Tags: elf ltrace strace
Rating:
# Abstract
For the detailed version see the [Github page](https://github.com/KamilPacanek/writeups/blob/master/ctf/HTB.CA2021/passphrase.md).
## ToE
We are given the `passphrase` file.
## Analysis
First things first, analyze what we have with file:
```
$ file passphrase
passphrase: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked,
interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=60f6b6064d2e34a2b6a24dda9feb943b0b8c360f, not stripped
```
Symbols are left within the executable. This is good as it makes working with the file easier. Then I did quick lookups with `ns`, `objdump`, `ldd` and it helped me to establish that program compares user input with some string. So we need to find that string.
I'm using `strace` and `ltrace` having the latter one to show me the value I was looking for.
```
strlen("\nTell me the secret passphrase: "...) = 32
sleep(1) = 0
fgets(dsada
"dsada\n", 40, 0x7f8568531980) = 0x7ffc986e2da0
strlen("dsada\n") = 6
strcmp("3xtr4t3rR3stR14L5_VS_hum4n5", "dsada") = -49
printf("\033[31m") = 5
strlen("\nIntruder alert! \360\237\232\250\n") = 22
```
So after presenting a secret passphrase, the executable gives us the flag:
```
strlen("\nTell me the secret passphrase: "...) = 32
sleep(1) = 0
fgets(3xtr4t3rR3stR14L5_VS_hum4n5
"3xtr4t3rR3stR14L5_VS_hum4n5\n", 40, 0x7f461a61c980) = 0x7ffd79ab8ec0
strlen("3xtr4t3rR3stR14L5_VS_hum4n5\n") = 28
strcmp("3xtr4t3rR3stR14L5_VS_hum4n5", "3xtr4t3rR3stR14L5_VS_hum4n5") = 0
puts("\342\234\224"✔
) = 4
printf("\033[32m") = 5
printf("\nSorry for suspecting you, pleas"..., "3xtr4t3rR3stR14L5_VS_hum4n5"
Sorry for suspecting you, please transfer this important message to the chief: CHTB{3xtr4t3rR3stR14L5_VS_hum4n5}
```
## Solution
> `CHTB{3xtr4t3rR3stR14L5_VS_hum4n5}`