Reverse Engineering
Last updated
Last updated
Sanity-check (57 pts)
lumine's-license (120 pts)🥇
lumine's-license-revenge (120 pts)🥇
-
Diberikan file ELF 64 bit , terlihat dari pseucodenya bahwa dilakukan pengecekan panjang dan nilai dari flag, dimana pengecekan nilai flagnya menggunakan perhitungan aritmatika.
import angr
import claripy
target = angr.Project('./sanity')
base_address = 0x400000
desired_adr = base_address + 0x1712
wrong_adr = base_address + 0x173B
len_flag = 34
flag = claripy.BVS('flag', len_flag*8)
entry_state = target.factory.entry_state(args=["sanity", flag])
simulation = target.factory.simulation_manager(entry_state)
simulation.explore(find = desired_adr, avoid = wrong_adr)
flag_int = simulation.found[0].solver.eval(flag)
res = ""
for i in range(len_flag):
res = chr(flag_int & 0xff) + res
flag_int = flag_int >> 8
print(res)Flag : IFEST2021{ch3ck_ch3ck_4nd_23ch3ck}
-
Diberikan file ELF 64 . Selanjutnya kami coba membukanya menggunakan IDA. Karena beberapa nama fungsi tidak terbaca pada IDA maka kami gunakan bantuan dari gdb.
Jadi intinya program diatas melakukan write library ke directory tmp lalu memanggil fungsi licenseCheck dimana input kita digunakan sebagai argumen pada pemanggilan fungsi tersebut. Jadi pertama kita perlu mendapatkan file library tersebut terlebih dahulu
Breakpoint pada pemanggilan fungsi openlib untuk mengetahui address dimana input kita disimpan dan lokasi library
Salin library tersebut dan analisis menggunakan IDA. Ternyata file library tersebut dibuat menggunakan GO , berikut inti dari fungsi license check
for ( i = 0LL; i < v6; i = v21 )
{
v20 = i;
v11 = *(unsigned __int8 *)(result + i);
if ( v11 >= 128 )
{
runtime_decoderune(a1, a2, i, v6, v3, v4);
LOBYTE(v11) = v17;
v9 = v18;
}
else
{
v9 = (void *)(i + 1);
}
v10 = off_110328[0];
v12 = (unsigned __int8)(v11 + 55);
if ( (__int64 *)v12 >= off_110328[0] )
runtime_panicIndex((__int64)off_110328[0], (__int64)v9);
v21 = (__int64)v9;
v14 = runtime_bss;
v13 = *((_QWORD *)main_crc_table + v12);
math_rand___Rand__Seed((__int64)off_110328[0], (__int64)v9);
for ( j = 0LL; j < 5; j = v19 + 1 )
{
v19 = j;
math_rand_Int((__int64)v10);
result = v14;
if ( v20 >= qword_110348 )
runtime_panicIndex((__int64)v10, (__int64)v9);
v9 = main_license[3 * v20 + 1];
v10 = (__int64 *)v19;
if ( v19 >= (unsigned __int64)v9 )
runtime_panicIndex(v19, (__int64)v9);
if ( *((_QWORD *)main_license[3 * v20] + v19) != v14 )
return result;
}
a2 = v22;
a1 = v21;
result = v22;
v6 = v16;
}Karena pada binary golang hasil decompile cukup lumayan abstract, maka untuk mempermudah analisis nya kita lakuakn dengan dynamic analysis. Caranya set hardware breakpoint ke address dari input kita
Lalu continue kemudian finish sampai masuk ke binary golang
Selanjutnya kita sudah masuk ke binary golang
Pada saat dynamic analysis kita ketahui bahwa input kita ditambah 0x1337 kemudian dijadikan sebagai index pada main_crc_table , jadi lakukan dump pada main_crc_table
Nantinya nilai tersebut dijadikan sebagai argumen random seed lalu dilakukan pemanggilan fungsi random dan dibandingkan dengan hardcode value pada binary. Disini saya melakukan parsing terhadap nilai dari hardcode value tersebut menggunakan gdb scripting , berikut script yang saya gunakan
#!/usr/bin/python3
static_val=[]
class SolverEquation(gdb.Command):
def __init__ (self):
super (SolverEquation, self).__init__ ("solve-equation",gdb.COMMAND_OBSCURE)
def invoke (self, arg, from_tty):
global static_val
gdb.execute("b *0x00007ffff6ab9bed") # address cmp rdx,rax
for i in range(65*5): # length flag
gdb.execute("c")
val = addr2num(gdb.selected_frame().read_register("rdx"))
gdb.execute("set $rax=$rdx")
static_val.append(val)
print(static_val)
def addr2num(addr):
try:
return int(addr)&0xffffffffffffffff
except:
return long(addr) # Python 2
SolverEquation()
Selanjutnya tinggal melakukan reverse pada alur tersebut , generate semua nilai random menggunakan golang dengan seed dari 0 sampai 255. Karena pengecekan dilakukan 5 kali namun nilai pengecekan adalah 64 bit maka kami asumsikan untuk range 0-255 tidak ada nilai random yang sama dengan seed tersebut , jadi kami cukup gunakan nilai random pertama. Lakukan pencarian index dari nilai pembanding lalu bruteforce nilai flag yang menghasilkan index tersebut berdasarkan perhitungan aritmatika pada index dan array crc table. Berikut solver yang kami gunakan
package main
import (
"fmt"
"math/rand"
)
func main() {
for i, val := int64(1), int64(257); i<val; i++ {
rand.Seed(i)
fmt.Println(rand.Int())
}
}crc_table = [0x0, 0x37, 0x6e, 0x59, 0xdc, 0xeb, 0xb2, 0x85, 0x8f, 0xb8, 0xe1, 0xd6, 0x53, 0x64, 0x3d, 0xa, 0x29, 0x1e, 0x47, 0x70, 0xf5, 0xc2, 0x9b, 0xac, 0xa6, 0x91, 0xc8, 0xff, 0x7a, 0x4d, 0x14, 0x23, 0x52, 0x65, 0x3c, 0xb, 0x8e, 0xb9, 0xe0, 0xd7, 0xdd, 0xea, 0xb3, 0x84, 0x1, 0x36, 0x6f, 0x58, 0x7b, 0x4c, 0x15, 0x22, 0xa7, 0x90, 0xc9, 0xfe, 0xf4, 0xc3, 0x9a, 0xad, 0x28, 0x1f, 0x46, 0x71, 0xa4, 0x93, 0xca, 0xfd, 0x78, 0x4f, 0x16, 0x21, 0x2b, 0x1c, 0x45, 0x72, 0xf7, 0xc0, 0x99, 0xae, 0x8d, 0xba, 0xe3, 0xd4, 0x51, 0x66, 0x3f, 0x8, 0x2, 0x35, 0x6c, 0x5b, 0xde, 0xe9, 0xb0, 0x87, 0xf6, 0xc1, 0x98, 0xaf, 0x2a, 0x1d, 0x44, 0x73, 0x79, 0x4e, 0x17, 0x20, 0xa5, 0x92, 0xcb, 0xfc, 0xdf, 0xe8, 0xb1, 0x86, 0x3, 0x34, 0x6d, 0x5a, 0x50, 0x67, 0x3e, 0x9, 0x8c, 0xbb, 0xe2, 0xd5, 0x7f, 0x48, 0x11, 0x26, 0xa3, 0x94, 0xcd, 0xfa, 0xf0, 0xc7, 0x9e, 0xa9, 0x2c, 0x1b, 0x42, 0x75, 0x56, 0x61, 0x38, 0xf, 0x8a, 0xbd, 0xe4, 0xd3, 0xd9, 0xee, 0xb7, 0x80, 0x5, 0x32, 0x6b, 0x5c, 0x2d, 0x1a, 0x43, 0x74, 0xf1, 0xc6, 0x9f, 0xa8, 0xa2, 0x95, 0xcc, 0xfb, 0x7e, 0x49, 0x10, 0x27, 0x4, 0x33, 0x6a, 0x5d, 0xd8, 0xef, 0xb6, 0x81, 0x8b, 0xbc, 0xe5, 0xd2, 0x57, 0x60, 0x39, 0xe, 0xdb, 0xec, 0xb5, 0x82, 0x7, 0x30, 0x69, 0x5e, 0x54, 0x63, 0x3a, 0xd, 0x88, 0xbf, 0xe6, 0xd1, 0xf2, 0xc5, 0x9c, 0xab, 0x2e, 0x19, 0x40, 0x77, 0x7d, 0x4a, 0x13, 0x24, 0xa1, 0x96, 0xcf, 0xf8, 0x89, 0xbe, 0xe7, 0xd0, 0x55, 0x62, 0x3b, 0xc, 0x6, 0x31, 0x68, 0x5f, 0xda, 0xed, 0xb4, 0x83, 0xa0, 0x97, 0xce, 0xf9, 0x7c, 0x4b, 0x12, 0x25, 0x2f, 0x18, 0x41, 0x76, 0xf3, 0xc4, 0x9d, 0xaa]
rand_val = [5577006791947779410,1543039099823358511,6640668014774057861,2244708090865615074,7414159922357799360,3305628230121721621,8475284246537043955,4151935814835861840,33637761161952934,5221277731205826435,843730692693298265,5920220759044228662,1867598462707500820,6983250812964535273,3758955014375802183,8983684945297836708,4857682683582858106,504964077767592151,5674494734864815533,1529696544168006410,6716322972832630888,2336222419191169341,7490268378518980123,3435842073965383672,8265398494186050766,4181354163708859819,109644547962523393,5208419189196424286,1997484376588750140,7170856948881707665,3096034203233537903,7976952885284408524,3907598285724783138,9005749761689705215,4940269171359879125,562108776949057970,5677982989783584400,1627080603035261797,6487165804597876931,2413392765264322080,7583692527210419958,3440579354231278675,251513763977812265,5413015802706811526,1286953267001023460,6221915760995177657,2131792501560531351,7242948915431007092,3191372560272332874,7980955223660909863,3893522058333705853,9089160393923123162,4962825957129609400,640689511373858317,5808350187452060395,1699320416679203912,7734251198537064862,3625335277596597883,8742171837404537681,4686835390834924846,371726973825147404,5468946319893389025,1434841208743649343,6244971197480001948,2132891175288101490,7305500510606483407,3195588658657258661,8076863717714554370,4049952640584604512,9145552407857028149,5976249522851863827,1887287744869459696