easy_one Walkthrough

(Updated: )
,
reference scifi's easy_one

Identify the binary with DIE:

Since I don’t have a MAC machine, I can only use ghidra to do some static analysis.

Load the binary with ghidra, and navigate to decompile:

According to man strcspn:

The strcspn() function calculates the length of the initial segment of s which consists entirely of bytes not in reject.

entry
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
undefined8 entry(void)

{
  size_t sVar1;
  char local_118 [9];
  char local_10f;
  long local_10;

  local_10 = *(long *)___stack_chk_guard;
  _printf("Enter the password...\n");
  _fgets(local_118,0x100,*(FILE **)___stdinp);
  sVar1 = _strcspn(local_118,"\n");
  local_118[sVar1] = '\0';
  sVar1 = _strlen(local_118);                    // length of the array
  if ((int)sVar1 == 10) {                        // length of the array equals to 10
    if (local_118[0] == local_10f) {             // the first element of the input, but what is variable local_10f
      _printf("Correct!\nthe password is: %s\n",local_118);
    }
    else {
      _wrong_password();
    }
  }
  else {
    _wrong_password();
  }
  if (*(long *)___stack_chk_guard == local_10) {
    return 0;
  }
                    /* WARNING: Subroutine does not return */
  ___stack_chk_fail();
}
1
2
3
MOVSX EAX, byte ptr [RBP + local_118]    ; first element of the array
MOVSX ECX, byte ptr [RBP + local_10f]    ; last element of the array
CMP EAX, ECX

So, the input must be:

  1. 10 chars without ‘\n’
  2. first char equals to the last char

proof

Run Mach-O binary on Linux with shinh/maloader: