This binary is a 64 bit ELF.
Viewing the disassembled binary or running it will show you that, on a good input, the "Good Key" string will be printed, and on a bad input, "Invalid passcode" will be printed.
The String you enter will be transformed and will need to pass a compare. Here is the code where the compare is done:
.text:00000000004006FD mov rcx, rsp .text:0000000000400700 mov rsi, r12 .text:0000000000400703 mov edi, 8 .text:0000000000400708 mov edx, offset mess .text:000000000040070D call frob .text:0000000000400712 mov rdi, cs:expected .text:0000000000400719 mov ecx, 20h .text:000000000040071E mov rsi, rsp .text:0000000000400721 repe cmpsb
The frob function will transform the input. By breaking on the repe cmpsb, we dont need to reverse the frob function. In this case our data was a direct transform meaning one byte changed in the input is one byte changed in the output.
Here is what we need our input to become:
(gdb) x/4xg $rdi 0x402458 <__dso_handle+48>: 0x34490a9fc55bee02 0x101830378c1ab037 0x402468 <__dso_handle+64>: 0xeba0b4315fe79fbc 0x3bd18bc595710493
After two or three character solves, i noticed it was an xor cipher. So by supplying the input, the program would give me the string i needed to enter.
By entering the string (had to replace the 0x0a) we get:
(gdb) r `python -c 'print "\x02\xee\x5b\xc5\x9f\x10\x49\x34\x37\xb0\x1a\x8c\x37\x30\x18\x10\xbc\x9f\xe7\x5f\x31\xb4\xa0\xeb\x93\x04\x71\x95\xc5\x8b\xd1"'` Starting program: ./simd `python -c 'print "\x02\xee\x5b\xc5\x9f\x10\x49\x34\x37\xb0\x1a\x8c\x37\x30\x18\x10\xbc\x9f\xe7\x5f\x31\xb4\xa0\xeb\x93\x04\x71\x95\xc5\x8b\xd1"'` Breakpoint 1, 0x0000000000400721 in main () (gdb) x/s $rsi 0x7fffffffe1c0: "4rnt_l3ct0r_1nstruct10ns_c00l?!;" (gdb)
Fixing the 0x0a we replaced (just a guess, but a fairly easy one) the string becomes:
4rnt_v3ct0r_1nstruct10ns_c00l?!;
This is the key. You can rerun the binary with this string just to verify.
(gdb) r 4rnt_v3ct0r_1nstruct10ns_c00l?!; Starting program: ./simd 4rnt_v3ct0r_1nstruct10ns_c00l?!; Good, the key is 4rnt_v3ct0r_1nstruct10ns_c00l?! Program exited normally.