,6968770674466368454,2912563419380967587,7738200939323288057,3650210942611531606,8870694286263313460,4483587699270576521,395109794268767847,5546554562088839108,1421548406427776282,6318095958501225975,2229795846362309325,7380189774069719210,4192423822581491080,83919117275411037,5224138235137373115,1153115817264279832,5962362153924129262,1891341967343133515,7058674695343435809,2701145264672043390,7870139286188142300,3798911674434236337,8904391377063935119,4539983056484153964,471945069774843714,5568959583171603487,2431074399724039541,7530908113823513298,3458446502666714032,8630057722575452421,4197053122619582947,114101309358254912,5300321450371709078,1173753986978658675,6111904775574730313,2021376072520218662,7136346967742904580,2794397338261894617,7873316981833414455,3791853067300730004,8979110119208203626,5720157575853032135,1682346040150214557,6868751741434053882,2455432726962713176,7605419046915322669,3517276477450502155,8633694140516516328,4298591892051934910,265214635311284123,5361704182646325489,1034712584668954190,6131264207482994476,2024464587623873665,7194998065524326751,3951430161546133180,9122524665446534162,5093049506799537391,679297032929229381,5869187428135123874,1777995026331355264,6853629930839330261,2530261893322328755,7629850207798462480,3595783557180180838,8482983218023220803,4374144623231470361,284902264973935862,5438166484635305428,2173181796696770217,7362134789251011591,3270957568700175716,8135329800540996154,4083397992257357719,16728625015443565,5116652288554160586,755390686555738920,5855808307149705213,1782735040914277595,6949389388498079416,2590055109414196110,7776363141409525867,3695662976279072193,417409108466110238,5588169032586501116,1516119462828167505,6611459435000990255,2324307252517342092,7422242948838739170,3348298096488716735,8230147854535564949,4094260983529117810,5606810724879696,5194011423408789029,778884831776839555,6000020788127979744,1911130342819435958,7891932283352816403,3838965923706053609,8916903960471279942,4852714765607212708,510813498707874681,5663492986607654999,1575305934992810548,6471186846909277962,2346974814041448423,7499875904862065988,3409139274810266266,8243093277513588599,4188304131653477581,151794608759053738,6116370591994651400,2078480718903798877,7177553516403629371,3068703584258204184,7951067382816119790,3843288906732150987,8984818092324268449,4695904353088909054,588134211321916508,5758772346473060657,1648990527395470991,6456593632460367724,2422629169789512898,7520416741290354207,4355733112234748661,304877456117898194,5418234919562519984,1328773758399916677,6191541784334492515,2063974025443682496,7253959442559513110,3163853692856136435,8029045110994184265,3981322459343921446,9132102333929367172,4721020347380756441,646815681151218871,5760166840965869972,1669986547964243818,7759169960989729863,3634066516662693149,8822616177788809850,4452305747960458200,307895667843543213,5477979376681726475,1404349533080353512,6214507853684879422,2213962014026934683,7311658561229942385,2951839603696565070,8127732579850238252,3985623230370905601,9117985992006104799,5949580584562502716,1823767318043162002,7044690812865837679,2684347161044907973,7780889967971939490,3711063127928076800,8850214224129524565,4457955327924451379,404360543726761232,5553153239972181734,1175872179778058179,6360417749801762969,2236448430661273078,7389049080527257428,4168614439200142377,63663649728496007,5231658302155358820,910650991074280378,6008116629520284951,1969284747103437293,7068728357567299274,2670400153008799912,7860507033804635517,3739746349940734555,8638909380838653880,4586232567201663246,478703219369283051,5646513961354197825,2404623999413943326,7503464871359937916]
