1/ First steps:
Ok, so it's a crackme. Let's toy a little bit with it:
Weird. It seems that it take only 12 chars in consideration:
Ok, time to dig in:
That's really, really interesting. Function names let think this is a VM. The function vm_xor leads us to imagine that the input will be XORED, then compared, thanks to vm_cmp function.
We have two ways for solving this:
- bruteforce solution
- doing it in a clean way
This is a CTF, lets work dirty.
2/ Straight to the winning point
The strategy is this one: let try by bruteforce any character and count how many instructions this program will do before saying the password is bad. If we have one (or more) good characters, the program will run longer to check other characters. Easy.
pin is a program which can count instructions. The inscount library is in the source tree. Inscount can count how many instructions a program will compute during its lifetime. Compile it, and use it.
Ok, two wrong password use the same numbers of instructions.
This is the shell script:
Let's industrialize it:
It seems that we have some artefacts (???). Let's reduce the output by taking the biggest numbers only, and iterate until we got the solution:
And here, I was WTF?? "iWaszeMyTime" ?? This one didn't flag on the platform.
I thing you already find the real answer: 'iWasteMyTime'.
This is really a strange side effect of the binary. I don't understand why it validate any strings.
In CTF, you run for flag, you don't dissect binaries :-)
Maybe the challenge is buggy ^_^
Let me give you a taste of my steel.
~Soulcalibur III - Mitsurugi