This file is an 32bits elf binary, compiled from go language (i guess ... coded by @nibble_ds ;)
The binary has some debugging symbols, which is very helpful to locate the functions and api calls.
GO source functions:
- main.main
- main.function.001
If the binary is executed with no params, it prints "Nope!", the bad guy message.
~/ncn$ ./inbincible
Nope!
Decompiling the main.main function I saw two things:
1. The Argument validation: Only one 16 bytes long argument is needed, otherwise the execution is finished.
2. The key IF, the decision to dexor and print byte by byte the "Nope!" string OR dexor and print "Yeah!"
The incoming channel will determine the final message. |
Dexor and print each byte of the "Nope!" message. |
This IF, checks 16 times if the go channel reception value is 0x01, in this case the app show the "Yeah!" message.
Go channels are a kind of thread-safe queue, a channel_send is like a push, and channel_receive is like a pop.
If we fake this IF the 16 times, we got the "Yeah!" message:
(gdb) b *0x8049118
(gdb) commands
>set {char *}0xf7edeef3 = 0x01
>c
>end
(gdb) r 1234567890123456
tarting program: /home/sha0/ncn/inbincible 1234567890123456
...
Yeah!
Ok, but the problem is not in main.main, is main.function.001 who must sent the 0x01 via channel.
This function xors byte by byte the input "1234567890123456" with a byte array xor key, and is compared with another byte array.
=> 0x8049456: xor %ebp,%ecx
This xor, encode the argument with a key byte by byte |
The xor key can be dumped from memory but I prefer to use this macro:
(gdb) b *0x8049456
(gdb) commands
>i r ecx
>c
>end
(gdb) c
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x12 18
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x45 69
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x33 51
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x87 135
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x65 101
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x12 18
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x45 69
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x33 51
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x87 135
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x65 101
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x12 18
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x45 69
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x33 51
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x87 135
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x65 101
Breakpoint 2, 0x08049456 in main.func ()
ecx 0x12 18
The result of the xor will compared with another array byte, each byte matched, a 0x01 will be sent.
The cmp of the xored argument byte, will determine if the channel send 0 or 1 |
(gdb) b *0x0804946a
(gdb) commands
>i r al
>c
>end
At this point we have the byte array used to xor the argument, and the byte array to be compared with, if we provide an input that xored with the first byte array gets the second byte array, the code will send 0x01 by the channel the 16 times.
Now web have:
xorKey=[0x12,0x45,0x33,0x87,0x65,0x12,0x45,0x33,0x87,0x65,0x12,0x45,0x33,0x87,0x65,0x12]
mustGive=[0x55,0x75,0x44,0xb6,0x0b,0x33,0x06,0x03,0xe9,0x02,0x60,0x71,0x47,0xb2,0x44,0x33]
Xor is reversible, then we can get the input needed to dexor to the expected values in order to send 0x1 bytes through the go channel.
>>> x=''
>>> for i in range(len(xorKey)):
... x+= chr(xorKey[i] ^ mustGive[i])
...
>>> print x
G0w1n!C0ngr4t5!!
And that's the key :) let's try it:
~/ncn$ ./inbincible 'G0w1n!C0ngr4t5!!'
Yeah!
Got it!! thanx @nibble_ds for this funny crackme, programmed in the great go language. I'm also a golang lover.
