Reversing ELF

Tools used : Ghidra & Radare2





Analyze all
List all functions
Print disassembled function
Sets a breakpoint at address


Start up radare to debug the code.

The program compares user input (scanf) and sym.strcmp_

Set up a break point before the comparison at 0x00400829

Show the hexdump on both variables one of the variables consists of the password.


Use Ghidra to view the main function.

Inside the main function view the compare_pwd function.

View the my_secure_test function.

Password check can be found 1337_pwd


Using the strings command we find a unknown string.

Use Ghidra to dissemble the program.

In the main function we can find an option to give the flag. Convert the hex number to decimal.


Start up Ghidra to examine the main function of the code.

Input variable has to be -0x35010ff3 in order to get a flag.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s