RSS
 

Hackvent 2019: Day 16

16 Dec 2019
CTF: Hackvent 2019
Link to challenge: https://academy.hacking-lab.com
Date Completed: 16 December 2019

 

Challenge

HV19.16 B0rked Calculator

Resources: HV19.16-b0rked.zip

Solution

We are presented with a x86 Windows binary file. Upon inspection it looks to be a simple calculator but unfortunately its borked!

It supports the following operations: + -  *  and /.
However, it seems like it either ignores the left or right operand in calculations. In the example above, it ignored the right operand.
We find the following problems:

We open the binary in IDA Pro and discover that each operation is contained in its own method and is passed two doublewords as arguments:

However, each method was broken in some way:

  • Missing stack variable definitions
  • Now loading arguments into registered
  • Not calling required ASM function to perform operation (add, sub, mul, div)

Each method conveniently was padded with 0x90 NOP opcodes which meant we did not have to change the size of the binary. We patch all these method one by one, running the binary again after each correction to check functionality works.

These were the changes made where white is old binary and green is new binary:

IDA Diff:

 

Running the binary one more time and clicking on calc showed us our flag on the screen:

Flag:  HV19{B0rked_Flag_Calculat0r}

 
No Comments

Posted in Hackvent 2019

 

Leave a Reply