Skip to content

Add solution to Forky #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add solution to Forky #1

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1867831
Add solution to Forky writeup
gregliuzzi Mar 23, 2025
8ce1c07
Fix formatting in Forky solution
gregliuzzi Mar 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions Reverse Engineering/Forky/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,20 @@
c_int(-721750240)
```


## Solution2

1. To simplify the solution we can utilize a feature of gdb known as user-defined command hooks (https://sourceware.org/gdb/current/onlinedocs/gdb.html/Hooks.html#Hooks). Hooks in gdb enable us to automatically execute certain commands in response to other commands. In particular, gdb provides us with the pseudo-command `stop` which corresponds to any break in program execution. If we want to print the value of `eax` before the call to `doNothing` we can define a hook like so

```
define hook-stop \
printf "picoCTF{%d}\n", $eax \
c \
end
```
This will print the value of `eax` right before the call to `doNothing` then continue program execution. Before we run the program we still need to run `set follow-fork-mode child` as mentioned and set a breakpoint on the call to `doNothing` with `b *main+125`.


### Flag

`picoCTF{-721750240}`