It is quite common for beginner CTFs, that includes a binary, to hide some information in a function that is supposed to be unreachable or use a function to obfuscate a flag. Today we are finding out how to bypass all that nonsense.
The code
Here we have some simple C code. The function no_way_here is our goal, but it is never called.
1
2
3
4
5
6
7
8
9
10
#include <stdio.h>
void no_way_here() {
printf("Oh, I was wrong. You found it!");
}
int main() {
printf("You haven't got it yet\n");
return 0;
}
Compile the code with the command below and let’s go!
1
gcc demo.c -o demo
GDB
To gain access to the hidden function we can use GDB. Start it with:
1
gdb ./demo
If you just run the program you get the expected “You haven’t gotten it yet” line.
OPTIONAL: If you already know which function you want to run you can skip this step. If you don’t know the function name you can use the command below to list all functions.
1
info functions
Aha, there it is! Let’s set a break point at main so we don’t immediatly exit the program when we run it.
1
2
b main
run
Now, let’s jump to our function with the following command:
1
jump no_way_here
And there it is! The output of our hidden function.
Try it out!
If you are just getting started I can recommend to test your skills in the following TryHackMe room. The difficulty is ranging from just run the file to actually getting some use out of this post towards the end.
https://tryhackme.com/room/reverselfiles
If you want to dig deep I can recommend Practical Binary Analysis by Dennis Andriesse. The book will teach you a lot about binaries and how they work AND is accompanied with a VM full of challenges!
https://practicalbinaryanalysis.com/