Bad Memories -v0.9- -recreation- (FAST – 2027)

gdb -c core.dump Inside GDB:

core.dump: ELF 64-bit LSB core file, x86-64, version 1 (SYSV) Check what program generated it:

(gdb) info files Shows the executable was bad_memories_v0.9 . We can try to recover the binary from memory: Bad Memories -v0.9- -recreation-

Flag: CTFBad_Memories_Unleash_Secret_Recreation Alternatively, the flag might already be in memory. Dump all strings from core:

struct note void (*print_func)(char *); char data[56]; ; Found a pointer at 0x602010 pointing to a function 0x400c80 (normal print) and another at 0x6020a0 pointing to 0x401456 (secret function). gdb -c core

[0x00401234]> afl | grep secret 0x00401456 sym.secret_function Disassemble secret_function :

In GDB, call the overwritten function:

void secret_function() char flag[64]; FILE *f = fopen("flag.txt", "r"); fread(flag, 1, 64, f); flag[strcspn(flag, "\n")] = 0; printf("Flag: %s\n", flag);

chmod +x bad_memories_v0.9 ./bad_memories_v0.9 It prints: [0x00401234]> afl | grep secret 0x00401456 sym

strings core.dump | grep -i ctf Returns:

eu-unstrip -n --core=core.dump This reveals the missing binary path and build ID. We can fetch or reconstruct. After recovering the binary (named bad_memories_v0.9 ), analyze it: