Classic Password In this challenge we are supplied an elf file and the goal is to find the flag, there are multiple ways to retrieve the flag for this challenge. A simple execution of strings on the file is not enough, however the easiest way seems to be to use ltrace. In this short post, I will use ltrace and afterwards also use the disassembler to solve the challenge. Ltrace route ltrace .

Basic Types This is a basic overview over datatypes after a program has been compiled. All excamples have been compiled with gcc, it might be worthwhile to comapre the output for Visualstudio. Everything is compiled as x64, therefore padding is usually done on 8 byte sizes and pointers are also 8 byte, for 32 bit applications this should be different (4 byte). Local and Global variables This example uses global and local variables.

Anti Flag This file is part of the track “Intro to Reversing”. Because this file does not give any HTB points at the time of this writing, i will keep the flag inside the post. The file is a 64 bit elf binary: localhost:~# file anti_flag anti_flag: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b8de97bc12c627606510140e43fc13e2efffcee5, for GNU/Linux 3.2.0, stripped As the strings output is very short it can also be pasted here and it is obviosu that there are not many strings included:

Syncopation This is a challenge from the HTB Business CTF in July 2021. The user has to enter a “killswitch”, when this switch is correct, it is equivalent to the flag. The challenge was solved using binary ninja in the normal graph disassembly view. At the end of the article there is also a high level IL view of the flag comparison function. This is a very short first post for this blog and hopefully not too many details are left out.