Geanu [Reverse]

Geanu

I found this interesting binary from my temp files, I wonder what it does.

Recon

Golang stripped binary, has some debug info still. You may recreate function names in Ghidra with go_func.py.

Main function seems to print Keanu pic with some UTF-8 codepoints then check on some condition. If true, it seems to do some crypt ops with AES and perhaps that's the flag.

Solution

Just skip the checks, see if that gives us a flag:

(gdb) b *0x00494fe4
Breakpoint 1 at 0x494fe4
(gdb) c
The program is not being run.
(gdb) r
Starting program: /home/khaled/workspace/ctf/2021/midnightsun/re/geanu/geanu 
[New LWP 54254]
[New LWP 54255]
[New LWP 54256]
⡿⡿⣻⢿⢿⢿⢿⢿⣿⣿⣿⠟⡋⠍⠊⠌⠌⠌⠂⠊⠄⠂⠙⠿⠻⡻⠻⢛⠻⠿⢿⣿⣿⣿⣿⢿⢿⢿⢿⣻
⣗⡽⡮⡷⣽⣺⣽⣿⣾⠟⠈⠄⠄⡀⢁⠂⢘⠈⡈⡠⠁⠄⢀⠘⠄⠄⠈⠄⠄⠄⠈⠈⠳⠻⣯⣿⣽⣞⣵⡳
⣗⢯⢫⢯⣷⡿⣽⠏⡁⠁⠄⠄⠄⢄⠅⠐⡂⠁⠁⠄⠄⠄⠐⡑⠄⠌⡄⠅⠄⡀⠄⠄⠄⠄⠘⢿⣻⣾⣳⢯
⣿⡴⣤⠅⢓⢹⢜⠁⡀⠄⠄⡡⠈⠂⡀⠄⠄⠄⠄⠄⠄⠄⠐⠘⢀⠄⠄⡀⠄⠠⠁⡀⠄⠄⠄⠄⠙⣿⣿⣟
⠿⢿⠻⢝⣿⡿⢢⢁⢀⢑⠌⠄⡈⠄⠄⠄⠄⢀⣰⣴⣴⣬⣄⣀⠂⠄⠂⠄⢀⠄⠄⠄⠄⠄⠄⠄⠄⢟⣿⣿
⡀⠄⠄⣸⣾⣛⢈⠄⢸⠐⠄⠨⠄⠄⠄⡀⣜⣞⣾⣿⣯⣿⣿⣿⣄⡀⢴⢼⣐⢬⠠⠄⠐⠄⠄⠄⠄⠘⣿⣿
⠋⣀⣵⣿⣽⡇⢃⢘⠜⠅⠈⠄⠄⢀⢔⣿⣿⣿⣿⣿⡿⣽⢾⢿⣳⢷⢿⡯⣷⣿⡌⠄⠄⠨⠄⠄⠄⠄⣻⣿
⠄⣿⣿⡟⣾⠇⢠⠧⠁⠄⠄⡀⠄⣰⣿⣿⣯⡏⣯⢿⢽⡹⣏⢿⡺⡱⢑⠽⡹⡺⣜⢄⠅⠄⠈⡀⠄⠄⢸⣿
⣾⣻⢳⣝⡯⢡⢹⣇⠄⠐⠄⠄⢠⣺⣿⣿⣿⢾⣿⢽⡵⣽⡺⣝⢎⢎⢶⢕⢌⢭⢣⢑⠄⠄⠄⠈⠄⠄⢸⣿
