Professional Documents
Culture Documents
Also one byte is read and copied from 0x6033a0(,%rax,4) to register eax, which is compared against the input. 0x0000000000401103 <+228>: mov 0x6033a0(,%rax,4),%eax 0x000000000040110a <+235>: cmp -0x4(%rbp),%eax Checks whether total no of characters read is equal to 10 0x000000000040114e <+303>: cmpl $0x9,-0x8(%rbp) // i=0;i<9;i++
And if all the characters are right then it jumps to function success else gameover. Examining the bytes at location 0x6033a0(,%rax,4) : (gdb) x/50x 0x6033a0 0x6033a0 <facebookctf_rocks>: 0x20 0x00 0x00 0x00 0x53 0x00 0x00 0x00 0x6033a8 <facebookctf_rocks+8>: 0x55 0x00 0x00 0x00 0x52 0x00 0x00 0x00 0x6033b0 <facebookctf_rocks+16>: 0x50 0x00 0x00 0x00 0x52 0x00 0x00 0x00 0x6033b8 <facebookctf_rocks+24>: 0x49 0x00 0x00 0x00 0x53 0x00 0x00 0x00 0x6033c0 <facebookctf_rocks+32>: 0x45 0x00 0x00 0x00 0x21 0x00 0x00 0x00 0x6033c8: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x6033d0: 0x00 0x00 The bytes in that location 20h53h55h52h50h52h49h53h45h21h are ascii values of some characters. which should look like " SURPRISE!" , flag: 9e0d399e83e7c50c615361506a294eca22dc49bfddd90eb7a831e90e9e1bf2fb