Dhruv Ambaliya
Description
This challenge will introduce you to ‘Anti-Debugging.’ Malware developers don’t like it when you attempt to debug their executable files because debugging these files reveals many of their secrets! That’s why, they include a lot of code logic specifically designed to interfere with your debugging process.
Download: Binary
Enumeration
From the challenge name and description we know that we will use a debugger on this challenge, But lets first run it and see what’ll happen.
ok, now lets open it using x32dbg
Open it in Debugger
After we reach the EntryPoint lets search for strings in all user modules
Lets jump to the string that looks like the “picoCTF” drawing and set a break point there
Extracting Flag
We see that after some instruction there is a call for isDebuggerPresent function, lets step until it and see how can we bypass this check
We see that the function returned 1 and the jump won’t be taken because the ZeroFlag wasn’t set to 1, so we can easily bypass this by setting the ZeroFlag to 1 so we can take the jump.
after some steps we see that the flag got decrypted and it’s visible to us.