⣿⠧⢃⡳⠉⡈⢮⠃⠄⠄⠇⠄⣔⣿⣿⣿⣾⣿⣯⣯⢿⢼⡪⡎⡯⡝⢵⣓⢱⢱⡱⡪⡂⠄⠐⠄⠂⠄⠰⣿
⡿⢡⢪⠄⢰⠨⣿⠁⢈⣸⠄⠄⢿⢿⣻⢿⣽⣿⣿⣿⣿⣻⣮⢮⣯⣾⡵⣪⡪⡱⣹⣪⡂⠄⠄⢈⠄⠄⠄⣿
⣈⡖⡅⠄⢪⢴⢊⠁⢐⢸⠄⠄⡨⡢⡈⠈⠉⠻⢟⣷⡿⣟⢗⣽⡷⣿⢯⣞⣕⣧⣷⡳⠅⠄⠅⢐⠄⠄⠄⣿
⡣⡟⠜⠸⡁⣷⠁⠄⢅⢸⡀⠄⠄⠈⡀⠥⠄⡀⠄⠄⠈⠐⣷⡳⠙⠕⠩⠘⠁⠃⠁⠄⠄⠄⡂⢆⠄⠄⠄⣸
⣻⠍⠄⢣⣣⠏⠠⠐⠌⣪⠃⡐⢔⢌⡛⡎⡢⠄⢀⢄⢠⣳⣿⡎⠄⠄⢀⠤⠄⡈⠌⠊⠄⢀⠘⠨⠄⠄⠄⢸
⠑⠠⢂⢮⡳⠠⠂⠁⡅⡯⠐⢨⡺⡌⡯⡪⣞⣼⣵⡧⣟⣿⣿⣗⠄⠄⠐⡢⣒⢆⢐⢠⠁⠄⠄⠈⠄⠄⠄⢻
⢅⢢⠫⡫⠙⠨⠄⣃⢎⡗⢈⠰⠸⡸⡸⣝⣿⣿⡗⡽⣽⣿⣿⣿⠄⢐⣔⢽⣼⣗⣷⢱⠁⠄⠅⠁⠐⠄⠄⢾
⡵⣰⠏⡐⠱⡑⢨⡬⢻⡕⠐⠈⡪⡣⡳⡱⡳⠱⢍⣳⢳⣿⣿⣿⠄⢐⢵⢻⣳⣟⢎⠪⠄⠄⠐⠄⠄⠄⠄⣿
⡷⠁⡀⠄⠨⢂⣸⢉⠆⢑⠌⢠⢣⢏⢜⠜⡀⡤⣿⣿⣿⣿⣿⣟⠠⠄⠨⡗⡧⡳⡑⠄⠄⠄⠄⠄⠄⠄⠄⣿
⢖⠠⠄⢰⠁⢴⣃⠞⠄⠕⣈⣺⣵⡫⡢⣕⣷⣷⡀⠄⡈⢟⠝⠈⢉⡢⡕⡭⣇⠣⠄⠄⠄⠄⠄⠄⠄⠄⠄⣿
⢻⡐⢔⢠⠪⡌⢌⠆⠐⢐⢨⣾⣷⡙⠌⠊⠕⠁⠄⠊⡀⠄⠠⠄⠡⠁⠓⡝⡜⡈⠄⠄⠄⠄⠄⠄⡮⡀⠄⣿
⠘⢨⢪⠼⠘⠅⠄⠂⠄⡀⢻⣿⣇⠃⠑⠄⠒⠁⢂⠑⡔⠄⠌⡐⠄⠂⠠⢰⡑⠄⠄⠄⠄⠄⠄⢠⣡⢱⣶⣿
⢢⢂⠫⡪⣊⠄⠣⡂⠂⡀⠨⠹⡐⣜⡾⡯⡯⢷⢶⢶⠶⣖⢦⢢⢪⠢⡂⡇⠅⠄⠄⠈⠄⢰⠡⣷⣿⣿⣿⣿
⢑⠄⠧⣟⡎⢆⡃⡊⠔⢀⠄⠈⣮⢟⡽⣿⣝⡆⠅⠐⡁⠐⠔⣀⢣⢑⠐⠁⡐⠈⡀⢐⠁⠄⠈⠃⢻⣿⣿⣿
⢑⠁⢮⣾⡎⢰⢐⠈⢌⢂⠐⡀⠂⡝⡽⣟⣿⣽⡪⢢⠂⡨⢪⠸⠨⢀⠂⡁⢀⠂⠄⢂⢊⠖⢄⠄⢀⢨⠉⠛
⡰⢺⣾⡗⠄⡜⢔⠡⢊⠢⢅⢀⠑⠨⡪⠩⠣⠃⠜⡈⡐⡈⡊⡈⡐⢄⠣⢀⠂⡂⡁⢂⠄⢱⢨⠝⠄⠄⠄⠄
ksdljfd

Thread 1 "geanu" hit Breakpoint 1, 0x0000000000494fe4 in ?? ()
(gdb) j 0x00494ff9
Function "0x00494ff9" not defined.
(gdb) j *0x00494ff9
Continuing at 0x494ff9.
midnight{r3v3rs1n9g0L4ng5uck5}
[LWP 54256 exited]
[LWP 54254 exited]
[LWP 54250 exited]
[Inferior 1 (process 54250) exited normally]
(gdb) q

Flag

midnight{r3v3rs1n9g0L4ng5uck5}