Adversary Quest 2021
Only had time to do the first 2 RE challenges, was stuck on the Protective Penguin Challenge (Portal). Would appreciate a dm/comment if you manage to finish it. Here goes my write up on the other 2 challenges!
Challenge 1: The Proclaimation
This challenge is about reversing a boot loader.
1. Install qemu-system, I will leave you to do this on your own.
2. Run the .dat file
qemu-system-i386 -fda proclamation.dat
3. Google a little and find out how to debug a boot loader.
To start Qemu in debug mode:
qemu-system-x86_64 -s -S -m 512 -hda proclamation.datStart gdb:
target remote localhost:1234
4. Reversing the binary a little, I discovered that this are interesting breakpoints to set in gdb
break *0x7c00break *0x7c61break *0x7c4d //This breakpoint prints 1 char of the messagebreak *0x7c1bbreak *0x7c23
Some of my interesting results while reversing:
After reading the message multiple times and running the binary countless times! I understand that there is an hidden message! However the decryption only stops at 0x7dc9. So by setting rsi to 0x7dcd, we will see the flag. The message is also determined by the value into rsi, and rsi is pointing to somewhere in the binary.
Many people might notice the boot loader ends up going into a loop of weird instructions after int 10h is called, actually its nothing!! Read the below link: