
#print(res, ' VS ', true_res)
if true_res!=res:
continue
else:
print(chr(j))
flag.append(chr(j))
print(''.join(flag))
YAO{W3lcoMe_T0_aNo0th3r_CTF_H0sted_By_0xL4ugh}