Papa brought me a packed present! let’s open it.

Download :

This is reversing task. all you need is binary


➜ Desktop file flag
flag: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, stripped

64位的ELF,直接拖到IDA里面看看,发现只有三个函数,而且并不能正常打开,目测是加壳了。于是在里面瞎翻,发现了upx的关键字,果断upx -d flag把壳脱了。重新拖进IDA,发现代码很简单:

int __cdecl main(int argc, const char **argv, const char **envp)
  __int64 v3; // [email protected]

  puts("I will malloc() and strcpy the flag there. take it.", argv, envp);
  LODWORD(v3) = malloc(100LL);
  sub_400320(v3, flag);
  return 0;


UPX…? sounds like a delivery service 🙂

About the Author


Leave a Reply

Your email address will not be published. Required fields are marked *