StackZero
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • Contacts
  • About Me
No Result
View All Result
StackZero
No Result
View All Result

Unravelling PicoCTF: The GDB Baby Step 2 Challenge

July 5, 2023
in Reverse Engineering
0 0
Unravelling PicoCTF: The GDB Baby Step 2 Challenge
0
SHARES
2.5k
VIEWS
Share on FacebookShare on Twitter

Welcome back to our series on the GNU Debugger (GDB) and its applications in tackling the PicoCTF challenges. If you’re joining us for the first time, we recommend revisiting our guide on the Registration Guide and GDB Baby Step 1 Challenge.
This introductory piece provides a comprehensive overview of GDB, its functionalities, and its significance in the realm of Linux debugging.
Continuing our journey, we are now poised to take on the GDB Baby Step 2 Challenge. While our objective remains the same – to determine the value within the ‘EAX’ register at the end of the ‘main’ function – the approach differs. This time, we engage with the program dynamically, executing and observing its behaviour in real-time. Ready to dive in? Let’s proceed.

Table of Contents

Toggle
  • Recap of GDB Baby Step 1
  • Prerequisites for the Challenge
  • Preparing for the Challenge
  • Unlocking the Challenge: Extracting the Flag
    • Overview Of The Challenge
    • Debugging in practice
  • Conclusion

Recap of GDB Baby Step 1

In the GDB Baby Step 1 Challenge, we traversed the basics of GDB operations. We aimed to decipher the decimal equivalent of the value stored in the ‘EAX’ register as the ‘main’ function culminated. While the task was achievable via straightforward disassembly, we opted for an extra layer of understanding, experimenting with basic debugging techniques.

Through this process, we paused program execution, set strategic breakpoints, and analyzed the real-time behaviour of the code. This practice offered valuable insight into the dynamism of debugging and set the groundwork for more complex operations in the realm of reverse engineering.

Armed with the foundational knowledge of GDB functionalities, we are now well-positioned to navigate the complexities of the upcoming challenge. Let’s gear up for a deeper exploration of GDB’s practical usage as we step into the Baby Step 2 Challenge.

Prerequisites for the Challenge

Before plunging into the intricacies of the GDB Baby Step 2 Challenge, it’s essential to have a solid understanding of a few core concepts in the field of reverse engineering. Being well-versed in these areas would significantly enhance your ability to solve the challenge efficiently and effectively.

The key prerequisite is an understanding of registers and calling conventions. In simple terms, registers are temporary storage spots in the CPU where the program stores important data, and calling conventions dictate how functions get their arguments from these registers. A thorough comprehension of these concepts is crucial in navigating the debugging journey seamlessly. For an in-depth exploration of these topics, we highly recommend our detailed guide on reverse engineering.

In addition, an introductory understanding of GDB and its operations forms an essential component of the knowledge base required for the challenge. This includes understanding how to install GDB, navigate its interface, disassemble programs, and execute them line by line. To solidify your foundation in these areas, we invite you to peruse our first guide focused on GDB within the context of a PicoCTF challenge.

With these prerequisites in place, you’ll find yourself well-equipped to conquer the GDB Baby Step 2 Challenge.
Remember, the journey of reverse engineering is all about continuous learning and exploration. So, keep exploring, keep experimenting, and let’s gear up for the exciting journey ahead.

Preparing for the Challenge

Prior to diving into the challenge, we must ensure the readiness of our debugging environment. The first task is to procure the challenge file from the PicoCTF platform.
To do that, let’s find the challenge named “GDB Baby Step 2” in the reverse engineering section you can see in the screenshot:

GDB Baby Step 2 description

With our previous guide, you would have already set up GDB on your Linux machine. As we did there, our choice fell on a Kali Linux machine which is more than sufficient for the purpose.
If not, our introductory guide on GDB provides comprehensive instructions for the setup.

Download the file (debugger0_b) into your working directory in your chosen machine with GDB and then open a terminal pointing there.

With the environment prepared and the challenge file at hand. We are set to embark on the journey of GDB debugging.
As we progress, the aim is not only to successfully solve the challenge but also to enhance our understanding of GDB’s operations.
Stay focused, and let’s navigate our way to the solution to the Challenge.

Unlocking the Challenge: Extracting the Flag

Overview Of The Challenge

With our prerequisites firmly in place and a good grasp of the foundational concepts, let’s roll up our sleeves and delve into the heart of the GDB Baby Step 2 Challenge – reverse engineering the code.

First off, start our program under GDB, using this command in your terminal

gdb debugger0_b

Remember to set your assembly syntax to Intel, with

set disassembly-flavor intel

providing a more comprehensible assembly language layout (that’s just my opinion if you prefer you can leave the AT&T syntax).

Next up, we need to identify our target function. Use the

info functions

command to list all functions in the program.

GDB Baby Step 2 functions

From the resulting output, it’s evident that our function of interest is main. To disassemble it, you can simply use

disassemble main

You’ll notice the code here appears more complex than in the previous challenge.

GDB Baby Step 2 assembly code

However, given the nature of Capture The Flag (CTF) competitions, time is of the essence. As suggested by the challenge description, we’re focusing on the dynamic analysis aspect.

