wargames CTF - deus x64 one

Reverse Engineering CTF. 

These are a series of challenges which need to be solved. We will be using Binary Ninja to reverse engineer the program. The program looks as follows with 3 different sections: 

1. x64_ASM

Lets begin with section 1) x64_ASM. After pressing 1, we are presented with the following screen which asks for 2 args: 

Lets begin reverse engineering. 
The source code shows this function which handles the logic. 

As we can see the instruction_test(arg1, arg2) function plays a crucial role. Lets take a look at its assembly 

Very simple. If the result of the function does not equal 0x7a69 (31337), evaluation failed. Going back to the assembly provided in the first screenshot, some quick maths gives us the answer 30569. Therefore arg1 = 0 and arg2 = 30569

2. serial

The second challenge asks for a serial.

Source code below:

As you can see, the check_serial(serial) function does the heavy lifting. Lets analyse its assembly.

The check_serial function looks to see if each value of arg1 is a particular number converting these hex to ascii gives us the following serial number: ​189715

3. encrypt

The third and final challenge asks for a password 

If you provide a password of the wrong length you receive this error:

Lets look at the code and begin reverse engineering. As we can see from the code below, the password needs to 14 characters long (0xe = 14).

Providing a password of length 14 gives us this screen.

It appears to check each character. Analysing the earlier source code and assembly shows the check is done under encryption_check(password). Lets disassemble this function. 

Following the logic of the disassembled function, we can see that it takes our arguments and encrypts them via XOR against 0x17. If the output does not equal gW""`xesHav{~s, then it goes to the invalid_encryped_char() function. 
Therefore gW""`xesHav{~s is our encrypted string and with this, we can write a very simple decryption routine to obtain the password.

Quick C++ program I wrote to decrypt and encrypt the strings for demo purposes. The decrypt function essentially reverses the XOR encryption routine. Encrypt function shows how the CTF challenge encrypts the password in the first place. Running the program outputs the following. 

1) The decrypted string = p@55w0rd_valid
2) The encrypted string = gW""`xesHav{~s

Entering the decrypted string into the CTF challenge shows us:

Finished. Hope you enjoyed it.