cmp_value = [7194998065524326751, 5491013079932024339, 7533835683438090660, 7147179212380787325, 7539214153868603621, 3068703584258204184, 2778478655664500896, 1750559581410598979, 2318579223623507706, 3344909284992324690, 284902264973935862, 7022578948160415580, 6313111952102783086, 4283365139011376216, 6443460995621042833, 1516119462828167505, 7938173614109585014, 6227031613420615306, 8997552320090875217, 1848511372561475404, 1911130342819435958, 2442204257089130847, 1797113569835770404, 7130047276054682112, 4441968265092245590, 4483587699270576521, 2945752269943897623, 4925751147419544915, 6460889284350992240, 2783552988652926401, 1682346040150214557, 7985517814215393441, 3751410144589735122, 3035139660349862816, 3272859837910967138, 4483587699270576521, 2945752269943897623, 4925751147419544915, 6460889284350992240, 2783552988652926401, 4298591892051934910, 2898249911595379578, 9131018978453979019, 2777346152036439200, 5937202476700074411, 1173753986978658675, 3402796094733643033, 5958665497499553252, 3177082727376053867, 1559593686915533644, 8983684945297836708, 7692335473348482352, 6944230214351225668, 3628386513825310392, 8189326092454270383, 2701145264672043390, 7306384448697067864, 1865791503346902545, 71178404155435735, 964406358461387878, 307895667843543213, 1348656653032254827, 4946046146156115040, 6711820426275918449, 4138345529162028609, 8638909380838653880, 5760425354614900814, 4432693294125600315, 3300065779973865372, 9039398282798612037, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 2244708090865615074, 941813985761165487, 3179310945055686338, 8741418843472582554, 3072778247868547117, 6611459435000990255, 2285576180761649566, 428278845177127106, 1149438870086554318, 4445297159104682823, 2024464587623873665, 2497334180501546019, 8542722382867271660, 1158880305159755776, 5864316995005340780, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 151794608759053738, 6654811360148133152, 8068989408270567958, 996422243584727384, 390592861900793468, 755390686555738920, 3389469329177328509, 8428492102382722972, 8571781167452073164, 4712728180146853671, 307895667843543213, 1348656653032254827, 4946046146156115040, 6711820426275918449, 4138345529162028609, 151794608759053738, 6654811360148133152, 8068989408270567958, 996422243584727384, 390592861900793468, 3195588658657258661, 9092033439916047534, 478452208797258373, 3148803200380697023, 119054241811608887, 1286953267001023460, 2111699272262246235, 4679628697596910861, 6476255028888543361, 5359737624499346101, 4355733112234748661, 6083464761796236154, 2000950962329631517, 5216238829432869818, 5938652600591363403, 6111904775574730313, 7019031397048297528, 5056458571741304601, 229939657356141896, 677348544251953094, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 6868751741434053882, 2633344147196613818, 7173900645933895430, 8889271777314954653, 7037557033829111643, 2024464587623873665, 2497334180501546019, 8542722382867271660, 1158880305159755776, 5864316995005340780, 4168614439200142377, 5680215945774055526, 3325123825381231957, 1948779142324439514, 9129970113568438582, 1286953267001023460, 2111699272262246235, 4679628697596910861, 6476255028888543361, 5359737624499346101, 4355733112234748661, 6083464761796236154, 2000950962329631517, 5216238829432869818, 5938652600591363403, 7414159922357799360, 4792641634685506511, 9033237450861500666, 5504037015082353944, 4421429976590947495, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 6868751741434053882, 2633344147196613818, 7173900645933895430, 8889271777314954653, 7037557033829111643, 1286953267001023460, 2111699272262246235, 4679628697596910861, 6476255028888543361, 5359737624499346101, 151794608759053738, 6654811360148133152, 8068989408270567958, 996422243584727384, 390592861900793468, 7414159922357799360, 4792641634685506511, 9033237450861500666, 