Notice
Recent Posts
Recent Comments
Link
«   2026/03   »
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31
Tags
more
Archives
Today
Total
관리 메뉴

Void

[pwnable.kr] flag 본문

pwnable.kr

[pwnable.kr] flag

pdw0412 2025. 1. 19. 09:48 
...
LOAD:0000000000400078 ; PHT Entry 1
LOAD:0000000000400078                 dd 1                    ; Type: LOAD
LOAD:000000000040007C                 dd 6                    ; Flags
LOAD:0000000000400080                 dq 0C62D8h              ; File offset
LOAD:0000000000400088                 dq 6C62D8h              ; Virtual address
LOAD:0000000000400090                 dq 6C62D8h              ; Physical address
LOAD:0000000000400098                 dq 0                    ; Size in file image
LOAD:00000000004000A0                 dq 0                    ; Size in memory image
LOAD:00000000004000A8                 dq 200000h              ; Alignment
LOAD:00000000004000B0                 dq 21585055A1E0ACFCh, 160D081Ch, 0D7C21000D7C21h, 9200000190h
LOAD:00000000004000B0                 dq 0FF93FBF700000008h, 3010102464C457Fh, 580E01003E000200h
LOAD:00000000004000B0                 dq 40DBEC2FDF1F4010h, 3826450C38782Fh, 0BF606C1F00210A06h
LOAD:00000000004000B0                 dq 5E0F40010005571Eh, 2000206D7BAF0C11h, 0D207B3F006066F0Bh
LOAD:00000000004000B0                 dq 0D18006C0E2F1EB2h, 6F0043D83B7B2DE8h, 0C9400E2B01900704h
LOAD:00000000004000B0                 dq 7604000044207C81h, 4F20DF1707DB621Bh, 5110E4FF60A60F58h
LOAD:00000000004000B0                 dq 0B0080100066474E5h, 10DF6E520FDDDA07h, 0D6DC249240F0001h
LOAD:00000000004000B0                 dq 0FCEFF924A800000h, 49080004A14F000Ch, 4CD79FBB50019h
LOAD:00000000004000B0                 dq 0A554E47010610h, 180606E79DD7B702h, 0EEEF963F0306143Fh
LOAD:00000000004000B0                 dq 0B3AE72C24CECFFFFh, 0C04A0D6CD29EBD83h, 205867161BB45DEBh
LOAD:00000000004000B0                 dq 0B25BDBBEC5F776Ch, 0E02F500F435B7000h, 480F7DA1B3684829h
LOAD:00000000004000B0                 dq 0D8BD9B8F405F5C2Fh, 9F202F380F40C877h, 5017B362FB2F305Fh
LOAD:00000000004000B0                 dq 6F445CF02F285FC2h, 8FF4102F2C5ECDA1h, 10EF6ED0D9B4BF18h
LOAD:00000000004000B0                 dq 6C4ECFEF085F812Fh, 5F9E002F4140C03Bh, 8FDF376FFEC8348h
LOAD:00000000004000B0                 dq 8C0F08F00E0019E8h, 0FFC308C4246C4B09h, 0DD6DA4062C1CEA25h
LOAD:00000000004000B0                 dq 1E8C0132E9456800h, 0ACDA69019A409CE2h, 0CCCABC669019A4D2h
LOAD:00000000004000B0                 dq 0ECBADC0669019AC2h, 2AAFC406692F3B2h, 9A1CA2480CD2030Ch
LOAD:00000000004000B0                 dq 553C923480FFFF2Ch, 0BF03E083FD89F089h, 0FDFFFF53004966D8h
...

 

바이너리를 ida로 열었을 때, 바로 upx 패킹 되어있을 것이라고 생각했다.

 

 

upx -d -o unpacked_flag flag

 

upx 툴을 설치하고, 다음 명령어로 언패킹할 수 있다.

 

 

int __cdecl main(int argc, const char **argv, const char **envp)
{
  char *dest; // [rsp+8h] [rbp-8h]

  puts("I will malloc() and strcpy the flag there. take it.", argv, envp);
  dest = (char *)malloc(100LL);
  strcpy(dest, flag);
  return 0;
}

 

언패킹한 바이너리를 ida로 열어보면 이런 코드를 확인할 수 있다.

 

 

...
.data:00000000006C2070 ; char *flag
.data:00000000006C2070 flag            dq offset aUpxSoundsLikeA
.data:00000000006C2070                                         ; DATA XREF: main+20↑r
.data:00000000006C2070                                         ; "UPX...? sounds like a delivery service "...
...
.rodata:0000000000496628 aUpxSoundsLikeA db 'UPX...? sounds like a delivery service :)',0
.rodata:0000000000496628                                         ; DATA XREF: .data:flag↓o
...

 

flag변수의 값을 확인하면 flag를 얻을 수 있다.

 

 

 

UPX...? sounds like a delivery service :)

 

'pwnable.kr' 카테고리의 다른 글

[pwnable.kr] brain fuck  (0) 2025.01.19
[pwnable.kr] bof  (0) 2025.01.19
[pwnable.kr] collision  (0) 2025.01.19
[pwnable.kr] fd  (0) 2025.01.18
'pwnable.kr' Related Articles more