Reverse Engineering
Brick Breaker (473 pts)
Description
Stole some resources from public domain and made a brick breaker clone. Collision detection is bad and it's pretty hard, but see if you can find the hidden message!
PoC
Given DS file, since i dont know how to reverse engineering DS file i search on google and found this article https://www.starcubelabs.com/reverse-engineering-ds/ . First, i extract the arm9.bin using DSLazy tool.
So the unpacked nds will be available on directory NDS_UNPACK. File we need to reverse is arm9.bin, we can open the binary using ghidra. Take a look on list string we found some interesting string like below
Next step, i open nds file using DeSmuME then play until game over
We can see that there is text "Final score:" on screen. Searching on ghidra we found the reference for that text (i've already rename the function)
On image above we can see that print_score has so many references and based on "level" string we know that there are 18 levels. Since most of the code looks like same, i just tried to set breakpoint on one of those reference which is 0x020098c6.
Line 0200:98c6 color becomes green, it means that the breakpoint triggered. So the next step is finding reference for FUN_020093c0
Looking at FUN_020024c0, we found some interesting variable. With some dynamic analysis (using disassembler like previous process) we rename some variable and confirmed what are those variables.
We can see on decompiler result that the level do infinity looping (from level 1 until level 4) and from the block we can see that each level show flag character. So basically, by playing the game we can get the flag but until level 4 and of course it should be hard since we only have a few lives. In this challenge, my approach to get the flag by cheating (modifying life and level) until i get all flag characters.
Flag : flag{Br3Ak0U7!!1}
Last updated