5504037015082353944, 4421429976590947495, 4355733112234748661, 6083464761796236154, 2000950962329631517, 5216238829432869818, 5938652600591363403, 7253959442559513110, 627720471099407706, 7319901423880541654, 634797233320244506, 5364906414702660757, 7414159922357799360, 4792641634685506511, 9033237450861500666, 5504037015082353944, 4421429976590947495, 7136346967742904580, 4649057074036774649, 7581312312436398841, 3131488746799644996, 3849112215548521512, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 6968770674466368454, 2606010580454958934, 5417719324730621262, 3196298685220924445, 3844554660028044144, 7414159922357799360, 4792641634685506511, 9033237450861500666, 5504037015082353944, 4421429976590947495, 4355733112234748661, 6083464761796236154, 2000950962329631517, 5216238829432869818, 5938652600591363403, 6111904775574730313, 7019031397048297528, 5056458571741304601, 229939657356141896, 677348544251953094, 7414159922357799360, 4792641634685506511, 9033237450861500666, 5504037015082353944, 4421429976590947495, 307895667843543213, 1348656653032254827, 4946046146156115040, 6711820426275918449, 4138345529162028609, 4355733112234748661, 6083464761796236154, 2000950962329631517, 5216238829432869818, 5938652600591363403, 151794608759053738, 6654811360148133152, 8068989408270567958, 996422243584727384, 390592861900793468, 7414159922357799360, 4792641634685506511, 9033237450861500666, 5504037015082353944, 4421429976590947495, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 8983684945297836708, 7692335473348482352, 6944230214351225668, 3628386513825310392, 8189326092454270383, 1286953267001023460, 2111699272262246235, 4679628697596910861, 6476255028888543361, 5359737624499346101, 6868751741434053882, 2633344147196613818, 7173900645933895430, 8889271777314954653, 7037557033829111643, 6868751741434053882, 2633344147196613818, 7173900645933895430, 8889271777314954653, 7037557033829111643, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 6360417749801762969, 4536797834056562724, 6235037645429555233, 6764882618379464258, 1039552274210355161, 7414159922357799360, 4792641634685506511, 9033237450861500666, 5504037015082353944, 4421429976590947495, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 4168614439200142377, 5680215945774055526, 3325123825381231957, 1948779142324439514, 9129970113568438582, 1286953267001023460, 2111699272262246235, 4679628697596910861, 6476255028888543361, 5359737624499346101, 4355733112234748661, 6083464761796236154, 2000950962329631517, 5216238829432869818, 5938652600591363403]
flag = ""
for i in range(0,len(cmp_value),5):
tmp = rand_val.index(cmp_value[i])
tmp += 1
for j in range(0xff+1):
if(crc_table[(j+0x1337)&0xff]==tmp):
flag += chr(j)
print flagFlag terpotong namun masih bisa ditebak yaitu mine} , disini terpotong karena salah di jumlah looping yang dilakukan saat pengambilan nilai pembanding.
Flag : IFEST2021{what_you_cracking_lumine_license?_vengeance_will_be_mine}
-
Diberikan file ELF 64 bit , selanjutnya kami coba analisis menggunakan IDA.
Terdapat pengecekan ptrace diawal kemudian dilakukan penulisan file library di /tmp , disini ketika kami lakukan breakpoint pada openlib anehnya file library pada tmp size nya 0 atau tidak ada isinya , jadinya kami lakukan breakpoint pada fwrite pada packer kemudian lakukan memory dump berdasarkan argument fwrite tersebut.
Bypass ptrace
Selanjutnya kami buka file result.bin , isinya kurang lebih sama , hanya berbeda pada nilai dar crc table dan juga pembandingnya , jadi tinggal lakukan hal yang sama seperti pada lumine’s-license. Sebelum itu karena file .so nya tidak kewrite ( size 0 ) jadi tinggal lakukan copy result.bin ke nama file .so yang sesuai dengan nilai pada saat pemanggilan fungsi openlib.
