Challenge BIN100 “Dice Revenge”
The goal of this task is to throw a sequence of numbers asked by the program.
The goal of this task is to throw a sequence of numbers asked by the program.
mov dword ptr [esp], 0 call _time mov [esp+54h], eax ; This binary uses the timer function as anti-debuging trick
;so we have to avoid; its execution by nopsled it.
call _rand
mov ecx, eax
mov edx, 2AAAAAABh
mov eax, ecx
imul edx
mov eax, ecx
sar eax, 1Fh
sub edx, eax
mov eax, edx
add eax, eax
add eax, edx
add eax, eax
mov edx, ecx
sub edx, eax
lea eax, [edx+1]
mov [esp+50h], eax ;
;The variable [esp+50h] will receive the random number generated
;after typing enter, lets just make a breakpoint here, and change
;the value of the register eax to the evalue needed in the current sequence
cmp dword ptr [esp+50h], 1
jnz short loc_8048F00
And so on until we validate all the sequence and get the flag, you should see somthing like :[*] ebCTF 2013 - BIN100 - Dice Game To get the flag you will need to throw the correct numbers. [*] You will first need to throw a three, press enter to throw a dice! ------- | O | | O | | O | ------- [*] You rolled a three! Good! [*] Next you will need to throw a one, press enter to throw a dice! ------- | | | O | | | ------- [*] You rolled a one! Very nice! [*] Next you will need to throw another three, press enter to throw a dice! ------- | O | | O | | O | ------- [*] You rolled a three! Awesome! [*] Throw another three for me now, press enter to throw a dice! ------- | O | | O | | O | ------- [*] You rolled another three! Almost there now! [*] The last character you need to roll is a seven.... (o_O) Press enter to throw a dice! ------- | O O | | O O O | | O O | ------- [*] You rolled a seven, with a six sided dice! How awesome are you?! [*] Nice job, here is the flag: ebCTF{9a9689dbd47a1fd3fc0bf17d60edf545}