Purpose: Input the correct key to decrypt file (EXE)
File name: run.exe
File type: Portable Executable 32
File info: UPX v3.0
Using CFF explorer to unpacked this file, then using IDA to decompile it. First, program calculate lenght of key [ebp – 0C] and open the “file” (encrypted file)
Then, it read file to memory at byte_5415B8
Then, the memoy will be decrypted with key.
Look to the ASM code, we can rewrite decrypt code segment to Python
That is xor encrypt, if we find the part of clear file, we will find out the key. As we all know, EXE files have the same dos_header. So we can easily find the key.
Key = letsplaychess
Enter key to decrypt file, we get “file” is PE file. Then we run and get the flag. (Notice if windows decide file msvcr100d.dll, download it to same folder and run again)
Flag: Colle System