More info
- Tools 4 Hack
- Nsa Hacker Tools
- Hacker Tools 2020
- Pentest Tools For Windows
- New Hacker Tools
- Hacker Tools Linux
- Hacker Tools Linux
- Hacking Tools For Windows Free Download
- Hacker Tools List
- Hacking Tools For Pc
- Hacking Tools Online
- Hacking Tools 2020
- Hacker Tools Software
- Hacking Tools For Games
- Pentest Tools Alternative
- Hacking Tools For Kali Linux
- Pentest Tools Alternative
- Blackhat Hacker Tools
- Hacker Tools For Mac
- Pentest Tools Subdomain
- Pentest Tools Android
- Pentest Tools Nmap
- Hacker Tools Linux
- Nsa Hack Tools Download
- Hack Rom Tools
- Hacker Tools Free Download
- Black Hat Hacker Tools
- Pentest Tools Port Scanner
- Hack And Tools
- Hack Tools 2019
- Pentest Tools Port Scanner
- Black Hat Hacker Tools
- Nsa Hacker Tools
- Pentest Tools Website
- Pentest Tools Windows
- Best Pentesting Tools 2018
- Growth Hacker Tools
- Hacker Tools Windows
- Hacking Tools For Games
- Hacking Tools Pc
- Hacker Tools Apk Download
- Underground Hacker Sites
- Hacker Tools For Mac
- Hack Tools For Pc
- Pentest Tools Subdomain
- Tools Used For Hacking
- Nsa Hack Tools Download
- Hacker Tools Free Download
- Pentest Tools Port Scanner
- Android Hack Tools Github
- Easy Hack Tools
- What Are Hacking Tools
- Hacking Tools Mac
- Kik Hack Tools
- Hacking Tools Windows
- Pentest Tools Bluekeep
- Pentest Tools Website Vulnerability
- Hacker Tools Linux
- Tools Used For Hacking
- Pentest Tools Github
- Hacker Techniques Tools And Incident Handling
- Best Hacking Tools 2019
- Easy Hack Tools
- Top Pentest Tools
- Hacking Tools Software
- Kik Hack Tools
- Hacker Tools For Mac
- Hacking Tools For Pc
- Hacking Tools Windows
- Hacker Search Tools
- Hacker Search Tools
- What Are Hacking Tools
- Hacking Tools Github
- Hacking Tools For Mac
- Pentest Tools For Windows
- Hacking Tools Windows 10
- Hacker
- Hack Tools Online
- Pentest Tools Framework
- Pentest Tools Subdomain
- Github Hacking Tools
- Pentest Tools For Android
- Pentest Tools For Android
- Pentest Tools Download
- Pentest Tools Linux
- Pentest Tools Kali Linux
- Hacking Apps
- Hacking Tools Pc
- Pentest Tools Subdomain
- New Hack Tools
- Hacker Tools Free
- Hacker Tools
- Underground Hacker Sites
- Pentest Tools Github
- Hack Tools Online
- Pentest Tools Alternative
- Pentest Tools Bluekeep
- New Hacker Tools
- Pentest Tools Find Subdomains
- Hacker Tools Apk Download
- Hacking Tools Online
- Hacker
- Pentest Automation Tools
- Hacker Tools Mac
- Hack Tools
- Nsa Hack Tools Download
- New Hack Tools
- Pentest Automation Tools
- Hack Tools Mac
- Termux Hacking Tools 2019
- Hacking Tools Mac
- Hacking Tools Mac
- Hack Tools Download
- Hack Tools Online
- Hacking Tools Online
- Free Pentest Tools For Windows
- Hacker Tools
- Pentest Automation Tools
- Pentest Tools Find Subdomains
- Hacking Tools For Windows 7
- Hacking Tools For Kali Linux
- Pentest Tools Website Vulnerability
- Top Pentest Tools
- Hack Tools For Ubuntu
- Usb Pentest Tools
- Pentest Tools Tcp Port Scanner
- Hacker Tools Software
- Hacking Tools For Games
- Growth Hacker Tools
- Hack Tools
- Hack Tools For Mac
- Pentest Tools Bluekeep
- Usb Pentest Tools
- Hacking Tools For Windows
- Github Hacking Tools
- Computer Hacker
- Hacker Tools List
- Hacking Tools Windows 10
- How To Install Pentest Tools In Ubuntu
- Hack Tools For Pc
- Hak5 Tools
- Hacking Tools Github
- Hacking Tools Windows 10
- Nsa Hacker Tools
- Hacking Tools For Windows Free Download
- Hack Tools For Windows
- Pentest Tools Bluekeep
- Hack Apps
- Pentest Tools Kali Linux
- Pentest Automation Tools
- Hack Tools For Mac
- Pentest Recon Tools
- Bluetooth Hacking Tools Kali
- How To Make Hacking Tools
- Hacker Tools For Pc
- Pentest Tools Nmap
- Hack Rom Tools
- Hacker Tools Mac
No comments:
Post a Comment