Wednesday, 21 February 2018

CTF challenge Voyage_Of_Danger - WalkThrough

After a long time .... I know you don't really care 😅

Let's come to the point. Here is a Reverse engineering CTF challenge created by Chaitanya Haritash  . 

Let's Dive in !

Download : RE_chall.exe

-------------------------------------------------------------------------------------------------------------------

First of all, lets open it up :





Lets open it up with PEID :


PEID shows Nothing Found .. :/ Lets open it with Hex Editor now :


Nothing interesting at the starting, but if you scroll down to the end of the file, you will see this :




Now, that looks like its a python script converted into a binary executable.

Generally, a python script is converted into an executable by compressing all the code of required modules, scripts into a single exe file with a dll file to execute the code.

The Python interpreter was compiled using Microsoft Visual C, so our new program ( py > exe ) needs the Microsoft Visual C runtime DLL to run. If you have installed appropriate versions of Python or Visual Studio, then you will already have this DLL on your computer .

I found this link about reversing a python executable. Have a look at it.

Run the pyinstallerextractor tool :
python pyinstxtractor.py RE_chall.exe



You will find these files in the extracted folder. "ctf" is our main pyc file. As instructed in the above link, just add the magic number 03F30D0A00000000 to the starting of the file in hex editor and save it : 


save it as ctf2.pyc . Now, use the uncompyle6 tool to decompile this pyc file to original python code :


This command will save the source code into a file called fin.txt : 


Now , we got the source code ! Simply examining it for a moment, we can find the answers to all the questions asked !

Lupin's Pistol name : Walter P-32

Scientist's name : Bluma

Secret Key (Its not asked anywhere ) 
: Albina





Thank you for reading !