SIMPLE ENCRYPTOR

remnux@remnux:~$ unzip "Simple Encryptor.zip"
 ...
remnux@remnux:~$ ls
 rev_simpleencryptor
  
remnux@remnux:~$ ls rev_simpleencryptor
 encrypt  flag.enc

FILE RECONNAISSANCE

Retrieve basic file information

//get basic information
remnux@remnux:~$ file encrypt 
 encrypt: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=0bddc0a794eca6f6e2e9dac0b6190b62f07c4c75, for GNU/Linux 3.2.0, not stripped

remnux@remnux:~$ file flag.enc 
 flag.enc: data

remnux@remnux:~$ strings encrypt 
 /lib64/ld-linux-x86-64.so.2
 libc.so.6
 srand
 fopen
 ftell
 time
 __stack_chk_fail
 fseek
 fclose
 malloc
 fwrite
 fread

CODE ANALYSIS

remnux@remnux:~$ ghidra
 ...
 
GHIDRA
 File > New Project > Non-Shared Project
  Project Directory: ...
  Project Name: ...
  
GHIDRA
 FILE > Import File
  File Name: ...
  
GHIDRA > Active Project > Project Filename > Code Browser
 Analyze: Yes
 Options: Default

Ghidra > Memory Map > Home Icon
 Base Image Address: 00100000
 
GHIDRA > Symbol Tree
 Filter: main
  - ALT: "entry"
 
undefined8 main(void)

{
  int iVar1;
  time_t tVar2;
  long in_FS_OFFSET;
  uint local_40;
  uint local_3c;
  long local_38;
  FILE *local_30;
  size_t local_28;
  void *local_20;
  FILE *local_18;
  long local_10;
  
  local_10 = *(long *)(in_FS_OFFSET + 0x28);
  local_30 = fopen("flag","rb");
  fseek(local_30,0,2);
  local_28 = ftell(local_30);
  fseek(local_30,0,0);
  local_20 = malloc(local_28);
  fread(local_20,local_28,1,local_30);
  fclose(local_30);
  tVar2 = time((time_t *)0x0);
  local_40 = (uint)tVar2;
  srand(local_40);
  for (local_38 = 0; local_38 < (long)local_28; local_38 = local_38 + 1) {
    iVar1 = rand();
    *(byte *)((long)local_20 + local_38) = *(byte *)((long)local_20 + local_38) ^ (byte)iVar1;
    local_3c = rand();
    local_3c = local_3c & 7;
    *(byte *)((long)local_20 + local_38) =
         *(byte *)((long)local_20 + local_38) << (sbyte)local_3c |
         *(byte *)((long)local_20 + local_38) >> 8 - (sbyte)local_3c;
  }
  local_18 = fopen("flag.enc","wb");
  fwrite(&local_40,1,4,local_18);
  fwrite(local_20,1,local_28,local_18);
  fclose(local_18);
  if (local_10 != *(long *)(in_FS_OFFSET + 0x28)) {
                    /* WARNING: Subroutine does not return */
    __stack_chk_fail();
  }
  return 0;
}

 * understand what the code is doing
 * pertinent lines
    - local_30 = fopen("flag","rb");            //opens the flag file in read mode
    - local_28 = ftell(local_30);               //
    - local_20 = malloc(local_28);              //allocate/request memory to hold values
    - fread(local_20,local_28,1,local_30);
    - srand(local_40);
       - https://en.cppreference.com/w/cpp/numeric/random/srand.html
    - for (local_38 = 0; local_38 < (long)local_28; local_38 = local_38 + 1)
    
 * research each if unsure

PreviousREVERSE ENGINEERINGNextSNAKECODE

Last updated