Challenge 1: Program Analysis – Secgroup Ca' Foscari

Find the password of /home/rookie/Challenge1/password in testbed.

Hints

Hint 1: Compared to /home/rookie/GDB/checkPasswordEasy, this version of the program does not “deobfuscate” a stored password (which can be easily cracked by setting a breakpoint after deobfuscation has happened) but instead “obfuscates” the one typed by the user, similarly to what is done with hash functions. Unfortunately the obfuscation is not strong enough and can be reversed!

Hint 2: Use both static and dynamic analysis.

Useful links

See here how to run gdb in docker
video 1 (in Italian): how to decompile “by hand”
video 2 (in Italian): how to script gdb using python and subprocess

NOTE: the videos refer to an older version of the challenge

Bonus

Note: You can send direct messages to multiple users on slack.

Send @Alvise Favero and @focardi (myself) a direct message with a short report describing how you solved the challenge by October 15th to get a 0.5 bonus on the final grade! The report should describe the static/dynamic analysis performed to find the solution.