This is a CTF built by my good friend Colin that consists of five stages, each progressively more difficult. Here are the guidelines and rules.
Taking a look at Stage1 the first interesting call I see is
_stat64i32 which takes a path to a file and gets the status information of that file.
The path given to
defuse.log can’t be found then this function is going to return early. The first step to completing Stage1 is to create
defuse.log in the expected directory.
Once the CTF can successfully get the status of
defuse.log it will try to open it and read from it.
Once it’s read from
defuse.log it will loop through the first three bytes and compare them to the values of
0x5E. To pass this portion of Stage1 I opened
defuse.log in a hex editor and added in those three bytes.
And now when I run the binary I get a message that Stage1 was defused. Now on to Stage2!