Pwnable.kr - flag

0x00 Overview

A 'simple' RE problem

Game URL

[http://pwnable.kr/play.php](http://pwnable.kr/play.php" target="_blank) then click the flag

Main Point

• The game provide only a binary file and a one line cule:
• "Papa brought me a packed present! let's open it.".
• You need to find a flag from the bin file.

0x01 Things Learned from the Solution

(Little leak about the solution)

$ file <filename>

$ file flag will print the information of the binary file

As you can see, this file is stripped, means it might be compressed by some packing tools.

$ strings <filename>

• $ strings flag will search and print all the strings inside the binary file.
• $ strings -n 10 flag prints strings containing at least 10 bytes.

$ less

• $ strings flag | less will open the result within less, which allow you to view the result with vim cmd.

0x02 Things Learned from the solution

(Heavy leak about the solution)

Packer tool

To avoid leak too much info about the solution to someone who do not want to know, I didn't use the upx as the subtitle, but this game uses upx to pack and unpack the binary. This could be deduced from the result of $ strings flag if you've tried.

r2 and try

After unpacked the binary with upx, you can r2 it and the main function will be available, which is not before the unpacking.

In the main function, you should be able to recognize the malloc() as well as the word flag:

You might have already seen the flag sentence thanks to the word 'UPX', so back to the bash and type:
$ strings flag | grep -i upx

That's it, you know this is a flag because... it really looks like a flag.