# Packer

## Challenge Description

Reverse this linux executable?

[binary](https://artifacts.picoctf.net/c_titan/101/out)

***

## Solution

First download the given file. I used the `file` command to check the file type. The given file is a linux executable.

<figure><img src="https://2035863894-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjvlUrxK6i7ZNmn3d6e8B%2Fuploads%2FnCIcRKojiKIBxIEEYYJQ%2Fimage.png?alt=media&#x26;token=1a7c3fde-fb61-443e-a160-2dc5835600a3" alt=""><figcaption></figcaption></figure>

Next I run the application to check what its up to.

<figure><img src="https://2035863894-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjvlUrxK6i7ZNmn3d6e8B%2Fuploads%2FYapwyAwn9iQnqYcswZvr%2Fimage.png?alt=media&#x26;token=a8364472-d909-46cf-ac47-9d705ba6ba8e" alt=""><figcaption></figcaption></figure>

The given application prompts for password to unlock the file. Since, the challenge name is packer I just used the `strings` command and looked out for the keyword packer.

<figure><img src="https://2035863894-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjvlUrxK6i7ZNmn3d6e8B%2Fuploads%2FSzzRMGomKDzl127SJDQx%2Fimage.png?alt=media&#x26;token=02742993-1333-41cd-8265-3196a889e59c" alt=""><figcaption></figcaption></figure>

From the output of the `strings` command, we can see that the give file is packer using `upx` packer.

So I used the `upx` tool to decompress the given file. The command is `upx -d out`.

<figure><img src="https://2035863894-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjvlUrxK6i7ZNmn3d6e8B%2Fuploads%2FsHkuDv1U3MGL7DHoxzpD%2Fimage.png?alt=media&#x26;token=1f3c60b3-d19b-401b-83f9-73d37bf511c4" alt=""><figcaption></figcaption></figure>

After unpacking the file, I opened the file with [Cutter](https://github.com/rizinorg/cutter), to view the decompiled source code. In the main function, I found the hex encoded flag.

<figure><img src="https://2035863894-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjvlUrxK6i7ZNmn3d6e8B%2Fuploads%2Fv7HdgpDJzh8QoMWgCf9t%2Fimage.png?alt=media&#x26;token=539636f9-5e6f-460d-8262-4ef2a4f59d21" alt=""><figcaption></figcaption></figure>

I used CyberChef to decode the hex string to get the flag.

<figure><img src="https://2035863894-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FjvlUrxK6i7ZNmn3d6e8B%2Fuploads%2FavCqR9jSBUSXN77wE0hh%2Fimage.png?alt=media&#x26;token=ea28d85d-74a9-4d6a-bb3e-2a7bf79e25e1" alt=""><figcaption></figcaption></figure>

Flag: `picoCTF{U9X_UnP4ck1N6_B1n4Ri3S_e190c3f3}`