ELF x64 golang basic¶

Root-me challenge: Find the validation password.

1. ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=2cf6d44559551c6185a598406fb67318d5b2396e, with debug_info, not stripped

2. Analysis

• Golang calling convention uses the stack for parameters and return values.

• There is a bytes.Compare call between the xored flag and the key

3. Dump the xored flag

4. rexor it with the key

Resources¶

• Reversing Golang Binaries Like a Pro - RedNaga

• Golang Reverse - Zaytsev

Counter moves¶

Go binaries are large but readable once the runtime is understood. Stripping Go symbols slows the reader a little. The defender’s view is in the blue notes on the application layer as a target.