Challenge 1: Program Analysis – Secgroup Ca' Foscari

Find the password of /home/rookie/Challenge1/password in testbed.

Hints

Hint 1: Compared to /home/rookie/GDB/checkPasswordEasy, this version of the program does not “deobfuscate” a stored password (which can be easily cracked by setting a breakpoint after deobfuscation has happened) but instead “obfuscates” the one typed by the user, similarly to what is done with hash functions. Unfortunately the obfuscation is not strong enough and can be reversed!

Hint 2: Use both static and dynamic analysis.

Useful links

See here how to run gdb in docker
video 1 (in Italian): how to decompile “by hand”
video 2 (in Italian): how to script gdb using python and subprocess

NOTE: the videos refer to an older version of the challenge

Bonus

You can send direct messages to multiple users on slack. Send @Simone Jovon and @focardi (me) a direct message with a short description of how you solved the challenge by October 17th to get a 0.5 bonus on the final grade!