Berikut solver yang kami gunakan
crc_table = [0x0, 0x2d, 0x5a, 0x77, 0xb4, 0x99, 0xee, 0xc3, 0x45, 0x68, 0x1f, 0x32, 0xf1, 0xdc, 0xab, 0x86, 0x8a, 0xa7, 0xd0, 0xfd, 0x3e, 0x13, 0x64, 0x49, 0xcf, 0xe2, 0x95, 0xb8, 0x7b, 0x56, 0x21, 0xc, 0x39, 0x14, 0x63, 0x4e, 0x8d, 0xa0, 0xd7, 0xfa, 0x7c, 0x51, 0x26, 0xb, 0xc8, 0xe5, 0x92, 0xbf, 0xb3, 0x9e, 0xe9, 0xc4, 0x7, 0x2a, 0x5d, 0x70, 0xf6, 0xdb, 0xac, 0x81, 0x42, 0x6f, 0x18, 0x35, 0x72, 0x5f, 0x28, 0x5, 0xc6, 0xeb, 0x9c, 0xb1, 0x37, 0x1a, 0x6d, 0x40, 0x83, 0xae, 0xd9, 0xf4, 0xf8, 0xd5, 0xa2, 0x8f, 0x4c, 0x61, 0x16, 0x3b, 0xbd, 0x90, 0xe7, 0xca, 0x9, 0x24, 0x53, 0x7e, 0x4b, 0x66, 0x11, 0x3c, 0xff, 0xd2, 0xa5, 0x88, 0xe, 0x23, 0x54, 0x79, 0xba, 0x97, 0xe0, 0xcd, 0xc1, 0xec, 0x9b, 0xb6, 0x75, 0x58, 0x2f, 0x2, 0x84, 0xa9, 0xde, 0xf3, 0x30, 0x1d, 0x6a, 0x47, 0xe4, 0xc9, 0xbe, 0x93, 0x50, 0x7d, 0xa, 0x27, 0xa1, 0x8c, 0xfb, 0xd6, 0x15, 0x38, 0x4f, 0x62, 0x6e, 0x43, 0x34, 0x19, 0xda, 0xf7, 0x80, 0xad, 0x2b, 0x6, 0x71, 0x5c, 0x9f, 0xb2, 0xc5, 0xe8, 0xdd, 0xf0, 0x87, 0xaa, 0x69, 0x44, 0x33, 0x1e, 0x98, 0xb5, 0xc2, 0xef, 0x2c, 0x1, 0x76, 0x5b, 0x57, 0x7a, 0xd, 0x20, 0xe3, 0xce, 0xb9, 0x94, 0x12, 0x3f, 0x48, 0x65, 0xa6, 0x8b, 0xfc, 0xd1, 0x96, 0xbb, 0xcc, 0xe1, 0x22, 0xf, 0x78, 0x55, 0xd3, 0xfe, 0x89, 0xa4, 0x67, 0x4a, 0x3d, 0x10, 0x1c, 0x31, 0x46, 0x6b, 0xa8, 0x85, 0xf2, 0xdf, 0x59, 0x74, 0x3, 0x2e, 0xed, 0xc0, 0xb7, 0x9a, 0xaf, 0x82, 0xf5, 0xd8, 0x1b, 0x36, 0x41, 0x6c, 0xea, 0xc7, 0xb0, 0x9d, 0x5e, 0x73, 0x4, 0x29, 0x25, 0x8, 0x7f, 0x52, 0x91, 0xbc, 0xcb, 0xe6, 0x60, 0x4d, 0x3a, 0x17, 0xd4, 0xf9, 0x8e, 0xa3]
rand_val = [5577006791947779410,1543039099823358511,6640668014774057861,2244708090865615074,7414159922357799360,3305628230121721621,8475284246537043955,4151935814835861840,33637761161952934,5221277731205826435,843730692693298265,5920220759044228662,1867598462707500820,6983250812964535273,3758955014375802183,8983684945297836708,4857682683582858106,504964077767592151,5674494734864815533,1529696544168006410,6716322972832630888,2336222419191169341,7490268378518980123,3435842073965383672,8265398494186050766,4181354163708859819,109644547962523393,5208419189196424286,1997484376588750140,7170856948881707665,3096034203233537903,7976952885284408524,3907598285724783138,9005749761689705215,4940269171359879125,562108776949057970,5677982989783584400,1627080603035261797,6487165804597876931,2413392765264322080,7583692527210419958,3440579354231278675,251513763977812265,5413015802706811526,1286953267001023460,6221915760995177657,2131792501560531351,7242948915431007092,3191372560272332874,7980955223660909863,3893522058333705853,9089160393923123162,4962825957129609400,640689511373858317,5808350187452060395,1699320416679203912,7734251198537064862,3625335277596597883,8742171837404537681,4686835390834924846,371726973825147404,5468946319893389025,1434841208743649343,6244971197480001948,2132891175288101490,7305500510606483407,3195588658657258661,8076863717714554370,4049952640584604512,9145552407857028149,5976249522851863827,1887287744869459696,6968770674466368454,2912563419380967587,7738200939323288057,3650210942611531606,8870694286263313460,4483587699270576521,395109794268767847,5546554562088839108,1421548406427776282,6318095958501225975,2229795846362309325,7380189774069719210,4192423822581491080,83919117275411037,5224138235137373115,1153115817264279832,5962362153924129262,1891341967343133515,7058674695343435809,2701145264672043390,7870139286188142300,3798911674434236337,8904391377063935119,4539983056484153964,471945069774843714,5568959583171603487,2431074399724039541,7530908113823513298,3458446502666714032,8630057722575452421,4197053122619582947,114101309358254912,5300321450371709078,1173753986978658675,6111904775574730313,2021376072520218662,7136346967742904580,2794397338261894617,7873316981833414455,3791853067300730004,8979110119208203626,5720157575853032135,1682346040150214557,6868751741434053882,2455432726962713176,7605419046915322669,3517276477450502155,8633694140516516328,4298591892051934910,265214635311284123,5361704182646325489,1034712584668954190,6131264207482994476,2024464587623873665,7194998065524326751,3951430161546133180,9122524665446534162,5093049506799537391,679297032929229381,5869187428135123874,1777995026331355264,6853629930839330261,2530261893322328755,7629850207798462