[ReverseMe] Bit Banging

Hello folks! I hope you’re doing great! This is my first time I ever create a reversing engineering challenge so I’m hoping there won’t be any issue such as unintended solutions/bugs.


###Difficulty

A big part of Reverse Engineering has to do with observation. That being said, depending on how sharp you are it can be really easy but it can also be tedious.


###Objective

Find the key(s).


###Rules
No patching.


###Hints

~ The name of the challenge is a hint by itself.

~ You’ll need dynamic analysis.

~ Once you figure out the 2nd digit, you’re almost there.

~ Read the above hints.


###Binary

Use the following command to recover the binary:

cat binary | base64 -d | gunzip > bin && chmod +x bin
H4sICC/5TFkAA2JpdADtWW9sHEcVn73z+U/snC+pUxzbIhsaCzfUl3OwjdOqzZ3/xOvIsY1jNyrF
WZ99a98198fc7gXbIiHgOurJJDUCpCBRCYGAoIIaQKoCH+oLgYR8QY7URkggYRCpnCalKU2DBamP
mdk3e7tzeyR84VPmdPf2/ea9N2/evJmbmf1yV+8+hyAgVhzoGUQ5l5/yfsAXawwRjLWhMvy7DdWh
YiJqkvMjv4WugWlGS0HOib9F+Nvm0Pk2h99C60COUcFEXchc/BZ6qwxZKEKioUd89bh11OMetVA/
+BF2WPUcoNcAeg0gz+gyOLbM9a8IvkNgbwj6xWgnyHWa5EkZuK6FyHMGDGVK/RbaDHLNnN5nsV4x
evDiAToI7RWKy23oF6NsHHZFI2OtzbuiocZoJJ6abpxua21sbfaqCe9u6pMHZLv7hqk8i6MIPlch
PQdI/ddnT0y8tv69pzMXZ4UrqP/0v/p66wXQz2Xmg/drsw1eVwDfUgB/rADeglhmWEt5AXmE4zRO
wtKKlOmIhqZSmoqmkpG4NoFULRlV4kiWiYysasGkJseCEYJMxhJxQGTU3dvT3iHv9u72ktYd8NFj
KtBPbjxTNZEyUsPyaq1ylFI2T1mp9uh4CbLGWDThDhPeYMKdJtxnwotMeJsJN+elNHerVFpwHSsX
kTSf0VyrRyj4m9KLen22JYmrsvUa/q3c5sdPhA+TqhsrWVzqXyA8cfnGMuXHCE9cvZGh/OcIT1y8
cY7yg4Qnrt34LuUdmJ9YZP40vduTvnpYSv9Vmvvb7YGhnssZP55p0uULyyWEXL6L18HVH2G9OxOV
23BQzx/CHRuWGgcwkebW3FL6+tHa87RnuDubRpZIRXYFC79I7Y9cJL2Y8DL+jQGq/5W/UwMX1p3Y
gJS+LV1Y3SsJl6Sr69oWw1o5s1a5DdvR2z/x9Lc3iHiYNw1jxdU4dmzkkuskhoQPaEtLops4thel
XDe/gfUMY+8ThezyyI1ZrEOe8UiI6WO3pHRqZe7YLYf2mLTQtSItICl9aWkIx4Bqrn5nPZtdItFe
/Tl+oiJzmVIqdnk1QaC5tSKtaknBGqv9hvA8frrcdY+YuPlETsuz0HVPOiMJy5Wvo8o3MqcGlimQ
rpofxR2d67onzB275zz+e6a6h1YvFNHq+cz0JjM/t1Z2vGpJJQ1f+4g1XIEbNuxcWHB9qUzEgq7K
+Su4dsH1Bcz+8w/pXy+4JklFRti+PLdSNJ+pfPFbtH6YihdrRxdc+3VN7ciCa6+h1ZLTcuCg9i+4
PknFSjXfgqvOENucEyvFYlVLLxMvfcRLGtUJ8vQKweoMzwfJ06sEKzWwZwzszj2G7TSwFQN7FGN6
fgQOBZ4NpLOB4cBQ76l6b7GIk+1UI6EHe9J3e9Jv9T5+nc7BCx85VxPYgDT/riY2/ZHlZ2/6nd70
3U5sIVv1J2nuoiDtuZl6h0zQ50cCnw+MBA4H5IuLuXz+4CLMaZjCAl41htXgpPKkWK+Kzx9RZkY2
