[Reverse] DSYM - Stuck on challenge

Being a beginner (in reversing and debugging with low-level tools in general), i’d be interested to know what the dunnoWhatIAm file is good for. The file-command tells me it is a shared object with debug-information, which as i could observe gets loaded by gdb when opening getme, but as someone not firm in gdb, i couldn’t find a way to use it to my advantage.

Actually, dunnoWhatIAm contains the debugging information of getme:

We can see that the name of this debug file is present in the .gnu_debuglink section of getme (I used radare2):

[0x00001060]> izz~dunnoWhatIAm
021 0x00003054 0x00000000  12  13 (.gnu_debuglink) ascii dunnoWhatIAm

I believe I have the correct price string, and now I need to convert it from a certain format to another, but no luck. Does anyone mind if I PM my string to see if it’s the right one?

Never mind just had to stare at it for a bit

I can’t even get it to print anything out. Can anyone help me figure out where to put the breakpoints? thx

@LVx0 said:

I can’t even get it to print anything out. Can anyone help me figure out where to put the breakpoints? thx

Sent you a PM since i find it hard to formulate something which hasn’t yet been mentioned in this thread without spoiling the first part of the workflow.

EDIT: The public thing i guess i can mention is that that challenge can not be solved without any static analysis.

Hello everybody! I am new here and I am really stuck . I think I extracted the correct string but I cannot convert it into the flag ( I am not sure which manipulation I have to use)
Thanks for the help!

Never mind, I solved it :smile:

I had the first string, but I’m not able to see where it is used before or after. That is an hex string but it isn’t the flag any hint, how to proceede?

Type your comment> @Finbonkle said:

Never mind just had to stare at it for a bit

Hm, imagined myself being computer but I saw only U**… %) May be I am different, very old, model computer %))) If seriously stuck on point where got something looks like flag but not real flag (“price” got first directly running modified code, manually checked - result the same, decoding price gives U** )… Tried play with numbers - not succeeded - I will be very appreciated if somebody push me in correct direction %)

I believe I’ve reversed this properly, however can’t seem to get the format correct for the flag, can anyone who’s managed this pm me and I’ll send across what I’ve got and hopefully you can nudge me in a direction?

Ignore that, I was blind - Got it now

Hi all

I m stuck with this challenge i have found the price and the conversion from hex to ascii is made but i cant validate the challenge any hint or help about this string: UG****************

Type your comment> @mbouaouda said:

Hi all

I m stuck with this challenge i have found the price and the conversion from hex to ascii is made but i cant validate the challenge any hint or help about this string: UG****************

I am at the same stage as you. I think we are missing some quite obvious…

You can not retrieve the flag from the binary as cleartext, you’ll have to decrypt it in the end (the binary does not hold any information on the encryption method in question). This last part is actually a very common exercise in beginner CTFs.

Hi

Thank you yes right.
done

I can’t even start (i don’t even know what hex code op got, I see the line about price but dont know what to do after that), I tryed (cat, objdump, radare2) I guess I need to learn. But I don’t know what… Assembly? Debuggin?

Hi Everyone, completly new to Reverse Enginnering but eagar to learn. I’ve had a look at the file using radar2 and as expected most of the content makes no sense. Like most others, i’ve found the string in qurstion, however, i am struggling to see the value. A PM would be much appriciated to point me in the right direction.

Hello all,

Well, I was upset about the solution itself since I’ve got it.
Could you show me the light on the questions below:

  1. Why “some” function does not used in the binary? I mean, it is not called at all. How to get that logically, that we are interested in that exact func?
  2. What is the sense of using “that” string transformation, as far as that was not mention anywhere in the binary itself ?

Also, that questions might be as a hints :wink:

Hi all,

I’ve been stuck with this challenge for quite a while. I’m currently trying to understand the main assembly functions using ida free and also using gdb to try to the debug the program. I believe i identified some of the places where i can execute some breakpoints, but the program is not showing any data while running it.
Is there any hint that someone could give me privately to avoid spoiler?

Thanks guys!

After some many hours trying and trying, was able to get the flag :slight_smile:

Really nice challenge that teached me a lot, kudos to the creator!