DEV Community

Cover image for Secure Database Password: PicoCTF writeup
Advik Kant
Advik Kant

Posted on

Secure Database Password: PicoCTF writeup

Secure_Database_Password

Challenge Description

running through the challenge

lets open the ghidra and reverse engineering the binary we are given in the chall (./system_out). After opening the binary in ghidra the most important part of decompilation code is this part.

as we can see that there is a make_secret() function that takes a string and whatever the function returns is being compared to the hash we enter and if it matches it opens flag.txt file.

BOOM! we just need to go this make_secret() function and see what this local_f8 is and then we can get the flag.

as we can see in the make_secret() function it takes this hardcoded obf_bytes array and xors each digit with 0xaa and then we call another function hash()

this hash function looked familiar and when I googled about it I came to know it was known as the djb2 algo. OK so lets plan

We can put a breakpoint at this hash function this way we can see the string before undergoing the hash function. Once we capture this string we will just apply the djb2 decode and hopefully get the flag

ok so we get this string “iUbh81!j*hn!” , lets apply the algorithm on this string for that I vibecoded this python script to make our work easier

def djb2(s):
    h = 5381
    for c in s.encode():
        h = (h * 33 + c) & 0xFFFFFFFFFFFFFFFF
    return h

print(djb2("iUbh81!j*hn!"))

# we get 15237662580160011234 as output
Enter fullscreen mode Exit fullscreen mode

pasting this string as our hash we successfully get the flag

Top comments (2)

Collapse
 
nathannnnnnnn profile image
Nathan

Good job man this was cool

Collapse
 
deoxys profile image
Advik Kant

thanks bruv;)