oEPJRHxSxGvdpBbejobCiohxMRxURS0hjiliUIynYmNKcjvqwILJoKaKsWB8OwpEYwlVE7WwklS2
o76EJqoJUQmqM7hawwhpr9b5FPkvJGvb8r+z2ROY+nG3BjBtxVE5i6kHZ/zvMD2BqQcWuyqY/8Ls
IBKmPUJtRUnpolDiITj5r1jFtnaa1i17eYR2gLyE5emK5/bsc1fvryz/YukJtLfmqZ2f3vEJBDJk
TT6JfXuT+BBwe046OjaytZHUhYjvOH8VArS7PS872t3Vp51dbvFUUbu74Wsuye07WSy52+ZKDrj9
SXdbwO0LuBva3SKWw/Lt7lLq50/wN4ztmNfvh+VheVgelvuVZTj3nQPKisDRCqBTRbrcRuA74Zyy
FXh2jqgFnp2P2HGyGurruPoP17MJQs84dHts7zrq1Hm2bp6H+g3ADwAtZ/aBbkHWYuxhYZ/K1spp
oGy9LwH6MaBr0D7DV4BnfrP2yjgeL8e0PxmQzwLP4nkb+HNQ//8q7BzLlx/CuL4O9BLQa0DfBsqX
7o6OJ8WG4bFUXEuJLd5mr6+xNUW5puNNrV5fs7f5cR0Xd/uaWn2tvj339dGJo8TuBay4wzhPW3En
0mzxIiOfrLjLyCMrXmzkmxUvsR0nJ86CjC1eZuSJFd9g5JMVLzfmlRWvQIu2+EZ02xZ3G/c4VrzS
mKdW3IMGbPFNxv2DFd+M1mzxR4x5b8WrjPluxbcg0RZ/1DY/nXg2snOtFa825rMV34r8tngNGrDF
a/MwMk+L0PtZHq+gdfn+k/XPgePv4+JfC/gUh3sB59fdTmo/5ydbLw7S5/x4zoKdZc7OSSqfPy4/
KNCvQv19ldZtRqtlVvu/RPZxQAXs/Jb+PpLn/zVqJ3/c/wzyvP//oL/5+ekSiJ38fKgVyD2NG/lB
nq37nxLs73Veo3h+/nQL9vc9zwnEmxo0CvLsf0QWyB3N1rx8q6d28ufjRAH7swXw0wXwn0K7vP+/
KtDfK8R/x1YkcfLXaL9y6wO767kO8STXJaQogF9FpN0aNM3Z+QXIs3WJnbE+FHR5Pj6CQ5e/C/Jv
wgQodtj7X+Owj8MTDr1fvP22Anbeo37arMPjSU3VUhMT3nEky/s7BuXenoNDsoxC+Iw6GVE1JSlr
MXk8mogrKpYIJeTJaGIsGJVDWiKpysHUNBpPxKaiiqaEvJ9paWuxF5InIvGIHEwmgzOyEteSM2gi
GYwpcigVi81gFRMnY0nNIjoW0ah7+wYDB7rkrr5O7J/uLHu2qISQ3PlcX+BAT4e1ht4/Yqi7b1ju
ksCa1DmI5O7e/vZAr9y/b9/BriF5KNDe2yWze8xxNUWdR3LP0AE5F5ahAx0kKEPBsahCr0H9fvPF
Jm0SyUooqAXhZtQqoF+aWrG8q1O+mlgz+mG5VMV1akIOB+Mh7I7c048rQpG4nFKVkLknJByYH1NV
MKNf0O4/Kg9CvzqiQVXFY02ud/nmcZ9ZyEkwbEOBvOpMTAuOYaoldRpmT7jHSnIKeeMJTfEG2nsa
teAkcJPxlHcsFYmGGiMhRLlwUA0jb2gmju3pVEvqNUeVpBpJxC2MjOuSSjRIBOFpKqqRJnGHyaN3
MoEfNGUa/9Lx9CYTdHC8ShjSLxxK5jhdVU8dXYM9vzCepP4EY5FxRMzqLenGcGSRF8+IGE5dm3n4
vxby/0qWCLau594r6XwdJ8+/XyD3/ua779x7G50XOfkijm/i9Nk+VANgx330yf/9XXwWYPpsv3qG
85+dh0qRtfQh/ezD9Nm+9jwAZwEn5ycB5Z9bnkX62Yjps/3vKByY2PmKFT5+h5F+tmH6bJ98DvTd
nP8OjpLXAesmfbafzoC+WMB/Vsj+p8hkj+27V0Cf9ZOPH8NfBP124Nn+fA302fnQBTq8/mmUe9dI
Cvv/mIKBNr1GpYUf/zSnz/b7iyA4ysl7OPpNTp+dC26DPh8vnn+F0zfODxCwdqdV3mNl0fc5fbav
6YSGyjh5vv8/Rtb5y/YbA6Afu4/+zzj93PtTnW/m5Hn9JU6fnW/WQP8OJ8/Hj7xmIDnOwpR7n2ov
z/Nv4W+lSZ/tj6sfUP8v4D/TZ/tx8QH130b62DH93PtunWfvudn4Mn2WB2e49tk5ba3yv7fP6Huc
vrF/hwb899Ff4/TZvtfvsfrJ67OyDhjTZ/vFAVBs4OR5e05Bb9/H4Uyfzz/+Xm2TqW1z+SpcqFVw
Cy6//ppz11xegvbPwsB9HH93Ift7K7v2fXABNsgZ59/P/wdIDBaGUCIAAA==

