Find the password of /home/rookie/Challenge1/password
in testbed.
Hints
Hint 1: Compared to /home/rookie/GDB/checkPasswordEasy
, this version of the program does not “deobfuscate” a stored password (which can be easily cracked by setting a breakpoint after deobfuscation has happened) but instead “obfuscates” the one typed by the user, similarly to what is done with hash functions. Unfortunately the obfuscation is not strong enough and can be reversed!
Hint 2: Use both static and dynamic analysis.
Useful links
- See here how to run gdb in docker
- video 1 (in Italian): how to decompile “by hand”
- video 2 (in Italian): how to script gdb using
python
andsubprocess
NOTE: the videos refer to an older version of the challenge
Bonus
You can send direct messages to multiple users on slack. Send @Simone Jovon
and @focardi
(me) a direct message with a short description of how you solved the challenge by October 25th to get a 0.5 bonus on the final grade!