NEW: the challenge has been updated! please pull the new testbed image before running it:
docker pull secunive/sec:testbed
docker run --rm -it secunive/sec:testbed
or use the beta tester image, based on ubuntu 24.04 and providing a better interface to gdb, as follows:
docker run --rm -it secunive/sec:testbed_beta
Please report to me any issue with this beta version, thanks!
NOTE: The program is named
password_newso if you still seepasswordyou have the old image!
Find the password of /home/rookie/Challenge1/password_new in testbed.
Hints
Hint 1: Compared to /home/rookie/GDB/checkPasswordEasy, this version of the program does not “deobfuscate” a stored password (which can be easily cracked by setting a breakpoint after deobfuscation has happened) but instead “obfuscates” the one typed by the user, similarly to what is done with hash functions. Unfortunately the obfuscation is not strong enough and can be reversed!
Hint 2: Use both static and dynamic analysis.
Useful links
- video 1 (in Italian): how to decompile “by hand”
- video 2 (in Italian): how to script gdb using
pythonandsubprocess(solution to previous lab available here)
NOTE: the videos refer to an older version of the challenge
Bonus
Submit a report in moodle, describing how you solved the challenge by October 29th to get a 0.5 bonus on the final grade! The report should describe the static/dynamic analysis performed to find the solution.