CTF Write-Up: Hell Yeah!

Antonio Lara
InfoSec Write-ups
Published in
2 min readDec 8, 2021
  • CTF challenge available at ctf-mystiko.com.
  • Challenge name: Hell yeah!
  • Category: Reverse engineering
  • Language: C++

— — — — —

Example showing a way to prevent CTF players from getting the flag hidden inside a binary by using the “strings” command. I have found that strings doesn’t print strings shorter than (at least) three characters. So in this case the flag is printed line by line to standard output, without ever being stored in a variable.

  • Source code:
Source code for hellyeah.cpp

To solve this challenge we need to break out of the “while” loop, which runs forever. To be able to proceed to where the flag is created.

That can be easily done (and without too much thinking) by replacing all the jumps with nops. Using x64 debugger (in this case x32, the 32 bit version, as x64 complains about wrong architecture), to replace an instruction we do: Right click on the instruction> assemble > add nops

We can just pause the program when it gets loaded in the debugger, step over the instructions, and when we reach a jmp, instead of stepping over it, we first replace it with a nop.

Jumps have been replaced by nops

At some point we will have patched the jump that returns us to the beginning of the while loop, so we can proceed further and see the flag printed line by line.

The flag is printed line by line

In general, when reversing a program, it’s interesting to replace jmps with nops to access parts of the program that fall out of the normal logic, but this can result in unexpected behaviors, and a lot of trial and error may be required.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

--

--

Published in InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Written by Antonio Lara

Security engineer interested in spreading knowledge and code

No responses yet

What are your thoughts?