PClub secy task 2
I used GHIDRA to decompile the given binary file.
In the main function we see a checkPassword function which takes the input from stdin as an argument. If the checkPassword returns 1, then our password is correct.
In the checkPassword function we see four functions that are being used: process,prepare,format,checkRes.
If the checkRes function returns 1, then the checkPassword function also returns 1.
The checkRes function takes an integer pointer named local_8c as an argument.
We can see that the checkRes function compares the integers stored in the array pointed by local_8c to a 30 element array kept at &DAT_000120c0.
I first change the datatype of DAT_000120c0 to 30 element integer array in GHIDRA and obtained the values stored there.
Now let's see what local_8c exactly is
We analyze the function process
local_8c is malloced 120 bytes (30 integers) and the 30 elements pointed by param_2 (which is &local88) are effectively copied to address pointed by local_8c
local_8c points to the array [5,3,6,5,2,5,3,3,3,5,2,4,6,5,5,2,2,5,2,6,5,1,3,4,5,3,4,6,6,5] now.
Lets see what happens in the function format
We will now reverse this operation to get the required input which will give the correct result.
When we execute the python code , it gives ftp{PR0GR4MM1NGCLU8_11TK4NPUR} which is the required password.