Hack The Box: Spooky License
In this blog post, we’ll dive into the Hack The Box reverse engineering challenge called “Spooky License.” To tackle this challenge, I took a novel approach by using Chat GPT, an AI language model by OpenAI, to guide me through the process. We’ll also explore the use of angr and claripy, powerful Python libraries for analyzing binary code and symbolic execution.
The Challenge: Spooky License
Spooky License is a reverse engineering challenge from Hack The Box. Our goal is to uncover the hidden license key by analyzing the binary file provided.
Consulting Chat GPT
To get started, I consulted Chat GPT for some guidance on how to approach this challenge. Chat GPT suggested the following steps:
- Analyze the binary to understand its structure and functionality.
- Identify the key validation algorithm.
- Use angr and claripy to symbolically execute the binary and find the correct input.
With this guidance in mind, I began my journey into reverse engineering the Spooky License challenge.
Analyzing the Binary
First, I used various tools like objdump, strings, and radare2 to analyze the binary file. These tools provided valuable insights into the binary’s structure, revealing important functions and strings that could help me identify the license validation algorithm.
Identifying the Key Validation Algorithm
After a thorough analysis, I was able to pinpoint the key validation function within the binary. This function seemed to implement a series of complex operations, including mathematical transformations and bitwise operations, to validate the input license key.
Symbolic Execution with angr and claripy
Now that I had identified the key validation algorithm, it was time to use angr and claripy to find the correct input. I set up a Python script to symbolically execute the binary and explore its state space, searching for the conditions that would satisfy the key validation algorithm.
import angr
import claripy