back to blog

DownUnderCTF 2025 — rocky (100 pts)

September 1, 2025 ctfdownunderctf-2025misc

Description

Dear CSI,

An underdog boxer gets a once-in-a-lifetime shot at the world heavyweight title and proves his worth through sheer determination.

Regards,
jzt

Attachments

Solution

We were given a binary file named rocky

jedi@aqua: /mnt/d/CTF/ductf/rev
$ file rocky                                                                                                           
rocky: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=12a85b1a1e6c5bb107276f005ddac83c26136f0b, for GNU/Linux 3.2.0, not stripped

When we run it, it ask for an input

If the input is wrong, the out of the program is Hash mismatch :(. We need to investigate how the binary works, one of the tool that we can use is IDA. We open IDA, and then check the main function

We see several points here :

  1. The program takes up to 16 characters of input and removes the newline
  2. It computes the MD5 hash of the input and compares it to a hardcoded target
  3. The target MD5 hash is split into two 64-bit integers
  4. If the hash matches, the program proceeds to reverse the input and run a decryption function
  5. The MD5 target, after being converted to little-endian format, is 70924d0cf669f9d23ccabd561202351f

So now, we just need to check is there any string that has MD5 value that match the target hash. We can check it in the crackstation, and we get the string to uncover the flag from the program

Flag

DUCTF{In_the_land_of_cubicles_lined_in_gray_Where_the_clock_ticks_loud_by_the_light_of_day}