Binary Lock
🔍 Details
| Attribute | Details |
|---|---|
| Challenge Name | Binary Lock |
| Category | Reverse Engineering |
| Difficulty | 🔴 Hard |
| Flag | F4H{N4cLqFx3r7**********} |
📝 Description
A program asks for a password, but how does it work? The password verification logic is hidden within the binary itself. Determine the correct password to retrieve the flag.
In the terminal, pull the challenge image:
sudo docker pull public.ecr.aws/h7j1s9m0/fl4ghunt-ecr:binary_lock_ctfRun the container:
sudo docker run --rm -it public.ecr.aws/h7j1s9m0/fl4ghunt-ecr:binary_lock_ctfInside an interactive shell, execute:
./unlockme.out🧩 Hints
- The program requires a password as a command-line argument. Provide it when running the binary.
- Command "strings unlockme.out" won't reveal the flag—you need to reverse engineer the binary.
- Analyze function1 and function2 carefully—both conditions must be satisfied to find the correct password.
💡 Solution
This challenge requires participants to reverse-engineer a 64-bit binary named unlockme.out to retrieve a hidden flag. The flag is not visible via standard tools like strings because it's XOR-encrypted within the binary.
Steps:
- Run the binary and observe it requires a password:
./unlockme.out
# Usage: ./unlockme.out [password]- Disassemble with objdump:
objdump -t unlockme.out | grep " F "
objdump -d unlockme.out | less- Reverse logic
- One function confirms the password must be 8 characters long.
- Another function checks the first 4 characters must be "R3vE".
- Run following command to find the flag:
./unlockme.out R3vE1234📚 Insights
This challenge introduces participants to static binary analysis and reverse engineering:
- No source code is provided — analysis is done purely from disassembled output.
- XOR encryption prevents flag discovery via naive strings searches.
- Tools like objdump allow function discovery and inspection of binary logic.