This was the first reverse engineering challenge from SharifCTF. It was a pretty straightforward 64-bit ELF binary, and despite being decently easy, was still pretty fun and a great first-level RE challenge.
Analyzing the Execution
If we dump the beginning of main using objdump we can see it’s written in C++ and that it first prints out a message, takes our input, hahes it, and stores it in RAX.
This gives us a pretty good idea of where this is heading, but let’s keep going just to be careful.
Looking ahead we can see a lot of comparisons happening between the bytes of our hashed input and some other hardcoded bytes:
Pulling out all of those bytes gives:
Converting that back to ascii we get:
That should be the md5 hash of our desired password. All we have to do is crack that hash and we sould have our flag. If we do a quick search online we find that what that hash is the md5x2 of the word grape. An md5x2 is the md5 operation applied twice:
With that in mind if we hash the word grape we should have the valid key, assuming no more checks were done.