[Reverse] Headache

edited September 15 in Challenges

I have found the dummy flag in the hexdump, but now I have no other leads.

Any suggestions or tips?

Comments

  • Prepare to have a headache, possibly heartache as well ;)

    limbernie
    Write-ups of retired machines

  • edited September 16

    If you did the other reversing challenges here, it is (relatively) straightforward, but not trivial. Other than a debugger (i used radare), there are no additional tools required, yet they might be helpful.

    If you don't understand the behavior of the binary at all, elfparser (available on Github) might give you some leads. You also want to have a look at the string-usage in the disassembly, it can give you a good idea of where to set breakpoints.

    Gordin
    Press F to give respect

  • So I got the flag (not the troll flag): HTB{w*****4*s_****l} but it's showing as incorrect. Did I get doubly trolled and am missing something?

  • Anything that's incorrect is not the flag. Try again.

    limbernie
    Write-ups of retired machines

  • Any tutorials or steps I can follow to bypass the ptrace anti-debug technique for this challenge.
    I observed ptrace detection found in elfparser.

  • For those who are still struggling with this, bear in mind that an ELF file can be modified somehow sometimes on the fly. So don't trust what you see by using conventional static analysis tools such as radare2 or IDA.

    This binary is full of fake flags, don't despair and try harder.

    Sociaslkas

  • Type your comment> @uNam3m3 said:
    > Any tutorials or steps I can follow to bypass the ptrace anti-debug technique for this challenge.
    > I observed ptrace detection found in elfparser.

    Google is full of references to this. You can either patch or debug the binary.

    If you are debugging , think what ptrace returns when it does fail and change this value to bypass it.

    Sociaslkas

  • Finally did it. Holy crap this challenge was annoying. Though saying that, I did learn an absolute ton about GDB in the process so it's not all that bad. Anyone attempting this, watch out for troll flags. There are like 5 of them or something absolutely silly.

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • Really enjoyed this challenge, lots of learning and a few headaches :)

    For me, it was getting over the first hump was the hardest. Afterwards the rest flows fairly naturally. I used mainly GDB and Ghidra.

    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • edited November 28

    Do not stop at the first step you may miss something... With the help of strace and a good debugger it does the trick.... well it was c000l and not so h4rd if you want to finish it h3r3 in time

Sign In to comment.