This problem is taken from PICO CTF 2021.
The solution is discussed below. Proceed with caution.
The problem provides two files to be downloaded:
ltdis.sh(from BASH script link)
Let's discuss the
ltdis.sh file to get a better understanding of the challenge.
echo "Attempting disassembly of $1 ..." #This usage of "objdump" disassembles all (-D) of the first file given by #invoker, but only prints out the ".text" section (-j .text) (only section #that matters in almost any compiled program... objdump -Dj .text $1 > $1.ltdis.x86_64.txt #Check that $1.ltdis.x86_64.txt is non-empty #Continue if it is, otherwise print error and eject if [ -s "$1.ltdis.x86_64.txt" ] then echo "Disassembly successful! Available at: $1.ltdis.x86_64.txt" echo "Ripping strings from binary with file offsets..." strings -a -t x $1 > $1.ltdis.strings.txt echo "Any strings found in $1 have been written to $1.ltdis.strings.txt with file offset" else echo "Disassembly failed!" echo "Usage: ltdis.sh <program-file>" echo "Bye!" fi
Seeing the contents of the file and confirming that there is nothing "fishy" in it, let's try to run it. We need to change the permissions first and then execute the file.
chmod +x ltdis.sh ./ltdis.sh
The following output is produced.
Seems like our attempt failed. Seems like an
<program-file> argument needs to be provided based on the message of the output.
This is confirmed if we look deeply at the file. Mainly the bash script will attempt to disassemble an executable file defined by
$1 using the Linux command
objdump -Dj .text $1 > $1.ltdis.x86_64.txt
Given this information, we know we need an executable file to provide this bash script.
If we run the following:
We can confirm that the
static file is an executable file.
So let's do another attempt but this time providing the
static file as an argument.
So let's open the produced
Voila. We found the flag among the lines.
So the flag is :
But let's dig deeper to deepen our knowledge.
Seems like the following line in our
ltdis.sh file is responsible in extracting the flag:
strings -a -t x $1 > $1.ltdis.strings.txt
So what is the command
According to How to Geek, it is a Linux command that allows the pulling of text inside a binary or data file --such as program files. It extracts strings from a file (or even memory). Very useful in our case as if we view the content of static file using a text editor we see nothing but mostly human-unreadable characters.
Why do we just see this characters and not the ones that we extracted using the
./ltdis.sh static command?
Well, it seems that text programs have difficulty handling non-printable characters.
This is where the
strings command comes in handy.
We would have also found the flag if we ran:
Until next time. Keep learning.
Stay stoked and code.