CTFtime.org

added protection

by InersIn / PARSECT

Tags: reverse engineering 

Rating:

### I just relized when i run this program using ltrace, program is do memcpy.
![](https://miro.medium.com/max/700/1*lt18d9CEzdungXTKIol49g.png)

### so i think the flag maybe saved on memory, so i open it with gdb and add breakpoints after program doing memcpy.
![](https://miro.medium.com/max/529/1*7SYj2PCOaJvBG4WCcBn-iA.png)

### and i do dump memory.
![](https://cdn-images-1.medium.com/max/800/1*erXCwTfijUdCcM0iuAo5NQ.png)

### and i open file that contain memory dump from the program using hexeditor and search for flag format.
![](https://cdn-images-1.medium.com/max/800/1*iNL29E56VL-RlgErf4vRAg.png)

> DUCTF{adv4ncedEncrypt3dShellCode}

[my blog](http://medium.com/@InersIn)

Comments