"What happened to my system? It has been working perfectly for more than 20 years."
We are given a zip that contains a bin and cue file. If we run strings, we see that it points to a playstation/PSX program.
I extracted the ISO file by running binwalk --extract rmrf.bin
. From the ISO file, we can extract the playstation EXE by using unar.
We can throw this PROGRAM.EXE into IDA/Ghidra to investigate and reverse engineer the executable.
Instead of starting from the entry point which seems tedious to reverse, we can find cross references to relevant strings such as "wgmy{" which would bring us to the flag generation portion of the code.
As we can see, sub_8001124c
seems to generate the flag.
If you have seen implementation for RC4 encryption/decryption before, this will look familiar to you. Essentiually, it seems like the flag is encrypted with dword_80019000
being the encrypted flag and … 0
as the pointer to the key…?
Let's look more closely at the assembly when the parameters are passed into the rc4_decrypt
function.
Although the decompilation showed that the first parameter to the rc4_decrypt
function is 0, the assembly says otherwise. Let's rename the stuff we have identified so far to key_ptr
, enc_flag
and rc4_decrypt
.
We are most keen in finding out what the correct key_ptr
value is required to decrypt the flag.
In one of the cross references, we can find the key_ptr
pointer being initialized.
As we can see, it seems like it initializes the key_ptr with some sort of a struct. We can define a struct as such
If we look at other cross references,
It seems like its parsing console inputs and appending it to the key stream. As we can see, there are 8 possible values here, [0x54, 0x58, 0x53, 0x43, 0x55, 0x44, 0x4c]
.
Finally at the last interesting cross reference, we find some sort of validation for the key. This is where we start figuring out the correct key.
Although the decompilation fails, we recognize that the MEMORY correspond with our key, and that there is some matrix multiplication going on with another value before it is validated.
I spent significant time trying to solve this, but without much success. Finally, knowing that the validation function checks for 9 characters, and that there are only 8 possible characters, I decided to write a brute force script to brute force the 8**9
number of permutations.