480,3595783557180180838,8482983218023220803,4374144623231470361,284902264973935862,5438166484635305428,2173181796696770217,7362134789251011591,3270957568700175716,8135329800540996154,4083397992257357719,16728625015443565,5116652288554160586,755390686555738920,5855808307149705213,1782735040914277595,6949389388498079416,2590055109414196110,7776363141409525867,3695662976279072193,417409108466110238,5588169032586501116,1516119462828167505,6611459435000990255,2324307252517342092,7422242948838739170,3348298096488716735,8230147854535564949,4094260983529117810,5606810724879696,5194011423408789029,778884831776839555,6000020788127979744,1911130342819435958,7891932283352816403,3838965923706053609,8916903960471279942,4852714765607212708,510813498707874681,5663492986607654999,1575305934992810548,6471186846909277962,2346974814041448423,7499875904862065988,3409139274810266266,8243093277513588599,4188304131653477581,151794608759053738,6116370591994651400,2078480718903798877,7177553516403629371,3068703584258204184,7951067382816119790,3843288906732150987,8984818092324268449,4695904353088909054,588134211321916508,5758772346473060657,1648990527395470991,6456593632460367724,2422629169789512898,7520416741290354207,4355733112234748661,304877456117898194,5418234919562519984,1328773758399916677,6191541784334492515,2063974025443682496,7253959442559513110,3163853692856136435,8029045110994184265,3981322459343921446,9132102333929367172,4721020347380756441,646815681151218871,5760166840965869972,1669986547964243818,7759169960989729863,3634066516662693149,8822616177788809850,4452305747960458200,307895667843543213,5477979376681726475,1404349533080353512,6214507853684879422,2213962014026934683,7311658561229942385,2951839603696565070,8127732579850238252,3985623230370905601,9117985992006104799,5949580584562502716,1823767318043162002,7044690812865837679,2684347161044907973,7780889967971939490,3711063127928076800,8850214224129524565,4457955327924451379,404360543726761232,5553153239972181734,1175872179778058179,6360417749801762969,2236448430661273078,7389049080527257428,4168614439200142377,63663649728496007,5231658302155358820,910650991074280378,6008116629520284951,1969284747103437293,7068728357567299274,2670400153008799912,7860507033804635517,3739746349940734555,8638909380838653880,4586232567201663246,478703219369283051,5646513961354197825,2404623999413943326,7503464871359937916]
cmp_value = [7311658561229942385, 965425327336957467, 6534480070166635653, 5060194421483947492, 3076430102628446336, 1543039099823358511, 2444694468985893231, 474893212811123542, 1097372909064907392, 5665646427999639242, 2131792501560531351, 896740308936338827, 7385961883997524074, 4913289931853794380, 1541381341132833816, 5546554562088839108, 574101237670530390, 7323515782795309376, 283331026935465882, 7110503023052586787, 6131264207482994476, 8151587946992462082, 4972276579074893495, 4098413521811790178, 6459474213772735345, 4686835390834924846, 2027712301985422765, 5511182398921371444, 2048462211564489190, 5072722827237429764, 8630057722575452421, 7352901384129712505, 3244579555511559864, 5890121257593901481, 9108079788524738934, 4686835390834924846, 2027712301985422765, 5511182398921371444, 2048462211564489190, 5072722827237429764, 4857682683582858106, 2327090483396309081, 3613784090314853756, 698076293205660725, 1899521683292490282, 5413015802706811526, 8329303007219115323, 8023429357096944597, 348348948830695939, 2497133846171838139, 5976249522851863827, 5216240840118466837, 5199664480467286354, 9098005140277247765, 5361130560580970253, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 2213962014026934683, 6618313290521004795, 658601228953619277, 8323351277983587206, 175473632067485719, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 2213962014026934683, 6618313290521004795, 658601228953619277, 8323351277983587206, 175473632067485719, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 1823767318043162002, 5102452004530278588, 4980406996901871422, 4836773677668530144, 4443820979336851402, 2213962014026934683, 6618313290521004795, 658601228953619277, 8323351277983587206, 175473632067485719, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 7068728357567299274, 579636335510899398, 8648914859018516242, 1974409049675233946, 3923178664644022383, 