Challenge: Sometimes we need to hide something, to not be too obvious and to keep it away from evil eyes!
Attached file: LookAtMe.exe
Ok, finally some reversing. But not windows, its an ELF linux file.
First thing we do, is throw the file at ODA. We can already see part of the flag, but lets run the code through gdb anyway. Just stepping a bit over the code, would reveal a flag!
But whoops, this string was not accepted as the correct solution.. I guess there is a reason the challenge said “need to hide something, to not be too obvious”…
Looking at the execution graph from ODA, a few things pop out:
There’s an XOR 0x55 operation in a loop. Lets take a better tool and do some more stepping:
Another, hidden flag is reveled!
Flag: xmas{MustbeSanta}
What did I learn: Kali Linux EDB!
