I spent a long time on this problem, the program enabled PIE, we can disable random_va_space on Linux:
1 | $ sudo echo 0 > /proc/sys/kernel/randomize_va_space |
And then use IDA for remote debugging. I know that the program needs to detect two values, one is password, it is easy to get 98416 through IDA static analysis .
The other is the Key, this Key needs to be detected by burst on my first mind. But my coding ability is very weak, and I didn’t write it for one night.
In the end, I know that this Key is used to decode the code of the obfuscated function. It only involves 11 bytes, and it is simply added to the Key to decode. So the size of the key should be only one byte(0x00-0xFF), and then I manually test from 0. After using the wrong key, Segmentation fault error and illegal instruction error will appear. I found that 39 and 43 can avoid the above error, but still I can’t decode the flag.Fortunately, when I tested 50, it happened to be the correct key, and I was able to decode the flag.
More info at here!