Exatlon

Reversing No Comments
Can you find the password?

$ file exatlon_v1
 exatlon_v1: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, no section header
$strings exatlon
 UPX!
 UPX!
$upx -d exatlon_v1 -o exatlon
$ file exatlon
 exatlon: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=99364060f1420e00a780745abcfa419af0b8b0d8, for GNU/Linux

ghidra:
undefined4 main(void)
 {
   bool bVar1;
   basic_ostream *pbVar2;
   undefined4 unaff_R12D;
   basic_string,std::allocator> local_58 [32];
   basic_string local_38 [32];
 do {
     std::operator<<((basic_ostream *)std::cout,"\n");
     std::operator<<((basic_ostream *)std::cout,&DAT_0054b018);
     std::operator<<((basic_ostream *)std::cout,&DAT_0054b0d8);
     sleep(1);
     std::operator<<((basic_ostream *)std::cout,&DAT_0054b1a8);
     std::operator<<((basic_ostream *)std::cout,&DAT_0054b260);
     sleep(1);
     std::operator<<((basic_ostream *)std::cout,&DAT_0054b320);
     sleep(1);
     std::operator<<((basic_ostream )std::cout,&DAT_0054b400);
     sleep(1);
     std::_cxx11::basic_string,std::allocator>::basic_string
               (local_58);
                     / try { // try from 00404cfe to 00404dce has its CatchHandler @ 00404def */
     std::operator<<((basic_ostream *)std::cout,"[+] Enter Exatlon Password  : ");
     std::operator>>((basic_istream *)std::cin,(basic_string *)local_58);
     exatlon(local_38);
     bVar1 = std::operator==(local_38, "1152 1344 1056 1968 1728 816 1648 784 1584 816 1728 1520 1840 1664 7841632 1856 1520 1728 816 1632 1856 1520 784 1760 1840 1824 816 1584 1856784 1776 1760 528 528 2000 "
                            );
     std::__cxx11::basic_string,std::allocator>::~basic_string
               ((basic_string,std::allocator> *)local_38);
     if (bVar1 == false) {
       bVar1 = std::operator==((basic_string *)local_58,"q");
       if (bVar1 == false) {
         pbVar2 = std::operator<<((basic_ostream *)std::cout,"[-] ;(\n");
         std::basic_ostream>::operator<<char,std::char_traits<char>>::operator<<
                   ((basic_ostream>char,std::char_traits<char>> *)pbVar2,
                    std::endl>char,std::char_traits<char>>);
         bVar1 = true;
       }
       else {
         unaff_R12D = 0;
         bVar1 = false;
       }
     }
     else {
       pbVar2 = std::operator<<((basic_ostream *)std::cout,"[+] Looks Good ^^ \n\n\n");
       std::basic_ostream>::operator<<                 ((basic_ostream> *)pbVar2,
                  std::endl>);
       unaff_R12D = 0;
       bVar1 = false;
     }
     std::__cxx11::basic_string,std::allocator>::~basic_string
               (local_58);
   } while (bVar1);
   return unaff_R12D;
 }


basic_string * exatlon(basic_string *param_1)

{
  bool bVar1;
  char *pcVar2;
  basic_string<char,std::char_traits<char>,std::allocator<char>> *in_RSI;
  undefined8 local_80;
  undefined8 local_78;
  allocator<char> local_69;
  basic_string local_68 [32];
  __cxx11 local_48 [39];
  char local_21;
  basic_string<char,std::char_traits<char>,std::allocator<char>> *local_20;
  
  std::allocator<char>::allocator();
                    /* try { // try from 00404ae8 to 00404aec has its CatchHandler @ 00404bc1 */
  std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::basic_string
            ((char *)param_1,(allocator *)&DAT_0054b00c);
  std::allocator<char>::~allocator(&local_69);
  local_20 = in_RSI;
  local_78 = std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::begin
                       (in_RSI);
  local_80 = std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::end
                       (local_20);
  while( true ) {
    bVar1 = __gnu_cxx::operator!=((__normal_iterator *)&local_78,(__normal_iterator *)&local_80);
    if (bVar1 == false) break;
    pcVar2 = (char *)__gnu_cxx::
                                          
