Solving C2 RE Challenge From Hackaday Course
- first we run the binary in Ghidra and select the function main to navigate to
2. Ghidra has a built in decompiler which makes it easy for us to see the C code of the function , look to the decompiler’s window and you will see the code.
3.we see that there is int param_1 and long param_2 passed to main function , change them to int argc and char** argv
by right click and choose Edit Function Signiture , you will get the following window
3. after changing the two values observe the decompiler’s code , it is more readable now
4. lets start to read the code now , first you will notice that it checks the argument count passed to the program if it is equal to 2 ( the first argument is the program itself ) the program will continue executing what is after the condition , else it will just print ‘Please supply the password’ .
5. after that there is the next condition if (sVar < 5) and sVar here is the value of the first argument passed to the program , eventually that means the password must be more or equal to 5 chars
6. now the last condition , this conditions checks from the password itself
we know that the password or whatever input we supply to the program , its is divided into single chars and every char is an element of the argv array , in this case every char must have an index number and the if statement here checks from the char that it is in index 0 = ‘h’ and the char in index 4 = ‘u’
argv[1] == ‘h’ > first element in the first array
argv[1][4] == ‘u’ > fifth element in the first array
that means we need a password of 5 chars with the firs char to be ‘h’ and the last to be ‘u’
lets TRY !
it worked .. we have successfully reverse engineered the binay