Have fun!

6 Likes

You want a key?
How about 6 of them

5317
5327
5397
5417
5427
5497

1 Like

I thought of adding it as a hint if someone didn’t find out about that within 24 hours.

Congrats!

The keys I got:

5317
5327
5397
5417
5427
5497

Thanks for this challenge! This was the first one I solved without help, hints or waiting for a write-up!
Can’t wait to see more!

1 Like

the keys I got:

5317
5327
5397
5417
5427
5497

Was fun! :open_mouth:


5317
5327
5397
5417
5427
5497

[details=Summary]5317
5327
5397
5417
5427
5497
[/details]

Congrats to all of you folks! :ok_hand:

Solved it now as well. Wasn’t the smartest approach that I took but dynamic analysis solved it easily in the end. :smiley:

Below the summary of the made observations after looking at the binary:

  • key has to be provided on call
  • input has to have a length of 4
  • input bytes are getting stored in an array
  • input has to consists of just numbers
  • 1st input byte has to be 5
  • 2nd input byte has to be 3 or 4
  • 3rd input byte has to be 1,2 or 9
  • 4th input byte has to be 7

So any combination of the above mentioned input bytes is a valid key.

The static analysis was showcasing a bit arithmetic trick. The dynamic analysis approach was the lazy way.

Congrats either way @ricksanchez!

I tried static analysis first…
It went well until the part where the magic happened with the
neg something add something and something and something cmp something jmp something
I had to write stuff down and/or look in GDB what actually happens.

So in the end I couldn’t fully solve it just with with the static analysis approach

I understand. The whole “magic” you mentioned had to do with turning on the right-most 0 bit and turning off the rest. You can notice that in GDB having in mind what I just said.

I did see that happening, and I understood what’s happening there after using GDB.
Then finding the rest of the input “manually by hand” wasn’t an issue anymore

This is history, all the same it helped me sharpen my RE skills