StackZero
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • Contacts
  • About Me
No Result
View All Result
StackZero
No Result
View All Result

Cracking PicoCTF Challenge: GDB Baby Step 1

June 28, 2023
in Reverse Engineering
0 0
Cracking PicoCTF Challenge: GDB Baby Step 1
0
SHARES
3.6k
VIEWS
Share on FacebookShare on Twitter

Are you a beginner in the intriguing world of reverse engineering? Or perhaps you’re keen to delve into the workings of Linux’s GDB debugger? Either way, we’ve got you covered. Welcome to Stackzero, your one-stop destination for all things related to these topics. Here, we’ve curated a wealth of resources to guide your learning journey.
If you’re just starting out, we recommend our foundation guides on Reverse Engineering, GDB and maybe the Mastering PicoCTF: Your Ultimate Registration Guide!
These easy-to-understand tutorials cover the basics of reverse engineering and using the GDB debugger. So why not take a few moments to read through them? It will give you the background knowledge you need to tackle the more complex challenges that lie ahead.
Today, we’re going to take on a particular challenge – the PicoCTF “GDB Baby Step 1”.
It’s an exciting task that tests your understanding of both reverse engineering and the GDB debugger.

Don’t worry if you’re new to these concepts, we’ll walk through it step by step.
Ready to embark on this exciting journey of discovery? Let’s jump in!

Table of Contents

Toggle
  • Decoding GDB: A Primer to the GNU Debugger
  • Preparations and File Analysis
  • The Magic of Disassembling with GDB
  • Alternative Path: Debugging the Executable
  • Conclusion

Decoding GDB: A Primer to the GNU Debugger

The world of programming and debugging can seem complex. Fortunately, the GNU Debugger, known as GDB, is here to help. GDB is a useful tool for programmers, especially those using Linux systems.

In essence, it lets you see what’s happening inside your program while it’s running. You can explore your code in depth, just like examining a machine’s parts closely.

With GDB, you can disassemble code. This means breaking a program down into smaller parts, a handy feature when working with low-level languages or inspecting compiled programs.

GDB also lets you inspect registers – high-speed storage areas in a computer’s CPU. Knowing what’s in these registers can give you insight into your program’s operation.

Moreover, GDB allows you to set breakpoints. This is like pausing a film to understand a crucial scene. Breakpoints let you pause program execution at specific places, helping you understand how your code works.

In summary, GDB is more than a debugging tool. It’s a platform that enhances your ability to interact with and understand your software. Whether you’re a developer, a cybersecurity enthusiast, or a coding learner, GDB is a tool you’ll want to learn.

So, if you’re ready to explore programs in a new way, let’s get started with GDB.

Preparations and File Analysis

Kickstart this adventurous journey by firing up your Kali Linux virtual machine.
Navigate to the PicoCTF website, locate the challenge named “GDB Baby Step 1,” in the “reverse engineering section”, familiarize yourself with the task by reading the description, and download the file.

GDB Baby Step 1 Description

After downloading, shift this file into your dedicated workspace where we can take our time to analyse it. Curious to know more about the file?
So run:

$ file debugger0_a 
debugger0_a: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=15a10290db2cd2ec0c123cf80b88ed7d7f5cf9ff, for GNU/Linux 3.2.0, not stripped

Voila! You have your answer. It’s an Executable and Linkable Format (ELF) file, as you might have guessed. But thanks to that useful command you also know that it’s a 64-bit executable and that’s not stripped (so we can see its symbols).

The Magic of Disassembling with GDB

Enter the fascinating world of disassembly with GDB. Let’s begin by opening the downloaded file by passing it as an argument to GDB:

gdb debugger0_a

Want to get an overview of all the functions? Just type:

info functions

As shown in the following screenshot, we have confirm that this file isn’t stripped, and all function names are in plain sight.

GDB Baby Step 1 functions

Our prime target here is the ‘main‘ function (address 0x1129).

Before we proceed, it’s essential to know that GDB’s syntax is set to AT&T by default. Are you more comfortable with Intel syntax like most of us?

You can easily change the setting by typing:

set disassembly-flavor intel

Having done that, we’re now set to uncover the assembly code by entering

disassemble main

The disassembly process unveils the following:

eax value

The crux of this challenge is to discover the EAX register value. From the disassembled code, we see that the number 0x86342 is moved into this register.
However, the number is in hexadecimal format, and we need to convert it to a decimal format.

