Just BC [reverse]

Just BC

We found this reference file for a program contained by a remote server, but we have no idea what it is. All we know is that whenever we connect there's a password prompt. Can you figure out what that password is?

The live instance is at challenges.tamuctf.com:4932.


tamu2020-just-bc.bin is LLVM IR. Assembling it with llc and then attempting to compile it shows that it's /rust/ . I'm out.

Ok, lets try.

So, with llc tamu2020-just-bc.b we create a just-bc.bin.s file, which we can grep for strings in a slightly more readable way than strings on the bin file:

└────╼ ag 'ascii
17672:  .ascii  "PoisonError { inner: .. }"
17677:  .ascii  "Error: "
17705:  .ascii  "park failed"
17710:  .ascii  "lmaoniceonebuddypalfriendolino"
17715:  .ascii  "src/main.rs"
17727:  .ascii  "Password: "
17732:  .ascii  "failed to write data to socket"
17737:  .ascii  "couldn't read from input stream"
17742:  .ascii  "Captured attempt: "
17756:  .ascii  "/flag.txt"
17761:  .ascii  "flag.txt wasn't found"
17766:  .ascii  "flag.txt wasn't readable"
17772:  .ascii  "lmao nice try, but that's not it"
17785:  .ascii  ""

We see two lines of interest here:

17772:  .ascii  "lmao nice try, but that's not it"
17710:  .ascii  "lmaoniceonebuddypalfriendolino"

This is rather suspicious, so let's check what the live challenge says when we put in a random pass:

└╼  nc challenges.tamuctf.com 4932
Password: bla
lmao nice try, but that's not it

Okay cool, so we know that that's the fail message, could the other string be the pass?

Password: lmaoniceonebuddypalfriendolino