Adversary Quest 2021

Only had time to do the first 2 RE challenges, was stuck on the Protective Penguin Challenge (Portal). Would appreciate a dm/comment if you manage to finish it. Here goes my write up on the other 2 challenges!

Challenge 1: The Proclaimation

This challenge is about reversing a boot loader.

1. Install qemu-system, I will leave you to do this on your own.

2. Run the .dat file

qemu-system-i386 -fda proclamation.dat

3. Google a little and find out how to debug a boot loader.

To start Qemu in debug mode:
qemu-system-x86_64 -s -S -m 512 -hda proclamation.dat
Start gdb:
gdb
target remote localhost:1234

4. Reversing the binary a little, I discovered that this are interesting breakpoints to set in gdb

break *0x7c00break *0x7c61break *0x7c4d     //This breakpoint prints 1 char of the messagebreak *0x7c1bbreak *0x7c23

Some of my interesting results while reversing:

After reading the message multiple times and running the binary countless times! I understand that there is an hidden message! However the decryption only stops at 0x7dc9. So by setting rsi to 0x7dcd, we will see the flag. The message is also determined by the value into rsi, and rsi is pointing to somewhere in the binary.

Solution:
set $rsi=0x7dcd

Another note:

Many people might notice the boot loader ends up going into a loop of weird instructions after int 10h is called, actually its nothing!! Read the below link:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store