Assignment Overview
This assignment requires performing static and dynamic reverse engineering on the FluxArchiv application in order to identify how it validates and obfuscates passwords. By analyzing the executable and the archive file, the goal is to extract the hidden key and ultimately recover the real password using a brute-force approach.
Detailed Explanation
In this assignment, the objective is to reverse engineer the archiv executable on a Linux system to understand how it processes and validates passwords against the FluxArchiv.arc file. The process begins by running the program normally (./archiv) to observe its help output and understand the expected command-line arguments.
Next, static analysis is performed using Ghidra. By importing the archiv binary into Ghidra, the programs structure, function flow, and password validation logic can be examined. Special attention is given to functions related to file reading, string comparison, and any obfuscation or shuffle logic applied to the user-provided password.
The FluxArchiv.arc data file is then analyzed using Linux utilities. The file command is used to identify the file type, while hexdump -C -n 50 is used to inspect the first 50 bytes of the file in both hexadecimal and ASCII formats. This step helps identify the file header, version information, and potential key data stored within the archive.
Dynamic analysis is performed using strace and ltrace.
straceis used to monitor system calls such asopen,read, andlseek, allowing observation of which file offsets and byte lengths are read during password validation.ltraceis used to monitor library function calls such asfopen,fread,memcmp, andstrcmp, revealing how the program compares user input against data read from the archive file.
Using information gathered from the hexdump and tracing tools, Ghidra is revisited to correlate the observed behavior with the underlying code. This makes it possible to identify the exact locations of the archive header and the embedded key, as well as the obfuscation algorithm used to transform the input password before validation.
Once the key is extracted from the archive file, the provided Python 2.7 brute-force script (FLUXACRCHIV-BruteForce.py) is modified by replacing the placeholder string "STODO-KEY" with the extracted key. The script is then executed with a specified permutation count (e.g., python FLUXACRCHIV-BruteForce.py 15). When a permuted password matches the shuffled key, the script reveals the real password.
By following these steps, the assignment demonstrates practical skills in Linux-based reverse engineering, static and dynamic analysis, and basic cryptographic obfuscation reversal.
Get this or a similar paper done in as fast as 4 hours, 24/7.
NB: We do not sell prewritten papers. All essays are written from scratch according to specific needs and instructions
Leave a Reply
You must be logged in to post a comment.