Keygen Me PicoCTF Challenges

File Name

Throw it in binja and lets get this party started

• sub_1209() is inside of an if statement with a pointer set to a a buffer as an arg and then the results of that function are compared to 0. It’s checking our "license key", lets find out!

sub_1209() :

• Binja is so nice isnt it! We see damn near the entire flag at the top of that function but if we look at the disassembly instead of the HLIL we see that these values are all hardcoded in and we can turn those into decimal and then use the xxd command. We happen to be missing a section of the flag lets inspect further into the disassembly.
• We need to set a bp at sub_1209 so that would be 0x00001209 and run the program.
• if (strlen(arg1) != 0x24) our input is going to be 36 chars.
• Inside of the while loop we see our input is being compared to a string stored in memory. Hmmm…
• We need to break on this cmp which is 0x0000555555555419 since the binary is now up and running.

Finding the flag

• If we click on the address being stored inside of the rbp register we are brought right to the flag and we see it is unmasked in memory, hence the reason for setting the bp on the cmp to 0x24 inside of the if statement.