HTB • Shattered Tablet
Shattered Tablet is a very easy reversing challenge created by clubby789 on Hack the Box that involves recovering each byte of the flag from machine code, which we solve using radare2 and regular expressions.
Deep in an ancient tomb, you’ve discovered a stone tablet with secret information on the locations of other relics. However, while dodging a poison dart, it slipped from your hands and shattered into hundreds of pieces. Can you reassemble it and read the clues?
Reversing
We’ll use radare2 to analyze the target executable.
1
radare2 -AA ./tablet
Let’s disassemble the main function.
1
2
# radare2
pdf @main
The main function compares each byte of our input to individual bytes directly in the machine code. The same pattern of movzx, cmp, then jne is repeated 40 times in a row from 0x11c6 to 0x136a. Let’s export these instructions to python and extract that chain of instructions
1
2
3
4
# radare2 shell
!echo \$((0x136a - 0x11c6)) # 420
0x11c6 # Move to beginning of target instructions
pcp 420 > tablet_opcodes.py # Export the raw bytes to a python script
Then we’ll extract the relevant information from the raw bytes using regular expressions in python.
1
2
3
4
5
6
7
8
9
10
#!/usr/bin/env python3
import re
from tablet_opcodes import buf
# extract the movzx source address and cmp reference byte (index, value)
matches = re.findall(rb'\x0f\xb6\x45(.)\x3c(.)', buf)
# sort the findings by source address to effectively organize each byte by index
data = bytes([m[1][0] for m in sorted(matches)])
# print the sorted byte values
print(data)
Running this program should print the flag.