Basically we are given two Linux ELF binaries:
Each of these binaries is a 64 bit ELF binary.
I placed them into IDA Pro and examined them quickly and noted that both used the return value of ptrace() to detect if a debugger was attached, and if so, just enter an infinite loop:
Other than that the binaries seem to just ask the user for a password, then do something, check the password and print a response.
An example of the code that is checking the user input for r100 is below:
So evidently, it iterates through the input, byte by byte validating the user input. If an invalid byte is found it returns and exits the program, emitting the "Incorrect Password" error.
Similarly the r200 program does the same thing but with a few more steps:
At the end of the day though, there's still a key pivot point in both of these programs where a comparison is being made on a byte by byte basis.
An example is shown from the r200 binary below where a "cmp edx,eax" instruction at address 0x40082e is used to verify the encoding of the input byte matches the expected output value.
Similarly in r100 a "cmp eax,1" at address 0x40078b is used to validate the same.
So since we know the typical input will be printable characters, and we know where in the execution flow we know to check for a comparison, we can quickly stop reversing any of the binary itself and move on to a brute force style attack against the password.
FYI - I realize at this point that reversing the particular algorithms being used in these binaries was probably trivial to the point where building a generic framework to finish both of these challenges at the same time was a silly diversion, but I thought it would be fun and an interesting idea for future challenges.
I engineered a dodgy system of Python and GDB and the output is such below for the r100 program:
The source code for this is below.
And you can see the source is almost identical. I think this might be useful in the future so Im glad I wrote this up.
So at the end of the day 300 points (100+200) for a single Python script. Not too bad.