Are you trying to master the ELF format and you need some stuff to try your new skills?.. well, this is a simple challenge for you to try.
A colleague that works as Network Engineer for an important company has captured a piece of malware that somebody was trying to use against the company. Your friend tried to take a look at the code using
objdump but he couldn’t get anything so he come to you, an expert hacker, master of the Elfs to help him get the assembly code for that malware.
Note: The binary in this challenge does not contain any malware. You can run it if you want but that is not even necesary
Fix the binary file. So you can disassemble it using
objdump and figure out the thread for this zero-day malware.
To probe you fix the binary, post the output of
readelf -hin the comments. Use the
spoiltag so your solution is not seen by other people trying to solve the challenge. Be free to provide a brief write-up explaining how did you solve the challenge
To get the binary you will have to copy and paste the text below in a file name
rec01.gz.base64 (actually you can name it as you wish… it is just a name)
Then you have to figure out how to get the binary out of that file.
Hint0: No idea on how to get the binary file
Well, this is hint 0 because we have already gave it to you. Check again the file name we have proposed and make a guess
Hint1: How to get the binary
cat rec01.gz.base64 | base64 -d | gunzip > rec01
Hint2: Not sure what to do next?
Try readlelf on the binary and check the output. There are some complains in there.
Hint3: Use this as last resource in case you are really stuck.
The original program has 9 sections… Now it should be easy!
Your Secondary Goal
Write a program to apply this basic anti-forensic technique to any ELF file
Then you can sell this tool to your colleague company so they can analyse future malwares using this technique.
The Challenging Binary
H4sIACQUw1cAA+1YXWwUVRS+s7vTHWg7u+En1gB11ZJsoSwMLtKSAjtl297FAVugIH+W1l2gSX+S dqY2IIKORS/Dig/ogw8EjS+YSBpjkBBCp6xSQINpQ6AJEQIRsmWN/Gn573ju7GxtNzHRxAcf9iR3 zz3fPd853525mezMznKpwsYwKGU2tAjRqJYJmHHAwj9wj6QAVowc5gpn5rJotAXG+EAWGuMR8pi/ lGdCqbruTWN8jgW/NlI3yXNYw2NJ9lg6U77Ayk55h+Wrr8thJ/rnlpJF+ZNg2GFULq9BF55+/lA4 5PNPHprWzxv7L1+pvqBWHXPB6okhRwB1U1mCHq803bpYLSY31uDoqmEOk8kHeQ+KN8IKJr1xmvh7 V+k3yPWtHiJnXSxe+JZhGO2u+wNVcVpvLeGwetqIdTGDF2HhaB5cmRjW2OVQBZNhTBbh3kqOagRv yu2tzDNDUunttgEy2G5DqAaT6+KaELkorhZrxFUhcn4lJvew+quX7DgeUhejZdGdnDK0jAxL5AHW 3LizX34Gq4+eVbKxFuBwp67MS2RhVXcnrgpD3VlsgO5vBlTGUeWUSL4/Nh56wobyAQqSW3HOXCo/ hTVQwh7M9aCQ5oQy8gSsPnheyQppa7gEF1J73YkbQj+0w706QpsM7Co/CTFhPwOKoIc0HneekQuw +tCujAtpq6mURC6ELA0rIOyHYuopd+I8rb6YCl8gnMHkAlZPFqvbTjuVF7FW4YaK86EiTD0w9Sen XpiGYJrgsNGDS3qU05LGFlOt7zygp8n1/mF6JTXWQbES3fXuAYhD0arVWJsXz6F3oAer127jwvNS VCpwhdSrtyXy070vJMALewT93pevREsZTBb+AMnx8mHD6J4Ily5u0LIgN+9EPoT0IKxNIq6PddcR PWETdMJuoQ00O2j8ymzFfkKdoe+pMt7rl527Hs1W7iTi2o7jErmGyeX49qeGkWCPttBK0cjAenGD uFF8XazdGBNrBF1cBWfgD6yeM+DOP8bkVjUmd+4exuQKJmeT0/tw3Qfw/T7MnMPGWbkEl9yFg/Lm DFzYJ0WLsqWShJy/pxwV25UJZsvfgBz/FNrBTsZhI5b4WdAToHdg3fqNtHms68DgCyCqyz44hTrb 4CTq0GAuOHoMa1ZWS9r0fdketKzzF7kCdxqYPJUXCTpWzxhUUF8w2mCEtKkFuPOS7JXITavpdLOp wpftKp25UHEujW6YydDT9B2X6BMurQMJlgI4CSV98kTXEYcrCD883OdgoS7fpFc4VtUYqWuLFHk2 N3Q0RZ4fj2aHI+2zlda65nBLE5KCtVUryqVXxSBqr2vc0trQHE4+A6gx21YgpsPNTMlxch8xSXwq jCePDWMKTRB591qeM3E/PTJPDGPk0Wc9SyQY8wGfOwovghGmzynAh5lknd22JblZZfvsoQ8dUXZv VlB12m8y0BdZtffDeA5OVgcFynh31Bbk8/baRd6z24F5r8pW8nNs63kvACKfBwllPEd5P8LYDrzN I7yyEZ5IeSLwanhvcBSP6naArkPAm/YvnqMZy1jGMpaxjGUsYxn7f5n5Gm2MN+eVS5Ys8Hhr6pVm WfH4fcU+/6y5ihkJbwt+3xy/76XCJI6Qr21rm9wq19UjX3OLHPFtaVZ89UpDY3hWQxj55EiHjHyt LeE6uQ75IltrN7fWNUWQLxnXt7Uh3xstTU2RZvm/2kc2DPp+b7Piv74LJOOCtHxHWpyPRn2TAAta /KDF/9o+Np8ZG5r1KZb6T08/BiR9MhbS8pk0X2TNU/q9bMDyyTgvrSGXVu9liz8ic+R7StLlpOWn 77/Uqpniu1PfYSw+TstP7y9a/eek4Sn+zDQ8ff9jtI+y+RZ/6d/wU/YnFJ4o78gSAAA=