flagshop

Binary Exploitation

Given a binary, it contained a simple flag shop program:

I decided to open Ghidra to analyze it further.

Looking at the decompiled binary, the vulnerability in this challenge is a simple integer overflow to make the total cost negative so I could add to the balance to buy the flag.

Using a simple calculation to divide a number above the 32-bit signed integer limit with the cost of the discounted flag, I was able to do an integer overflow to buy the flag!

Last updated 6 months ago