This file is an 32bits elf binary, compiled from go language (i guess ... coded by @nibble_ds ;)
The binary has some debugging symbols, which is very helpful to locate the functions and api calls.
GO source functions:
- main.main
- main.function.001
If the binary is executed with no params, it prints "Nope!", the bad guy message.
~/ncn$ ./inbincible
Nope!
Decompiling the main.main function I saw two things:
1. The Argument validation: Only one 16 bytes long argument is needed, otherwise the execution is finished.
2. The key IF, the decision to dexor and print byte by byte the "Nope!" string OR dexor and print "Yeah!"
The incoming channel will determine the final message. |
Dexor and print each byte of the "Nope!" message. |
This IF, checks 16 times if the go channel reception value is 0x01, in this case the app show the "Yeah!" message.
Go channels are a kind of thread-safe queue, a channel_send is like a push, and channel_receive is like a pop.
If we fake this IF the 16 times, we got the "Yeah!" message:
(gdb) b *0x8049118
(gdb) commands
>set {char *}0xf7edeef3 = 0x01
>c
>end
(gdb) r 1234567890123456
tarting program: /home/sha0/ncn/inbincible 1234567890123456
...
Yeah!
Ok, but the problem is not in main.main, is main.function.001 who must sent the 0x01 via channel.
This function xors byte by byte the input "1234567890123456" with a byte array xor key, and is compared with another byte array.
=> 0x8049456: xor %ebp,%ecx
This xor, encode the argument with a key byte by byte |
The xor key can be dumped from memory but I prefer to use this macro:
(gdb) b *0x8049456
(gdb) commands
>i r ecx
>c
>end
(gdb) c
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x12 18
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x45 69
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x33 51
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x87 135
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x65 101
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x12 18
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x45 69
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x33 51
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x87 135
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x65 101
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x12 18
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x45 69
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x33 51
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x87 135
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x65 101
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x12 18
The result of the xor will compared with another array byte, each byte matched, a 0x01 will be sent.
The cmp of the xored argument byte, will determine if the channel send 0 or 1 |
(gdb) b *0x0804946a
(gdb) commands
>i r al
>c
>end
At this point we have the byte array used to xor the argument, and the byte array to be compared with, if we provide an input that xored with the first byte array gets the second byte array, the code will send 0x01 by the channel the 16 times.
Now web have:
xorKey=[0x12,0x45,0x33,0x87,0x65,0x12,0x45,0x33,0x87,0x65,0x12,0x45,0x33,0x87,0x65,0x12]
mustGive=[0x55,0x75,0x44,0xb6,0x0b,0x33,0x06,0x03,0xe9,0x02,0x60,0x71,0x47,0xb2,0x44,0x33]
Xor is reversible, then we can get the input needed to dexor to the expected values in order to send 0x1 bytes through the go channel.
>>> x=''
>>> for i in range(len(xorKey)):
... x+= chr(xorKey[i] ^ mustGive[i])
...
>>> print x
G0w1n!C0ngr4t5!!
And that's the key :) let's try it:
~/ncn$ ./inbincible 'G0w1n!C0ngr4t5!!'
Yeah!
Got it!! thanx @nibble_ds for this funny crackme, programmed in the great go language. I'm also a golang lover.
More articles
- Blackhat Hacker Tools
- World No 1 Hacker Software
- Pentest Tools Nmap
- Hak5 Tools
- Hack Tools
- Hacking Tools Free Download
- Hack Website Online Tool
- Hack Tools 2019
- Hack Tool Apk
- Best Hacking Tools 2020
- Best Hacking Tools 2020
- Pentest Tools Open Source
- Hacking Tools Windows
- Easy Hack Tools
- Pentest Recon Tools
- Hacking Tools
- Bluetooth Hacking Tools Kali
- Pentest Tools Website Vulnerability
- Pentest Tools Find Subdomains
- Hack Website Online Tool
- Best Pentesting Tools 2018
- Nsa Hack Tools
- World No 1 Hacker Software
- Hacker Tools Online
- Hack Tools For Games
- Pentest Tools Windows
- New Hack Tools
- Nsa Hack Tools Download
- Hack Tools For Games
- Hacking Tools For Windows 7
- Hacking Tools Kit
- Black Hat Hacker Tools
- Wifi Hacker Tools For Windows
- Hacker Tools For Windows
- Usb Pentest Tools
- Hacker Tools
- Tools 4 Hack
- Pentest Tools Apk
- New Hack Tools
- Nsa Hacker Tools
- Pentest Tools Nmap
- Hacks And Tools
- Wifi Hacker Tools For Windows
- Black Hat Hacker Tools
- Pentest Tools Port Scanner
- What Is Hacking Tools
- Hacker
- Hacking Tools For Mac
- Hacker Techniques Tools And Incident Handling
- Best Hacking Tools 2020
- Pentest Tools Open Source
- Hacker Tools For Windows
- Pentest Tools Review
- Hacks And Tools
- Hack Apps
- Hack Tools Mac
- Hacker Tools Windows
- How To Install Pentest Tools In Ubuntu
- Hack Tools
- Hacking Tools Github
- Pentest Box Tools Download
- How To Hack
- Pentest Tools Port Scanner
- Hacker Tools For Ios
- Hack Apps
- Hacks And Tools
- Hacker Tools Apk Download
- How To Make Hacking Tools
- Hack Tools Online
- Hacker Tools Hardware
- How To Hack
- Hacker Hardware Tools
- Hack Tools Github
- Nsa Hack Tools Download
- Hacking Tools 2020
- Hack Tools Mac
- Hacking Tools 2019
- Pentest Tools Github
- Pentest Tools Open Source
- Hacker Tools Windows
- Hacking Tools Github
- Hacking Tools
- Hacker Search Tools
- Hacker Tools Mac
- Pentest Tools Github
- How To Make Hacking Tools
- Hack Tools Online
- Hacker Search Tools
- Bluetooth Hacking Tools Kali
- Hack Tools For Ubuntu
- How To Hack
- Hacking Tools Usb
- Pentest Tools For Android
- Best Pentesting Tools 2018
- Hacker Tools For Mac
- Pentest Tools Bluekeep
- How To Make Hacking Tools
- Hack Tools Mac
- Hack Tools Pc
- Pentest Tools Port Scanner
- Hack And Tools
- Hacking Tools Download
- Pentest Tools Apk
- New Hacker Tools
- Pentest Tools Find Subdomains
- Hacker Tools Github
- Hacking Tools Download
- Hacker Security Tools
- Pentest Tools Windows
- Hackrf Tools
- Hack Tool Apk
- Hacking Tools For Beginners
- Hacker Tools Windows
- Pentest Tools List
- Pentest Tools Apk
- Pentest Automation Tools
- Hacker Tools Apk Download
- Pentest Tools Tcp Port Scanner
- Growth Hacker Tools
No comments:
Post a Comment