DefCamp Capture the Flag 2020 - StrippedGO :: ABHw0rld's blog

Context :

This week-end, I participated in the Defcamp Capture the Flag 2020 with my team RootMeUpBeforeYouGoGo We have been ranked 10th.

I heard you can’t redo what’s deleted. Is that true?

For this challenge, I used Binary Ninja and the nice plug-in Restore Golang Symbols by Daniel Weber

We are given a stripped go binary.

When we run the program we see an encoded message :

First run

We have to find the original message.

I started gdb with a breakpoint at the EncryptAes function to analyse it (0x49b340)

GDB

But no further investigation was necessary, we simply have the original message in rax

Flag : g01sn0tf0rsk1d1egc