Disassembling it with radare2
and gdb
doesn't really seem to spit out anything interesting (as the binary is stripped), but we can use string to see that flag.txt
is within the binary. This hints that there is actually something there.
So, to check it out, I disassembled the binary in GHidra. Sure enough, FUN_0040130e
had some basic C code to read the file and output the results.
All we had to do was overflow the buffer and execute the function.
Using ragg2
I found that the padding was 497 bytes.
flag{legend_of_zelda_overflow_of_time}