We received a 4KB of a binary file that after running it, prints the following message:
When looking inside it with IDA, there was only one function (0x401160) that it calls in the entry point:
Inside this function we have a loop that prints the characters that were inside the message box:
Now notice the first compare:
When checking it with x32dbg, I saw that it compares ecx to 0x1C (28 in decimal):
The message box printed the message: “I never broke the encoding:”, which is 27 (0x1B) characters and it ends with “:” which usually doesn’t end of a sentence.
More than that, I already saw 0x1C in the beginning of the binary:
So, if the message box prints only 27 characters, why not to change 0x1C to more than only 27 characters ? I changed 0x1C to 0x6C (randomly):
After resuming the program, we received the flag:
*This challenge can be solve in other ways, like removing the jump (jnb short loc_4011B2 at address 0x40117E) after the first compare.