题目类型:MISC、Re、Crypto
Description:
With all that recent hype about VPNs and everything good ol’ hxp had to up their crypto game, so we added network-based security to this flag dispenser. We think that–despite our age–we’re still perfectly capable of producing flawless C code, but to be extra safe, we cranked up the compiler-based defenses during compilation of the server and enabled clang’s safe stack.
Besides the server we provide captured traffic from and to that port for you to analyse, could you please check that we got it right?
Note: We did not modify the source code of the statically linked crypto library.
we cranked up the compiler-based defenses during compilation of the server and enabled clang’s safe stack.
反编译失败的原因是调用0x66EA0函数的时候无法正常识别参数
Y看下函数定义
可以发现它识别到了很多参数,是错误的,那么具体我们要设置多少个参数呢?我们先进行符号恢复,看是否能diff出该函数.
https://github.com/openssl/openssl
下载对应版本openssl进行编译:https://github.com/openssl/openssl/blob/master/NOTES-UNIX.md
然后利用bindiff进行符号恢复即可,恢复不了的符号就根据函数内的字符串,参数个数,函数内的代码逻辑来手动恢复符号.