This challenge was a very easy Win32 reversing challenge, with many ways to tackle it.
Running the executable in my Windows VM, I am presented with a game. The flag for this challenge can be found by simply beating the game, which consists of typing keys the game prompts me with before a short time-out.
ZOMGZOMGOZMGZOMGZOMGOZMGZOMGZOMGOZMGZOMGZOMGOZMG ZOMGZOMG ZOMGZOMG ZOMGZOMG TAP TAP REVOLUTION!!!!!!! ZOMGZOMG ZOMGZOMG ZOMGZOMG ZOMGZOMGOZMGZOMGZOMGOZMGZOMGZOMGOZMGZOMGZOMGOZMG R U READDY?! The game is starting in... 5
I am not very good at this game... so we will patch the binary!
Opening up in IDA, I immediately head over to the Strings listing so I can find the
lose game string - which is something about cow udders, and a link to some mad cow PNG.
By copying the address of each string, and searching in the game code tab - I can find where it is referenced in the code (which turned out to be once per lose game string).
Viewing in graph mode lets me see what is going on.
I can see there is a
jnz opcode (jump if not zero). Since this is hit when we lose the game, we can change it to "win" when we are actually suppose to lose here - we just flip the opcode!
We head up to patch byte in IDA, and change the opcode from
0x75 (JNZ) to
By doing this for the other jump instruction that is taken when the other lose game string is printed - we will always win, when we are suppose to lose! Running the executable after the patches have been applied to the binary presents the following (the game actually seems to play it self which is cool).
.....m ...s .....m TURBO TIME! key is (no5c30416d6cf52638460377995c6a8cf5)
no5c30416d6cf52638460377995c6a8cf5 in the CTF panels gifts back a sweet easy 50 points!