reversePromedium

hitrugan

rev_kids20

Task: 64-bit PIE keygen crackme that compares hex serial input against transform_rand_value(rand()) where the PRNG is time-seeded, giving one attempt per run so the leaked serial cannot be replayed. Solution: NOP the jne (75 18 -> 90 90) at file offset 0x10f9 that guards the print-flag function, then run the patched binary under Docker amd64.

pie elf keygen x86-64 prng reverse ret2win time-seed binary-patch jne-nop docker-qemu

conditional_jump_patchjne_to_nopwin_branch_forcestatic_binary_patch

$ ls tags/ techniques/

pie elf keygen x86-64 prng reverse ret2win time-seed binary-patch jne-nop docker-qemu

conditional_jump_patchjne_to_nopwin_branch_forcestatic_binary_patch

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ cat writeup.md…

Sign in to access full writeups

Sign in to access full writeups

Similar writeups