Let’s embark on this conversion journey, that’s an easy task with the help of our beloved python.
Open a new terminal and type

python

Then, to transform the hexadecimal value into a decimal, punch in:

print(int(0x86342))

Behold the decimal equivalent, 549698!
We’ve now arrived at our flag: picoCTF{549698}.

Just copy and paste this into the input field on the PicoCTF website.
Mission accomplished!

Alternative Path: Debugging the Executable

For those who love exploring alternative routes, let’s solve this challenge through debugging.
Begin by setting a breakpoint at the main entry point.
Simply type:

break main 

Next

run

And then:

layout asm

for more detailed visualization.
Refer to the screenshot below for clarity:

layout asm in GDB

To execute instructions up to the 'ret' instruction (<main+21>), write:

ni

for the next instruction, and then the “Enter” button until you reach the target instruction.

Now, reveal the EAX register’s decimal value by typing:

print/d $eax

Here’s the screenshot displaying the value:

GDB Baby Step 1 eax value from debug

Voila! As expected, the decimal value is 549698, corroborating our earlier findings.
This reaffirms that our flag remains steadfast at picoCTF{549698}.

Conclusion

To put it simply, GDB is an essential tool in your toolkit for reverse engineering. It’s crucial for taking apart and investigating code, making it an invaluable resource for solving puzzles like PicoCTF’s “GDB Baby Step 1”. This journey we’ve taken, uncovering the value in the EAX register, making sense of the ELF file, and cracking the challenge is a perfect example of GDB’s power.

Are you feeling a rush of achievement? That’s the beauty of learning! But remember, this is just the beginning. The field of reverse engineering is vast and full of endless mysteries waiting to be unlocked.

Are you eager to keep exploring? We’re excited to share that journey with you. Stay in the loop with all the latest learning opportunities and challenges by following us at Stackzero and connecting with us on our social media profiles.

Remember, the world of learning is vast and open to all. Every expert was once a beginner too. So, keep exploring, keep learning, and continue to uncover the exciting puzzles that reverse engineering offers. I think that CTFs are the best way to learn and have fun at the same time.

The more you learn, the more fascinating it becomes. So, let’s keep that curiosity alive and dive deeper into the world of reverse engineering together!

Tags: assemblyctfcybersecuritydebuggingdisassemblergdbpicoctfreverse engineering
Previous Post

How To Crack PicoCTF ASCII FTW With Ghidra

Next Post

Unravelling PicoCTF: The GDB Baby Step 2 Challenge

Next Post
Unravelling PicoCTF: The GDB Baby Step 2 Challenge

Unravelling PicoCTF: The GDB Baby Step 2 Challenge

You might also like

Cryptographic functions

Cryptographic Hash Functions in Python: Secure Your Data Easily

November 3, 2024
Malware Obfuscation Techniques: All That You Need To Know

Malware Obfuscation Techniques: All That You Need To Know

March 25, 2024
How To Do Process Enumeration: An Alternative Way

How To Do Process Enumeration: An Alternative Way

March 4, 2024
How To Do DLL Injection: An In-Depth Cybersecurity Example

How To Do DLL Injection: An In-Depth Cybersecurity Example

February 8, 2024
Process Injection By Example: The Complete Guide

Process Injection By Example: The Complete Guide

January 24, 2024
How To Build Your Own: Python String Analysis for Malware Insights

How To Build Your Own: Python String Analysis for Malware Insights

November 10, 2023

StackZero

StackZero is a specialized technical blog dedicated to the realm of cybersecurity. It primarily provides insightful articles and comprehensive tutorials designed to educate readers on developing security tools. The blog encompasses a broad spectrum of subjects, starting from the foundational principles of cryptography and extending to more sophisticated areas such as exploitation and reverse engineering. This makes StackZero an invaluable resource for both beginners and professionals in the field of cybersecurity.
The blog covers a wide range of topics, from the basics of cryptography to the more advanced topics of exploitation and reverse engineering.

Tags

application security blind sqli blind sql injection bruteforce c cesar cipher command injection cryptography ctf cybersecurity debugging dom-based xss dvwa ethical-hacking ethical hacking exploitation file inclusion gdb hacking injection javascript malware malware analysis malware evasion network-security pentesting lab picoctf pico ctf python reflected xss reverse engineering sql sqli sql injection static analysis stored xss substitution substitution cipher vulnerable application web application security web exploitation web security windows windows api xss
  • About Me
  • Contacts
  • HomePage
  • Opt-out preferences
  • Privacy Policy
  • Terms and Conditions

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
No Result
View All Result
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • Contacts
  • About Me