8979110119208203626, 769872480526979666, 1206338996105806290, 9211876855796631113, 2479236875721088511, 7068728357567299274, 579636335510899398, 8648914859018516242, 1974409049675233946, 3923178664644022383, 3711063127928076800, 699859221473004636, 7831340352326215015, 6735875077338549541, 8533672328730730912, 8076863717714554370, 3436184449733891797, 4060187091357330605, 4838224933930428478, 1904171945579899313, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 8979110119208203626, 769872480526979666, 1206338996105806290, 9211876855796631113, 2479236875721088511, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 8076863717714554370, 3436184449733891797, 4060187091357330605, 4838224933930428478, 1904171945579899313, 3951430161546133180, 129472845689532730, 1734533163341706204, 9728228812079354, 1037702845781222686, 2346974814041448423, 6987789502510914975, 8559805422786017685, 2332800739348944453, 1487942255258844204, 2346974814041448423, 6987789502510914975, 8559805422786017685, 2332800739348944453, 1487942255258844204, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 1648990527395470991, 759909635359291161, 6080126135521694769, 8342435412973702840, 4138097710940192629, 2213962014026934683, 6618313290521004795, 658601228953619277, 8323351277983587206, 175473632067485719, 3893522058333705853, 6164845938608892732, 3083795589842122694, 6360690084447539553, 6800786784483146222, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 8076863717714554370, 3436184449733891797, 4060187091357330605, 4838224933930428478, 1904171945579899313, 2213962014026934683, 6618313290521004795, 658601228953619277, 8323351277983587206, 175473632067485719, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 3711063127928076800, 699859221473004636, 7831340352326215015, 6735875077338549541, 8533672328730730912, 2213962014026934683, 6618313290521004795, 658601228953619277, 8323351277983587206, 175473632067485719, 8076863717714554370, 3436184449733891797, 4060187091357330605, 4838224933930428478, 1904171945579899313, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 5477979376681726475, 4918543392339093659, 3917229356096781737, 3593341708270633230, 5598294562298399418, 7891932283352816403, 5446570970787718271, 789261716880653148, 8499915902702159997, 7377717336339111039, 9089160393923123162, 513661405391347292, 6867086547310289167, 3566151616792248411, 8548643272332062296, 5477979376681726475, 4918543392339093659, 3917229356096781737, 3593341708270633230, 5598294562298399418, 6611459435000990255, 2285576180761649566, 428278845177127106, 1149438870086554318, 4445297159104682823, 7520416741290354207, 2224084037192351585, 2846729235525136856, 3829258625824789820, 3361148676381343074, 3951430161546133180, 129472845689532730, 1734533163341706204, 9728228812079354, 1037702845781222686, 5758772346473060657, 6123646121198181377, 186879161956993788, 2364235638795718714, 5865382196423641995, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 7177553516403629371, 8433128584008334976, 7384078392223356602, 5555729193110679773, 409006627084378072, 2229795846362309325, 2942839269942203703, 6640521998887157301, 4996227674809307823, 1538690366986353808, 7177553516403629371, 8433128584008334976, 7384078392223356602, 5555729193110679773, 409006627084378072, 2794397338261894617, 8799160800070306321, 1800747465094034477, 4499320937847467969, 7900796522929586467, 3893522058333705853, 6164845938608892732, 3083795589842122694, 6360690084447539553, 6800786784483146222, 6949389388498079416, 4315125200491185117, 836901937496747185, 4072037150247978804, 7036831171247353876, 3893522058333705853, 6164845938608892732, 3083795589842122694, 6360690084447539553, 6800786784483146222, 7605419046915322669, 1126516962345083650, 491689066931827319, 7576090403022489992, 2136835802404937919]
map_value = []
flag = ""
for i in range(0,len(cmp_value),5):
tmp = rand_val.index(cmp_value[i])
tmp += 1
for j in range(0xff+1):
if(crc_table[(j+0x7331)&0xff]==tmp):
flag += chr(j)
print flag
Flag : IFEST2021{NOoOOoOOOo_didnt_i_tell_you_to_not_crackme?_;-;_uwu}
Jadi untuk menyimpan tenaga di soal selanjutnya maka untuk soal ini kami gunakan automated tools yaitu angr, dan ternyata bisa dan cepat selesainya. Berikut script yang kami gunakan berdasarkan referensi dari
