Nuit-du-hack-2015/clark-kent
Jump to navigation
Jump to search
| You are here | klark-kent (150 points)
|
Description
This challenge can be downloaded here: http://static.challs.nuitduhack.com/clark.tar.gz
"There's a shadow inside all of us. But that doesn't mean you need to embrace it. You decide who you really are. And I know you'll make the right choice and become the hero you're destined to be." (Clark Kent) Become that hero you're destined to be. Discover and evolve your reversing powers.
Analysis
Fix corrupted header
We have to deal with a 32bit ELF with corrupted header:
$ file clark clark: ELF 32-bit LSB executable, Intel 80386, invalid version (SYSV), for GNU/Linux 2.6.24, BuildID[sha1]=900fb1b73552902c34efb601b7055d90e1a8b016, dynamically linked, interpreter \004, corrupted section header size $ readelf -h clark ELF Header: Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 Class: ELF32 Data: 2's complement, little endian Version: 1 (current) OS/ABI: UNIX - System V ABI Version: 0 Type: EXEC (Executable file) Machine: Intel 80386 Version: 0x0 Entry point address: 0x80483e0 Start of program headers: 52 (bytes into file) Start of section headers: 123 (bytes into file) Flags: 0x0 Size of this header: 0 (bytes) Size of program headers: 32 (bytes) Number of program headers: 9 Size of section headers: 0 (bytes) Number of section headers: 0 Section header string table index: 0 readelf: Warning: possibly corrupt ELF file header - it has a non-zero section header offset, but no section headers
This won't prevent you from analyzing the binary in IDA-Pro but gdb won't accept it:
$ gdb -q clark "clark": not in executable format: File truncated
Let's fix the header with HT-Editor as follows:
------------------------------------------------ ------------------------ --------------
SECTION INITIAL VALUE MODIFIED VALUE
------------------------------------------------ ------------------------ --------------
* ELF header at offset 0x00000000
ident
magic 7f 45 4c 46 = ?ELF unchanged
class 01 (32-bit objects) unchanged
data 01 (LSB encoding) unchanged
version 01 unchanged
OS ABI 00 (System V) unchanged
version 00 unchanged
reserved 00 00 00 00 00 00 00 unchanged
type 0002 (executable file) unchanged
machine 0003 (Intel 80386) unchanged
version 00000000 00000001
entrypoint 080483e0 unchanged
program header offset 00000034 unchanged
section header offset 00000000 unchanged
flags 00000000 unchanged
elf header size 0000 unchanged
program header entry size 0020 0000
program header count 0009 unchanged
section header entry size 0000 0034
section header count 0000 unchanged
section header strtab section index 0000 unchanged
------------------------------------------------ ------------------------ --------------
Note
setting the section header entry size to 0x0 is wrong but it will enable gdb to debug our binary.