We got a binary file, if we run the binary, it asking for password.

Then i try to decompile it using ghidra but strange things happened.

It didn't have main function or other function that indicate the beginning of the program.

Usually if you decompile a program, all strings (like the magic password question on this program) are showing. But when i decompile it, none of those strings were found.

Then I try to dump the strings using strings -n 10 command and i got interesting string there.

From there, we knows that this binary are packed with UPX. This information also can be obtained when executing checksec

We can unpack the binary using -d flag from UPX command.

https://linux.die.net/man/1/upx

Now we can decompile it again using ghidra and start to analyzing the program.