Last week-end, I played some hours to the ebCTF teaser. The first challenges (100 points) were very easy, but funny in the same time. BIN100 was a console application for Windows, containing a tiny dice game. The goal was to get the right sequence of dices to win the game. I’m pretty sure that it was possible to beat the game in different ways, but I choose an easy one, using IDA to understand the internals and force the destiny :)
Playing the game in a usual way shows some interesting strings, for example : “You rolled a three! Good!”, and I simply chose to search “Good” in IDA to locate some interesting blocs of code.
The first hit was without appeal and you can see on the screenshot below the conditional jump before the printed result. So, I nopped all the five calls to complete the sequence, directly on the binary file. By chance, there is no internal check (ex. hash check on the code) and the program gave me the flag without any more question.
The funny joke appear during the last dice roll, the next screenshot speaks for itself :)
Thanks Eindbazen!