picoCTF: GDB baby step 1 (Reverse Engineering)

[roaris]

https://play.picoctf.org/practice/challenge/395

[roaris]

mov eax, 0x86342とあり、0x86342を10進数に直したものがフラグ

gdb-peda$ b main
Breakpoint 1 at 0x1131
gdb-peda$ r
Starting program: /home/roaris/picoCTF/reversing/395/debugger0_a
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Warning: 'set logging off', an alias for the command 'set logging enabled', is deprecated.
Use 'set logging enabled off'.

Warning: 'set logging on', an alias for the command 'set logging enabled', is deprecated.
Use 'set logging enabled on'.
[----------------------------------registers-----------------------------------]
RAX: 0x555555555129 (<main>:    endbr64)
RBX: 0x7fffffffe068 --> 0x7fffffffe30a ("/home/roaris/picoCTF/reversing/395/debugger0_a")
RCX: 0x7ffff7f9e840 --> 0x7ffff7fa0300 --> 0x0
RDX: 0x7fffffffe078 --> 0x7fffffffe339 ("HOSTTYPE=x86_64")
RSI: 0x7fffffffe068 --> 0x7fffffffe30a ("/home/roaris/picoCTF/reversing/395/debugger0_a")
RDI: 0x1
RBP: 0x7fffffffdf50 --> 0x1
RSP: 0x7fffffffdf50 --> 0x1
RIP: 0x555555555131 (<main+8>:  mov    DWORD PTR [rbp-0x4],edi)
R8 : 0x5555555551b0 (<__libc_csu_fini>: endbr64)
R9 : 0x7ffff7fcfb10 (<_dl_fini>:        push   r15)
R10: 0x7ffff7fcb858 --> 0xa00120000000e
R11: 0x7ffff7fe1e30 (<_dl_audit_preinit>:       mov    eax,DWORD PTR [rip+0x1b022]        # 0x7ffff7ffce58 <_rtld_global_ro+888>)
R12: 0x0
R13: 0x7fffffffe078 --> 0x7fffffffe339 ("HOSTTYPE=x86_64")
R14: 0x0
R15: 0x7ffff7ffd000 --> 0x7ffff7ffe2d0 --> 0x555555554000 --> 0x10102464c457f
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0x555555555129 <main>:       endbr64
   0x55555555512d <main+4>:     push   rbp
   0x55555555512e <main+5>:     mov    rbp,rsp
=> 0x555555555131 <main+8>:     mov    DWORD PTR [rbp-0x4],edi
   0x555555555134 <main+11>:    mov    QWORD PTR [rbp-0x10],rsi
   0x555555555138 <main+15>:    mov    eax,0x86342
   0x55555555513d <main+20>:    pop    rbp
   0x55555555513e <main+21>:    ret
[------------------------------------stack-------------------------------------]
0000| 0x7fffffffdf50 --> 0x1
0008| 0x7fffffffdf58 --> 0x7ffff7df26ca (<__libc_start_call_main+122>:  mov    edi,eax)
0016| 0x7fffffffdf60 --> 0x7fffffffe050 --> 0x7fffffffe058 --> 0x7ffff7fc3160 --> 0x7ffff7dcb000 --> 0x3010102464c457f
0024| 0x7fffffffdf68 --> 0x555555555129 (<main>:        endbr64)
0032| 0x7fffffffdf70 --> 0x155554040
0040| 0x7fffffffdf78 --> 0x7fffffffe068 --> 0x7fffffffe30a ("/home/roaris/picoCTF/reversing/395/debugger0_a")
0048| 0x7fffffffdf80 --> 0x7fffffffe068 --> 0x7fffffffe30a ("/home/roaris/picoCTF/reversing/395/debugger0_a")
0056| 0x7fffffffdf88 --> 0xa7abc6d2fd3416fa
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value

Breakpoint 1, 0x0000555555555131 in main ()
gdb-peda$ exit

┌──(roaris㉿DESKTOP-G3SGKDT)-[~/picoCTF/reversing/395]
└─$ python
Python 3.11.8 (main, Feb  7 2024, 21:52:08) [GCC 13.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> 8*16**4+6*16**3+3*16**2+4*16+2
549698