Behind the Scenes

Content: This is a very easy reversing challenge from Hackthebox.
I tried to dynamically analyze the binary at first by interacting with it using ltrace and strings, but we get nothing.
as we can see we hit an illegal instruction , weird right ?
When opening Ghidra, we see in main an incomplete code, which is very weird, and when examining assembly, we see the last instruction is “UD2“ and after comes a broken missing code.
after doing some research, the UD2 instruction is a trap that stops the disassembler from disassembling the rest of the code, and it's used for testing and intentionally crashing the program. Well, no problem, after opening GDB and disassembling main, we luckily see everything, and after examining the addresses of every cmp as string, we get the password and we surround it with HTB{}.
we can see these values and their representation as strings, and that's the flag:
And that’s all, this challenge teaches us about the UD2 instruction and how it can obfuscate the disassembler. Hope this article was helpful!
Subscribe to my newsletter
Read articles from Yahya Mouelhi directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Yahya Mouelhi
Yahya Mouelhi
Hello world , my name is Yahya Mouelhi i'm currently an ICT student and m passionate about cybersecurity specially Binary exploitation and REverse engineering , i dedicate a good to time in learning and m enjoying what i do , hope u like my blogs !