TO BE CONTINUE
40072b:4 - > loop
overwrite main ret instruction to long jump to start of main function input logic and reflip 40072b:4. Then write the shellcode to 0400741, and finally reflip 40072b:4 to get shellcode execute.
18.104.22.168 on the home page is not a ip address, it’s 2012.12.21 in Maya calendar, just set the time to 2012.12.11 and run the program to get the flag.
Reverse and write script to solve.
4 processes created by clone, shared memory. When the program init, some rops will be filled in each process’s stack, and the rops are the thing that check your flag.
anti-debug will be used in perior 3 processes, and generate the key to decode the input in thread 4.
So just track the right rops to get the algorithm. And write some scripts to calculate the flag.
Use chrome to decode the ARM binary code, we got two function, encode and test. Write a script to solve the problem.
source audit, download the source.zip
git log and checkout last branch
get private and public key for setting up DNSSEC server.
use this command to sign and gen RRSIG
rndc reload to reload bind9 config
CAUTION: The file name must be like this
same as zone name. It’s important.
sudo apt install rng-tools to speed up sign progress