HECC 2019 - defusethebomb RE chall
One of the reverse engineering challenges at the HECC 2019 CTF was a bomb defuse binary.
Loading the binary in IDA Pro, we can see the string
It's going to go off! will be printed, and an ASCII art of a bomb, after which we are asked to enter a password to defuse it. Towards the end of the
main function, we can see a basic block which tests if the input password is equal to some value. This can lead to either a basic block printing out
Phew! Good job! Here's a flag for you or one printing out
KABOOM!!. We obviously want to end on the
Phew basic block.
Normally, I would look at what happens with the input string and try to figure it out, but as this was a very time constrained competition, I skimmed it and decided to throw angr at it, to symbolically execute until it finds the string
Good job in the output.
We get the output: