Packer

https://play.picoctf.org/practice/challenge/421?category=3&difficulty=2&page=1

Static Analysis of the "out" Binary

After downloading the binary file named out, I began with static analysis using the strings utility:

strings out

Among the output, a few suspicious strings appeared:

...
p$mkqui#
-Kin
#sem
5mun
at8V<
ddr%
H1hP)
-1dl
vinit
ZH'BaPa
kfc5
n*qj)!
.b0.
Z4u.
Z/-id%ABI-
a8s,
n`I C
ot +da$
.bssh
?p! _
H_db
UPX!
UPX!

The presence of "UPX!" indicates that the binary is packed using UPX (Ultimate Packer for eXecutables).

UPX is a popular open-source tool for compressing executables. It's often used in CTFs to obfuscate or shrink binaries, making reverse engineering a bit more challenging.

Usage:

upx myprogram #for packing a program
upx -d myprogram # for decompress the program that packed with upx

Reanalyzing the Unpacked Binary

upx -d out -o binaryOut

With the unpacked binary (binaryOut), I ran the strings command again:

This time, more readable and meaningful strings appeared a strong indication that deobfuscation succeeded.

The flag appeared to be encoded in hex .Simply use any online decoded to get the flag output. I copied it and used CyberChef to decode it.

PreviousPerplexed NextInvestigative Reversing 0

Last updated 18 days ago