Root-Me: ELF C++ - 0 protection solution
My daily work is doing full stack web development, and reversing is a side thing that I do for fun and in my free time. In this article I will show you an easy way to solve for ELF C++ - 0 protection challenge, which can be found on https://www.root-me.org under the cracking section.
I found this challenge a bit difficult mostly because I'm not used to reverse C++ code but, since it doesn't contain any protection at all, all you need to do is to inspect the parameters.
If we play with the binary a little, maybe visualize it in https://ghidra-sre.org/, we can see that plouf is an interesting function and it's definitely doing something, like decoding something from the binary and constructing a string.
If we fire gdb and run the program, we can setup a breakpoint right after plouf and inspect the returned value.
>>> x/10x $eax
0xbffff664: 0x1c 0xc1 0x04 0x08 0x2c 0xc0 0x04 0x08
0xbffff66c: 0x14 0xc0
This doesn't tell us much, but if you look closely you can see that it points to: 0x1c 0xc1 0x04 0x08
Which is an address: 0x0804c11c it is written that way because of endianness. Inspecting the value of the address in GDB will give us the output that plouf spits.
PS: Things get even more easier if you're using GDB Peda.
Thanks for reading!