                     __normal_iterator<char_const*,std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>>
                     ::operator*((
                                  __normal_iterator<char_const*,std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>>
                                  *)&local_78);
    local_21 = *pcVar2;
                    /* try { // try from 00404b63 to 00404b67 has its CatchHandler @ 00404bfd */
    std::__cxx11::to_string(local_48,(int)local_21 << 4);
                    /* try { // try from 00404b7d to 00404b81 has its CatchHandler @ 00404bec */
    std::operator+(local_68,(char *)local_48);
                    /* try { // try from 00404b93 to 00404b97 has its CatchHandler @ 00404bdb */
    std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::operator+=
              ((basic_string<char,std::char_traits<char>,std::allocator<char>> *)param_1,local_68);
    std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string
              ((basic_string<char,std::char_traits<char>,std::allocator<char>> *)local_68);
    std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>::~basic_string
              ((basic_string<char,std::char_traits<char>,std::allocator<char>> *)local_48);
    __gnu_cxx::
        
    __normal_iterator<char_const*,std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>>
    ::operator++((
                  __normal_iterator<char_const*,std::__cxx11::basic_string<char,std::char_traits<char>,std::allocator<char>>>
                  *)&local_78);
  }
  return param_1;
}

exatlon.py
code = [1152, 1344, 1056, 1968, 1728, 816, 1648, 784, 1584, 816, 1728, 1520, 1840, 1664, 784, 1632, 1856, 1520, 1728, 816, 1632, 1856, 1520, 784, 1760, 1840, 1824, 816, 1584, 1856, 784, 1776, 1760, 528, 528, 2000]
alphabet = {"a": "1552", "b": "1568", "c": "1584", "d": "1600", "e": "1616", "f": "1632", "g": "1648", "h": "1664", "i" :"1680", "j" :"1696", "k" :"1712", "l" :"1728", "m" :"1744", "n" :"1760", "o" :"1776", "p" :"1792", "q" :"1808", "r" :"1824", "s" :"1840", "t" :"1856", "u" :"1872", "v" :"1888", "w" :"1904", "x" :"1920", "y" :"1936", "z" :"1952", "A": "1040", "B": "1056", "C": "1072", "D": "1088", "E": "1104", "F": "1120", "G": "1136", "H": "1152", "I": "1168", "J": "1184", "K": "1200", "L": "1216", "M": "1232", "N": "1248", "O": "1264", "P": "1280", "Q": "1296", "R": "1312", "S": "1328", "T": "1344", "U": "1360", "V": "1376", "W": "1392", "X": "1408", "Y": "1424", "Z":"1440", "{": "1968",  "}":"2000", "!" :"528", "@" :"1024", "#" :"560", "$" :"576", "%" :"592", "^":"1504", "&" :"608", "*":"672", "(":"640", ")" :"656", "-" :"720", "_" :"1520", "=" :"976", "0" :"768", "1" :"784", "2" :"800", "3" :"816", "4" :"832", "5" :"848", "6" :"864", "7" :"880", "8" :"896", "9" :"912"}

newcode = []

for char in code:
    found=False
    for item in alphabet:
        if alphabet[item] == str(char):
            found = True
            print(item, end = "")
    if found == False:
            print("#",end="")

kali@kali:~/0.htb/challenges/Reversing/Exatlon$ ./exatlon
 ███████╗██╗  ██╗ █████╗ ████████╗██╗      ██████╗ ███╗   ██╗       ██╗   ██╗ ██╗
 ██╔════╝╚██╗██╔╝██╔══██╗╚══██╔══╝██║     ██╔═══██╗████╗  ██║       ██║   ██║███║
 █████╗   ╚███╔╝ ███████║   ██║   ██║     ██║   ██║██╔██╗ ██║       ██║   ██║╚██║
 ██╔══╝   ██╔██╗ ██╔══██║   ██║   ██║     ██║   ██║██║╚██╗██║       ╚██╗ ██╔╝ ██║
 ███████╗██╔╝ ██╗██║  ██║   ██║   ███████╗╚██████╔╝██║ ╚████║███████╗╚████╔╝  ██║
 ╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝   ╚══════╝ ╚═════╝ ╚═╝  ╚═══╝╚══════╝ ╚═══╝   ╚═╝
 [+] Enter Exatlon Password  : HTB{l3g1c3l_sh1ft_l3ft_1nsr3ct1on!!}
 [+] Looks Good ^_^

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by WordPress & Skyrocket Themes

MENU

Navigation