- The binary zorro_bin is a stripped file.
In this challenge basically the binary asks you for a number initially, (that is the number of drinks ). And further asks for the drinks’ id’s.If the first input is x, then a loop runs for x times xoring the values of drink id’s , which becomes the seed to a rand function in the code. The drink ids have to have their value in the range (16,0xffff). The seed value is checked against a function which checks whether the bin(seed) has 10 1’s if the condition is satisfied , the seed for the rand function is set and the rand values are updated to a string which is MD5 hashed and eventually checked against a hardcoded hash in the binary. Thats pretty much much it for the description for the challenge.
Solution:
My approach to this was to write a python script to find the input that would give the hash.
import random
import hashlib
from ctypes import *
libc=CDLL('libc.so.6')
arr=[0x3c8,0x32,0x2ce,0x302,0x7f,0x1b8,0x37e,0x188,0x349,0x27f,0x5e,0x234,0x354,0x1a3,0x96,0x340,0x128,0x2fc,0x300,0x28e,0x126,0x1b,0x32a,0x2f5,0x15f,0x368,0x1eb,0x79,0x11d,0x24e]
for j in range(16,0xffff):
n=j
c=0
while(n!=0 and n>0):
c=c+1
n=n&(n-1)
if(c==10):
n=j
libc.srand(n)
c=0
st=''
final=''
for i in range(30):
a = libc.rand()%1000
st = st + str(a)
final = final + chr((a^arr[i])&0xff)
final =final+'0'
result = hashlib.md5(st.encode())
if(result.hexdigest()=='5eba99aff105c9ff6a1a913e343fec67'):
print(j)
print(a)
breakThis script will give two outputs the first one being the seed value.
Black Bubble 