STRIPPEDGO

Proof of flag

ctf{a4e394ae892144a54c008a3b480a1b22a6b64dd26c4b0c9eba498330f511b51e}

Summary of the vulnerabilities identified

Seek to the main of the program (sym.go.main.main) and extract the string before it gets encrypted

Proof of solving

We start off by running file

$ file rev_strippedGo_strippedGO
rev_strippedGo_strippedGO: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically
linked, Go
BuildID=pbHcqNyu7oMwNz2AOwlC/ipoepuEEs9kTpe_InyYc/zxH96PaxbdfxJ2l96QnT/-SUbqa7STSlM69LnCs6A,
stripped

So it’s a go binary and it’s stripped, at least the title didn’t lie to us. We open it up in radare.

I started seeking until I found something interesting

I ended up in sym.go.main.main

0/00400210 4000402400 mos divora Francis rev
0x0049b1fe 488d4c2460
0x0049b203 mov qword [var_18h], rcx
0x0049b208 mov qword [var_18h], 1
0x0049b211 mov qword [var_20h], 1
0x0049b21a
0x0049b21f 488d442440
0x0049b224 mov qword [rsp], rax
0x0049b228 488d05369202.
0x0049b22f mov qword [var_8h], rax
0x0049b234 mov qword [var_10h], 0x20 ; [0x20:8]=-1 ; 32
0x0049b23d 0f1f00
0x0049b240 e8bb04fb ff
0x0049b245
0x0049b24a 488b4c2420
0x0049b24f 488b542428
0x0049b254 48890424 mov qword [rsp], rax
0x0049b258 mov qword [var_8h], rcx
0x0049b25d mov qword [var_18h], rdx
0x0049b262 488d05cd5b02.
0x0049b269 mov qword [var_18h], rax
0x0049b26e mov qword [var_20h], 0x10 ; [0x10:8]=-1 ; 16
0x0049b277
0x0049b27c 488b442428
0x0049b281
0x0049b286 mov qword [rsp], rax
0x0049b28a mov qword [var_8h], rcx
0x0049b28f
0x0049b294 488b442410
0x0049b299

I don’t know how string are stored in go but ‘g01sn0tf0rsk1d1e’ seems interesting. And indeed it’s the secret message.

STRIPPEDGO

STRIPPEDGO #

Proof of flag #

Summary of the vulnerabilities identified #

Proof of solving #

STRIPPEDGO

Proof of flag

Summary of the vulnerabilities identified

Proof of solving