BuringStraw

BuringStraw

HomeArchives

Spun around by Harmony

#reverse#risc-v47
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author was tricked by Harmony and had to solve a reverse engineering challenge involving RISC-V. They struggled to decompile the code but eventually found the flag by modifying the code and reversing the order of characters. The challenge was considered simple overall, with the difficulty level not as high as expected. The official write-up includes a tutorial on running and debugging system images, which is worth studying.

(Attachment here https://github.com/R0IS/RCTF2021/blob/main/Recv/Harmony/Harmony/liteos)

Randomly encountered the Hi!Harmony! challenge on xctf. Why emphasize on xctf? Because there are no attachments on xctf. There's only one sentence in the description:

Hello, hackers! Have you ever heard of pangu, the creator of the world in Chinese mythology?

Staring at this sentence for tens of seconds (maybe not that long), I thought, the possibility of forgetting to provide attachments for this challenge is greater than this sentence being the actual challenge description.

Found the file online. Can't decompile risc-v with cutter, ida, it's impossible to read assembly. Ghidra can show pseudo code.

Entered the entry point, very complex, looking at the output, seems like it's loading the system. Checked the write-up, located the detection function based on strings. Oh my, I forgot. I'm paper.

A long segment of assignment inside the function. Seems like I need to change a variable type to an array. Right-click. Why no option??? Oh well, let's read it hard...

two thousand years later. How about changing the function name to main? Why is it called an undefined function?? Right-click to define function. Okay, can change the variable now...

Hahaha, it directly output the flag, why are there challenges that decrypt the flag themselves and then output it, so lame.

Copied the pseudo code, modified the array assignment part. Vaguely remember the flag has a format. Opened the write-up, why is the flag different from mine. Okay, little endian. Reverse it.

After messing around with vim's block editing for a while, finally, reverse one line=reverse all. Output.

Why is the length incorrect, missing a few characters? Some characters decrypted as blank characters. When editing the variable type, didn't fill in the correct array length, so the later data assignment doesn't display. Need to infer the true length of the array based on the for loop.

That's it. Overall, it's quite simple. Probably not as difficult as the unmarked difficulty suggests. The official write-up includes tutorials on running and debugging system images, which is very worth learning. (https://blog.rois.io/2021/rctf-2021-official-writeup-2/#Harmony)

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.