Find The Secret Flag

edited November 2017 in Challenges

please help i did many things on this sand also i got many secret keys and tried to get the challenge creators from the key please any suggestion :(

Tagged:
«1

Comments

  • Are you sure you really read all code? Maybe you should try to disassemble the entire file and review the assembler code in nano?

    Kali2020

  • Hi,

    Anyone can help on this, I think that I have found the name of the creator but I have weird characters between the two names and at the end of the string.

    I cannot figure out from where these characters are coming from. I don't want to spoil so if more info are needed, just send me a PM.

    Many thanks

  • Not sure what you guys are talking about after doing a step it just exits with status 1 instead of 0

  • I am also stuck at this challenge.

    @3XPL017 said:
    Not sure what you guys are talking about after doing a step it just exits with status 1 instead of 0

    I got past that point, I got to "Are you sure it's the right one? .." after changing some jumps, however that leads to nowhere as I am given some random chars of output.

    I also noticed that there is an atoi syscall if a number is passed as an argument, but if you don't provide it you get directly to the file check. I think the number has to do with the decryption of the flag. However I am unable to see what number needs to be given.

    I am trying with ltrace to see the syscalls and exit values and radare2. Any suggestion on how to continue or any other tool that may help?

  • I think that I have found the name of the creator but I have weird characters between the two names and at the end of the string.

    I got the same problem. Try doing what you are doing but on the whole file.

  • Also stuck at this challenge, can't find a way to pass beyond "Are you sure it's the right one? ..". I can't even find a reference on "--hit any key" and that other strange ASCII.
  • I'm also getting "Are you sure it's the right one? ". Noticed there is a hidden function but also when I call it from somewhere I don't get characters printed but hex (which cannot be converted to ascii). Can anyone give me a hint ?

  • I also can't find a direct reference to that address and it was not also detected as function.
  • Anyone have any suggestions for this one? Most seem to be stuck at the same spot and have found a way to either print the "--hit any key" or "are you sure its the right one". I can't seem to figure out exactly what's going on with this. I know you can change the input in a couple ways and redirect to other functions but haven't come up with anything that produces the flag

  • I don't know if this helps, but in the end I wrote a tiny Python script to help me tease the final flag out of the "right one". The idea for the script came from analyzing the code.

    lokori

  • I finally got it!!! I didn't do it with a Python script though I did edit the asm code to get it done. Could have done the same thing with a script though. I think what tripped me up for so long was that I was trying to create a solution via inputs and at least for my solution I couldn't find a way. Maybe it's possible.

  • This challenge is destroying me.... it's been like 3 days of fail.... lol

  • Anyone willing to PM me on this?? I'm completely lost at this point.... found all the pseudo "keys", IDK what else to do at this point.

  • Managed to get the flag and the creator but the system doesn't accept it. Maybe there is something missing or wrong on my inputs.
  • edited April 2018

    @zauxzaux said:
    Anyone willing to PM me on this?? I'm completely lost at this point.... found all the pseudo "keys", IDK what else to do at this point.

    you should be careful, take a hexadecimal value and xor in hex edit (WinHex)

  • edited May 2018

    Maybe this might help somebody out, but this challenge can be done neither by changing the assembly nor by using python. It's all in there.

  • edited May 2018

    Spoiler Removed - Arrexel

  • It is only needs a small patch and a bash script ;)

  • I'd argue that there's no need for patching the binary. Just look at the right spot and maybe write a simple script :)

  • edited November 2018

    Spoiler Removed - egre55

  • edited November 2018

    Spoiler Removed - egre55

  • edited July 2018

    I got a key and the message "Are you sure it's the right one? ..". I don't know how to continue further. I found the "secret function" but I have no idea with what to call it.

  • Solved, took a bit but this was a very cool challenge

    QHpix

  • Solved it too.
    But have some questions about the solution.
    If anyone feels like it, it would be nice to have a chat about it, feel free to reach me.
    Thanks

  • edited October 2018

    @trebla said:

    I think that I have found the name of the creator but I have weird characters between the two names and at the end of the string.

    I got the same problem. Try doing what you are doing but on the whole file.

    Hi, I've got to the exact same point.

    At this moment I am able to decode all the "strings" found inside the asm, but the one with the name of the creator has garbage chars as stated before.

    I tried to find other meanings to those "extra" hex codes but without any luck.

    I'm pretty sure I'm decoding the correct hex because I was able to get it both by extracting the hex from the asm and both by getting an already decoded string from the asm (with a little patch).

    Do you have any suggestion on this?
    Thanks!

    mrlbender

  • Ok, I finally did it... this morning I suddenly woke up with a possible solution on my mind about why I had some "garbage" characters, took the pc and fixed the decoding XD
    :)

    mrlbender

  • Anyone willing to mentor me on this one? I'm not an experienced debugger... still learning the basics.
    I can understand, on a high level, what the program is doing and I've found flags and strings that appear to be part of the solution.
    Looking online for the solution is not the way that I want to go, so if anyone is willing to spend some cycles with me, that would be awesome :)

    Thanks!

  • Can someone PM for this challenge? Maybe I can help you with whatever you are stuck with.

    Ozunu

  • Fantastic challenge! I neither patched the binary nor used a script. I first went through the 'obvious' / 'visible' part of the code with disassembler and debugger ... to find out that I am really 'not sure' if this the flag because of the ambiguity of the alleged solution.

    Then I tried to really solve it by reading the rest of the assembly, analyzing what the remaining stuff does or better, would do.
    As this part is to some extent similar to the rabbit hole, it may help to have ploughed through the other stuff in detail through it's not really required.

  • I made a patch on the binary and found the name of the authors. Using the original binary and the same argument it was possible to get the flag, but I don't know why the portal isn't accepting. It should be HTB{flag}, right? Should I convert to l33t speak?

    Arrexel
    THIS IS ..... HueHueBR Team!

Sign In to comment.