picoCTF 2022 | unpackme Write-up

Challenge description

Can you get the flag? Reverse engineer this binary.

Category: Reverse Engineering


First, from reading the hint, I tried to look up UPX => it’s an executable packer. Understanding what this is is not entirely needed to overcome the challenge, the important thing is I’ll have to install upx to unpack the provided executable.

After installing, I did so with the upx -d unpackme-upx

From here I tried a few different methods to find the flag, such as the ones outlined here.

strings, ltrace, and gdb did not seem to help, so I decided to take the plunge and opened the program up in ghidra, using the tool for the first time.

After fumbling around a bit, I managed to locate the main() function:

Our all-important clue

The program will ask you for a number, and if it is equal to “0xb83cb”, it will print out the flag.
The “0x” prefix means that this is a hexadecimal value, and conveniently, one only needs to hover over it in ghidra for it to automatically convert it into a decimal value! In this case, “0xb83cb” is “754635” in decimal.

Just run the program and input 754635 when prompted for the flag!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: