---
layout: post
title: "DeconstruCT.F 2021 | REV | Scraps"
date: 2021-10-03 13:37:00 +0700
tags: [ctf, writeup]
---
<figure>
<img src="https://cdn.discordapp.com/attachments/874145963407720513/894206917239513118/Group.png">
</figure>
#### REV | Scraps (150 points | 100 solves)
Challenge Description:
```
One of our coders have locked down an application that is scheduled to be released tommorow.
Can you unlock the application as soon as possible.
```
**Solution:**
Given an ELF 64 Binary files which can be reversed through static analysis from IDA Decompiler.<br>
```asm
endbr64
push rbp
mov rbp, rsp
sub rsp, 40h
mov rax, fs:28h
mov [rbp-8], rax
xor eax, eax
mov rax, 564233656A4E485Ah
mov rdx, 5139314D4D4A6A4Dh
mov [rbp-30h], rax
mov [rbp-28h], rdx
mov rax, 394A7A4D6A4E5461h
mov [rbp-20h], rax
mov byte ptr [rbp-18h], 0
lea rax, [rbp-30h]
mov rdi, rax
```
The flag is a stack strings that are assigned to RAX and RDX registers along in the address of certain RBP Offset.
**Solver:**
```python
import binascii
import base64
def hexstack2ascii(s):
return binascii.unhexlify(s)[::-1]
arr = ["564233656A4E485A","5139314D4D4A6A4D","394A7A4D6A4E5461"]
for stc in arr:
print(base64.b64decode(hexstack2ascii(stc)).decode(),end="")
```
FLAG : **dsc{pU22L3_Pi3c32}**
Sign in with Wallet
Connect another wallet