[Challenge] Devil's swapper

assembly
reverseengineering
challenge
obfuscation

(pico) #1

Your weekend challenge is here!

This is a simple challenge. Do not look for very sophisticated stuff. You know… the devil’s in the details.

  • Boring to death
  • Easy
  • Interesting
  • WTF

0 voters

#Objective
You have to find the secret key and the secret message. That’s it

Extra points for solving the challenge using standard tools!

#Hints
There is a hint in the binary itself. Other than that:

Hint 1:Use the basic tools first to get extra information, and look for strange things
Hint 2:Fine… by now you should be able to recognize ROT13 text
Hint 3:Maybe there is some obfuscated code somewhere

Binary

You can generate the binary from the dump below using the following command:

cat textfile | base64 -d | gunzip > challenge && chmod +x challenge

Good luck!

H4sIACYAPFkAA+1YXWwUVRS+s7uzHbZldkXUGpAMcUlawKXDj1ClsFO37V3YaoGWHwHLtt2WBvrj
7kwtBKU4tnJZVonER3mRFzQhfTCIldCBQgs8qCWINUQQI2TLEPn/EbTjubuztd2ExAcfe5Iz555z
z3fOd2fuzM7O9qJAsYVhUEosaBGiXgfjTfheM77TNZwCsQXIBkcHGpfIZdFI8Y6ybRlolEVISBwp
zk4HqbquDaNslhlePVw3ibOZKpiUBZNnyrrN7JS1mXbZFblmmMJ/kBQtip8IagUteb0CfcDt/T17
R0d986+XP//2Xt28PUNtBatErWs6zB89zXpRNyUWV+Cwo+AwoKTyLovCvSVqgwfBW9NFCx+9m0qE
8BIwlZhcXYVj5UMcJs9s4QUUj0AUk744TbrbufAr5Pxa85MzThYXbDMMo8X5YKAs/ixMriEcVk8Z
PZ1o8CeY6GQGfwBzOBvOYw+OsgIUw2QIk0W4r4SjKwKbWFxfSXbCJSU53RaIDLZYEKrA5Iq0yk9+
klZKFVK5n5xbgckdrF7PIe8e8auLUWlsO6fcLyVDAfIQR124/az8HFYfPa9k4qiXw+2aMk+3Y1Vz
6ZfF+902uxeWGJ8OlXFM6ZXIyS4H9IR1lQJJH7kR5xJTRb04CkzY8HgB+aMZUEaegNWHUxW7P7qK
0zm/2ufSr4pnoR3u0xDaYGBn0XHwCRsBiKj5ozxuPy27sfqnVRnnj66kVPTx4LLULQb3LBRTe136
OVp9MSX+ingak/NYPb5A3XoqQ3kRR4tdUHEcVIShAEN7cpgDw0kw1DlsHMP5x5RTgSjroFx3PKR7
z/nhQXomo+z5LIjla87394Hvj5WtxNF5XVn0ChzD6m83ce65QCzgdvrVyzcD5Ps7+wMQzz0mane+
WBpbyGBS8Bkkx4uGDKP7KTh1cVqd0s0+Ohlcuh/WJCPOTzXnIU23iBph82mDqBU4bk+0YjdSY2i7
yowPzsoZbY9mKbf0ePTdIwHyGyYX46V/G4bOHm6ilWKhgbXSOmm99JZUub5HqhA1qRz2wD2sfmfA
lX+MyY1lmNy6fRCTS5icSQ4fwHkfwA/6MfMdNs7I+Tj/NmyUd6bj3P5AbGZmIF+Xp+wqQgusyoRE
yz8AHN8L7WAl47DRo/8iajrwHXhz7XravKdz3+AkINVpHZxIjWVwPBi6/ypWLAtEp23MFFBp++9y
MW43MPlbXiRqWD1tUCb9vli94Y9OduP2C3JOgFwzu01LdFP4wraFMwqUjCWxdTMYuo1OcHq/eOFN
6G22hi2Q3y8/7Txkc/rgwMMF9uVq8jV6anvKJUsX3K2I7UVephvuVlSh4RXXd9jgdvkkbvyFDTnm
dBsi00XnsLYu5nJHIN5muDcLTvQNYmj0Evnyjq/P5X6nuHW7r2+ie6W4dZuvL9s9R54y+9U2GeGX
N8Ww7SLZ6Q3crI11MfTZOJDrszjdtGceEu1x7a9phpHvl68H2KvkvE6wruOTJxI81q9dJ/W4BfRa
OFi9qSEk1DaFhbzWvLxIqNpREg6F5PrGuohQG25qEJrrq5umOhxoaSjULMjhLTDj8XgcaFZNqGWW
Eg421jQ1oICvsmx5UeANyYdagpvrwvWNNch8BlJhti5HTKuLmZSVwe0BonMhNhn0R9izB2hCIe/a
bVnOZ3dYJV5QbSV8J2fZyQsSny3xrkKeM+tQTDnoiUeGUUgDMFvt4LmSTCmRQ/vJoPMfG4Z9xHOZ
xneDToP47BHxmaD7QRdDfIhJ1uuwvDbeXvix1f+RLcbutvvUDOs1BnjTfMr7HCjdaa0m75jFx2fv
prw7bJjPUdkSPs+yls+REvQLE/QpLgvqVwGudhhXOIyTKE4CXAWf4xuBo7x9gNsDuBf+86/QmIzJ
mIzJmIzJmIzJ/y+Jv9GGIzEuU8LNrcLbbwvNVcF6oaq6rqUqWDvV0Sgr4nviXE/eXM+cXGGuZ4EH
XoI8kY0ROSwHq5CnsUkOeeoaFU+VUr+55qX6GuSRQ60y8tQE5SDyhJuSNrSxsjYcbAghT1UkgjzV
TQ0NoUb5/1pHJij9f28x/X+/CyR9d1q+Lc2fgkZ8k0D0Xc1r2qT/s3V0PjPaTdQfiX+B9Zo26R9I
y0/HTzdjqXfaXhPfa+Irn4BP2dnmOLX+HLvXtEl/dVpDbrQ7zH94mcPfY5ImKy0//fwtNGum8K7U
dxwTj9Py0/tLZv+8tHgKPyMtnr7+UdxHyHwTv+QJ+JT8A1tGPbcIEwAA

