bbbbloat Turing Complete, Mostly

bbbbloat

Project Honeynet challenges in 2010 were the first forensic challenges I stumbled across. Since then many of these platforms sprang up. There are so many to choose from; hack the box, try hack me, PicoCTF, and hundreds of other CTFs and leetcode programming challenges. Not to mention Advent of Code.

I've always found security and reverse engineering interesitng though I haven't had time to commit to learning it to the extent that I would have liked. Prior to this I've completed a singular challenge from https://crackmes.one/.

Enter PicoCTF

I found a few minutes to try the bbbbloat reverse engineering challenge from PicoCTF.

I'm currently using an M1 Mac. All of my tools are arm64 but bbbbloat is a amd64 binary. I came across box64 which can be used to run amd64 on an arm architecture.

Running the program prompts for the input of a number.

My assembly experience might be pretty much limited to 8080 assembly in school 2 decades ago though I've always appreciated its application in exploit development.

The methodology?

Open Ghidra and Scroll around to find the the entry function, what would be main(). This function contains an if statement that compares against a number. This took less than a minute to find. Enter the number and the flag is printed out! Luck had nothing to do with it...

xlimage xlimage

Enter the flag - Success!

xlimage

This challenge has a 96% solve rate!

Wow! Phew, confidence still in tact!

More Posts

Minimum viable blog

Properly Sciolistic Security

Trilemmic Paradigms as Applied to Forced Induction

The Path to Solder Reflow

What the Tic Tac?

Timing belt maintenance

How to save 13¢ per day