Alright - continuing the narrative from my getting started post - let’s figure this out. Current status:
- On my Kali box
- Downloaded the Baby_RE.zip file
- Extracted the file “baby” (these names are killing me dude, I’m trying my best)
First crack at it
It looks like my objective is to somehow, someway, fuck with this binary file until I find the flag that will look like HTB{S0me_Text}. Cool, so lets run strings on the binary to see if it’s really that easy.
Good news: It worked (I had to redact the flag). Bad news:
Ffs I wouldn’t be doing a challenge called “Baby RE” if I knew how to use anything other than strings.
But before I move on to do it the “right” way, I don’t actually really know how the program strings works. Is it basically grep but for binaries, just looking for anything stringy? Gotta google this brb.
Back. Turns out strings works by printing out every printable character. So it reads in a file as raw, and if it comes across a byte value that has a printable character associated with it, it will print it. But wait there’s more! strings displays all strings that are at least four characters in length
It’s useful to know that when I use strings I must take into account that by default it will only print out strings they’re at least 4 characters in a row.
Moving on, back to “the right way”
Alright, so let’s try this out the hard way. I changed the file baby to executable and I ran it and the output was just this
quickbreach@htb:~/# ./baby
Insert Key:
Alright, first thoughts was “Buffer Overflow?” but I think that’s more exploitation, and this is reversing. So with that in mind I opened up Cutter and pointed at the baby file and opened it, with all of the default options because idk what the fuck I’m doing, and was presented with this beautiful not-at-all-intimidating screen:
SO I ended up blindly navigating cutter until I found it’s graph option. The graph option let me (I think) chose a function and see the disassembled code from that function as well as the entry/exit points of the function in terms of what calls it makes. I thought I should try to find the function that is asking me for a key and see if it will show me where the value it’s comparing it to exists in memory; Fortunately this is a tiny program.
I literally got exactly what I was asking for. I don’t understand most ANY assembly, but what it appears to be is that in the main function(?) you can see it calls “puts” with the parameter str.Insert_key and later in the same block you see a call to strcmp. I have done a little C++ programming, and strcmp is a function I do remember - it basically just tells you if the two strings are the same or not. So (again, I know nothing) it looks like the application is comparing the string from fgets (the input) to the constant string str.abcde122313. So sure enough, I run the program and enter abcde122313 as the key when asked, and voila, I have beaten the challenge.
The real question: I don’t know enough to know if I did it the right way, or if this was just a more convoluted version of “strings”. Who knows dude.