# Reverse (Shuvsec) ## Corruptbattle ``` UPX packed binary. Go lang. $upx -d corruptbattle len(hash) = 42 going thorugh the source code i got three values 0xE209470e1289 D4CE5F23aa7e48 6228c46C4D99a4 ``` Wildly guessing nothing else , got lucky haha ```vulncon{0xE209470e1289D4CE5F23aa7e486228c46C4D99a4}``` ## HashMe Used angr (framework for reversing in python), passed the binary as first argument , takes atleast 5 min to give the flag. ```python= import angr import claripy import sys def main(argv): b = argv[1] project = angr.Project(b) length = 23 characters = [claripy.BVS('flag{-%d' %i, 8) for i in range(length)] input_ = claripy.Concat(*characters + [claripy.BVV(b'\n')]) state = project.factory.full_init_state(args=["b"], stdin=input_) simulate = project.factory.simulation_manager(state) good_addr = 0x15fc bad_addr = 0x1610 simulate.explore(find=good_addr, avoid=bad_addr) s = [] for j in simulate.deadended: if b"Here you go awaaaaay" in j.posix.dumps(1): s.append(j) valid = s[0].posix.dumps(0) print(valid) if __name__ == '__main__': main(sys.argv) ``` ``` vulncon{r3ver5eM4s7er} ```