Challenge Collection: Reverse Engineering and CrackMe
RE a 64bit ELF binary - Devil's swapper write-up
#2

Found the ROT13 text, is the same thing of the hint on the binary?

Btw i’m too noob can’t proceed, need to learn some tools >:


(pico) #3

You are getting closer!

Yes, it is. Now you should know which tool you can use and which part of its man page to check…


#5

@0x00pf can you give ma a hint for the last step? I just seem to not get it.

[spoiler]
Found the cipher, identified the encryption, decrypted it, read the man page and now I’m confused

Edit: vote for smileys within spoiler tags [/spoiler]


#6

I’m waiting for the solution too …

I don’t find anything else than the rot13 string , I tried to use some dd conv but I don’t find the solution


(Zalman) #7

Oh man, good timing!
Thanks :slight_smile:


(pico) #8

OK guys… you almost have the solution. Thanks to all of you for trying this challenge!

So this is another hint

By now you know which tool you have to use and you should have found a bunch of transformations to use. The title of the challenge gives you a hint on which transformation to apply. Then you have to do a bit of reverse engineering to figure out which part of the program has to be patched.

You can use the suggested tool or write your own tool to restore the binary and finish the reversing

I will wait one or two days more before publishing the solution. In the meantime you can also try (Late Easter Challenge)… I know @_py has solved it but we haven’t published a solution yet so… hack fun :wink:


#9

Kek, I was just explaining to some of the members your Easter challenge, I hope not many noticed it on IRC.


#10

Thank you @0x00pf for the challenge ( and @kowalski for trying to help me with some command-line-fu) ! I will not post the full solution yet since it looks like some folks are close.

asciicast


(pico) #11

Congrats mate! :trophy: