BuringStraw

BuringStraw

HomeArchives

Spun around by Harmony

#reverse#risc-v48
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author was tricked by Harmony and had to solve a reverse engineering challenge involving RISC-V. They found the necessary files online and used Ghidra to analyze the code. After some trial and error, they were able to decrypt the flag and complete the challenge. The difficulty level was not too high, and the author recommends studying the official write-up for more insights.

(Attachment here https://github.com/R0IS/RCTF2021/blob/main/Recv/Harmony/Harmony/liteos)

Randomly came across the Hi!Harmony! challenge on xctf. Why emphasize on xctf? Because there are no attachments on xctf. Only a sentence in the problem description:

Hello, hackers! Have you ever heard of pangu, the creator of the world in Chinese mythology?

Staring at this sentence for tens of seconds (maybe not that long), I thought, the possibility of forgetting to provide attachments for this challenge is greater than this sentence being the problem statement.

Found the file online. Can't decompile risc-v with cutter, ida, it's impossible to read assembly. Ghidra can show pseudocode.

Entered the main function, very complex, looking at the output, seems like it's loading the system. Checked the write-up, located the detection function based on strings. Oh my, I forgot. I'm paper.

A long segment of assignment inside the function. Looks like a variable type needs to be changed to an array. Right-click. Why is there no option??? Oh well, let's read it hard...

two thousand years later. How about changing the function name to main? Why is it called an undefined function?? Right-click to define the function. Okay, can change the variable now...

Hahaha, it directly output the flag, why are there challenges that decrypt the flag themselves and then output it, too lame.

Copied the pseudocode, modified the array assignment part. Vaguely remembered the flag has a format. Opened the write-up, why is the flag different from mine. Okay, little-endian. Reverse it.

After messing around with vim's block editing for a while, finally, reverse one line = reverse all. Output.

Why is the length incorrect, missing a few characters? Some characters decrypted as whitespace. When editing the variable type, didn't fill in the correct array length, so the data assignment at the end is not displayed. Need to infer the true length of the array based on the for loop.

That's it. Overall, it's quite simple. Probably not as difficult as the unmarked difficulty suggests. The official write-up includes tutorials on running and debugging system images, which is very worth studying. (https://blog.rois.io/2021/rctf-2021-official-writeup-2/#Harmony)

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.