Find The Secret Flag



  • Just done this one. It seriously took me more time to figure out what to do with the flag than to patch the binary. So my main hint is - beware of deep rabbit holes! :)

    Quite a nice challenge for people keen on RE. Thank you @decoder and @stefano118 for making this available.

  • Hi guys, I found the flag but HTB doesn't accept it. Can anyone help me ?

    Hack The Box

  • edited December 2019

    I struggled with this for many hours, but ultimately I wrote perl code to do what that one function does. Didn't need to do binary altering or debugging or cyberchef, just need to understand the assembly.

    Note that static analysis and dynamic (running) analysis can give you different info, and ptrace hack can make debugging difficult.

  • I have been trying to solve this challenge for hours now. I have found the name of the creators and the correct input to be given when you execute the program. I did all this by just analysing the code and bruteforcing it.

    However, I am still not able to find the flag. Earlier challenges which I solved had the flag in the format HTB{sometext}. Does this challenge also have the flag in the same format? if not, do I have to combine the correct string and the authors name? I tried a few combination but they didn't work.

    Please help me with this.

  • edited January 16

    Im really stuck with this one, got the creators names (from 2 places), got the argument, done different patches to the binary but cannot make it spit the correct flag :(

    edit: nvm got it

    Hack The Box

  • solved it. The biggest issue I had was to find a decent debugger to work with in Linux. I am spoiled in Windows land with X64dbg and the likes. Combining GDB with Peda helped a bit but I still struggle with all-terminal debuggers. My hint on this one would be find the secret routine, find the info you need to reverse the secret code and most important, use a hexdump of the encrypted secret for reversing, the string representation gave me a false decrypted result.

    All in all a nice challenge, thanks to the creator!

  • edited February 19

    Got it, fun challenge. What @SackOfHacks said about the hexdump is very correct


    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • So I was finally able to solve it but I'm wondering how people were able to solve this without patching. Anybody who didn't patch willing to explain their solution?

  • In this program Is ptrace used for anti-debugging only?

  • I've done it but i'm shoked :wink:

  • Just my two cents on whoever get stuck here... remember that you may not have the right key...
    I was stuck because the key I was using expose a similar "expected" string, but wasn`t the right one!....

  • I'm just stuck at how to call the hidden function. Is there something that is missing, or should we just jump to it? Can we call this from a Python script? I've reached 'Are you sure this is the right one?', but to surprise it follows a random 'sequence'.. Can anyone please PM me on just how can I call this function and/or the arguments, and I can solve it further for myself.. Any hint on that would be awesome..

  • edited May 9

    Got it! It can be done just by understanding what's happening and without a patch too.. @stefano118 and @decoder, thanks a lot for this one!

  • Hello, could someone help me on this? pretty blocked for 8 months now. I think I'm stuck at the unknown character.

  • Very nice challenge. A bit tricky, but not difficult at all if you can read ASM.

  • edited June 25

    Sorry ... where am I wrong? I force the program to jump into the "hidden" function but any arguments given as input don't change. (I get a number that seems hexadecimal)
    Any suggestions please ?

  • You can simply recreate the code of the hidden function in a programming language of your choice. I have two inputs for this function and got the result for both, but now I am stuck. Any hints?

  • I overlooked something and it is actually a lot easier than I thought.

  • ... I had the solution under my eyes but I couldn't see it! ^_^

  • edited August 1

    Nice challenge. For me it was:
    ltrace + patching + xor bruting = flag

  • Hi people,
    I have performed a hidden function. after which I got a long string with a repeating "f" character. I lack my knowledge to get a complete understanding of the password conversion algorithm. the only thing I see is the 'xor' in the hidden function, but I don’t know how to use it, since the loop in the hidden function confuses me.
    Who in personal correspondence can help me figure out the password conversion algorithm, as well as your method of getting the flag?
    I will also be glad to any hints in this chat.
    thank you in advance

  • Am I allowed to post a solution here since the challenge is retired? I made a video on YouTube but I don't want to link it unless that would be acceptable

Sign In to comment.