NOVA CTF {2024} — Cipher Quest
REVERSE ENGINEERING CHALLENGE
Challenge Description:
Alex,a cybersecurity analyst, received an email with an attachment named confidential. Upon opening, it revealed an attachment .Your task is to reverse engineer the attachment and uncover the hidden password. Join Alex in this “Cipher Quest” to decode the attachment and reveal the secret password.
Analysing the File:
ELF stands for Executable and Linkable Format. It is a common file format for executable files, object code, shared libraries, and core dumps. ELF files are used on Linux and other Unix-based systems. The ELF format is versatile and can be executed on various processor types. It supports big-endian, little-endian, 32-bit, and 64-bit architectures systems and different CPUs. The ELF format has several capabilities, including dynamic linking, dynamic loading, imposing run-time control on a program, and an improved method for creating shared libraries.The ELF format is the standard binary format on operating systems such as Linux.
Strings:
Looking into Main Function
File opened in IDA and analysed
Looking into main function and program flow
These are the functions that contains Fake flags. You know if you tried decoding the base64 strings.
This is theFunction to decode Base64
This is the base-64 encrypted text we need to decode to get the secret password.
Now enclose the flag in Flag Format.
Finally we found the flag as
NOVA{Revers3_Archit3ct_Master_mind_Unlock3d}
Thanks For Reading :)
I hope you learnt something and enjoyed the challenge.Don’t miss out on my upcoming articles! Follow me on Medium for more insightful content. Clap and share this article.
Connect me via LinkedIn, https://www.linkedin.com/in/kishoreram-k/
Best of luck in capturing flags ahead!!!