Debugging in practice

Start by setting a breakpoint at the ‘main’ function using

break main

Following this, to get a clearer picture of the assembly code, set the layout to assembly using

layout asm

and then run the program using the command:

run

The execution halts at the first instruction of ‘main’, but we need the content of the EAX register at the function’s end. The function ends with the ‘ret’ instruction at address 0x401142.

breakpoint on main

The game plan? Set a breakpoint at 0x401142 (the address of the return instruction), continue the execution, and then extract the decimal value of the EAX register.

Set the breakpoint at 0x401142 using the:

break *0x401142

with the asterisk signifying a memory address.
Now, let’s let the program run its course with the command (abbreviation for “continue”):

c

As you’ll see, the pointer now points to the desired address. If you’re unsure, you can check the content of the instruction pointer register (RIP) using:

info registers rip
breakpoint on return instruction

With the program halted at the correct location, it’s time to retrieve the value of the EAX register. Use:

print/d $eax

Voila, here’s the result!

get the flag of GDB Baby Step 2 from eax

The flag we’ve been hunting for is picoCTF{307019}.
Now, simply input this into the challenging field, and bask in the glory of a job well done!

Completing GDB Baby Step 2

By methodically breaking down the steps and moving through the process, you’ve cracked the GDB Baby Step 2 Challenge.

Conclusion

We’ve reached the end of our dive into the GDB Baby Step 2 Challenge, yet this represents just one step in your larger journey towards mastering reverse engineering and the GDB debugger. By applying the skills and knowledge gained, you’ve successfully navigated the task, unlocking another layer of understanding in the process.

The true beauty of such challenges lies in the opportunity they provide to broaden your skillset and deepen your comprehension of intricate software concepts. GDB, with its immense capabilities, is a tool that continues to unravel its depth with each use. Today, you’ve scratched a little deeper beneath the surface, but there’s a world of potential still waiting to be explored.

As you continue your journey, always remember that progress comes with practice, and mastery with consistency. With each challenge you take on, you’re not only getting better at solving it but also enhancing your understanding of how software works at a granular level. In the vast landscape of software debugging and reverse engineering, every small step forward, like the one you’ve taken today, matters.

The world of reverse engineering is an ever-evolving arena, and at StackZero, we’re committed to helping you stay at the forefront. Continue to tune in to our blog and follow us on our social media channels for a constant stream of insightful content and engaging challenges that’ll keep your learning momentum alive.

Together, let’s take more strides towards mastering the art and science of reverse engineering. Let the curiosity within you guide your steps, and let the challenges we present stir your desire to learn, grow, and conquer.
Until next time, keep exploring, keep learning, and most importantly, keep stepping ahead.

Tags: ctfcybersecuritydebugginggdbpico ctfpicoctfreverse engineering
Previous Post

Cracking PicoCTF Challenge: GDB Baby Step 1

 Next Post

GDB Baby Step 3: Unraveling Debugging Secrets
Next Post
GDB Baby Step 3: Unraveling Debugging Secrets

GDB Baby Step 3: Unraveling Debugging Secrets

You might also like

Cryptographic functions

Cryptographic Hash Functions in Python: Secure Your Data Easily

November 3, 2024
Malware Obfuscation Techniques: All That You Need To Know

Malware Obfuscation Techniques: All That You Need To Know

March 25, 2024
How To Do Process Enumeration: An Alternative Way

How To Do Process Enumeration: An Alternative Way

March 4, 2024
How To Do DLL Injection: An In-Depth Cybersecurity Example

How To Do DLL Injection: An In-Depth Cybersecurity Example

February 8, 2024
Process Injection By Example: The Complete Guide

Process Injection By Example: The Complete Guide

January 24, 2024
How To Build Your Own: Python String Analysis for Malware Insights

How To Build Your Own: Python String Analysis for Malware Insights

November 10, 2023

StackZero

StackZero is a specialized technical blog dedicated to the realm of cybersecurity. It primarily provides insightful articles and comprehensive tutorials designed to educate readers on developing security tools. The blog encompasses a broad spectrum of subjects, starting from the foundational principles of cryptography and extending to more sophisticated areas such as exploitation and reverse engineering. This makes StackZero an invaluable resource for both beginners and professionals in the field of cybersecurity.
The blog covers a wide range of topics, from the basics of cryptography to the more advanced topics of exploitation and reverse engineering.

Tags

application security blind sqli blind sql injection bruteforce c cesar cipher command injection cryptography ctf cybersecurity debugging dom-based xss dvwa ethical-hacking ethical hacking exploitation file inclusion gdb hacking injection javascript malware malware analysis malware evasion network-security pentesting lab picoctf pico ctf python reflected xss reverse engineering sql sqli sql injection static analysis stored xss substitution substitution cipher vulnerable application web application security web exploitation web security windows windows api xss
  • About Me
  • Contacts
  • HomePage
  • Opt-out preferences
  • Privacy Policy
  • Terms and Conditions

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
No Result
View All Result
  • Homepage
  • Cryptography and Privacy
  • Ethical Hacking
  • Reverse Engineering
  • Contacts
  • About Me