Eat the Cake! by Little Pwnie

Hi everyone ,
I've been trying for days this reverse challenge..
and it is obvious there is something that I can't catch!

I've used all "convention" tool : OllyDbg, Immunity Denugger, WinDbg, IDA..
I've also tried objdump to disassemble and mingw tools on linux ..

Am i on the right track? Any hint toward what I'm missing?

thanks,
p4d0vh4ck

Tagged:

Comments

  • I am having trouble as well. It does seem packed. Not sure if I correctly unpacked it.

  • edited January 2018

    SPOILER

    decart

  • You've practically told them the solution...

  • Sorry, if it's a spoiler please remove it... Just wanted to give them some directions, could've gone a bit far...

    decart

  • Hi. A little hint should be useful.

  • I solved it using Ollydbg, I am the noobest guy around here maybe, still I think it's kinda too easy for 60 points. You can't expect the password to be in plaintext format, just a little knowledge about assembly instructions is enough to get it.

  • I've just a question about the final password to retrieve: is it really 15 characters?

  • It doesn't run after unpacking it, is it supposed to do that?

  • edited June 2018

    try unpack on windows 7 if doesn't run after unpacking

  • @lucazzz said:
    I've just a question about the final password to retrieve: is it really 15 characters?

    Yes

  • edited June 2018

    @gavz I tried unpacking it on Windows 7 still not running...

  • edited June 2018

    If it's supposed to work with upx, it doesnt on Windows 7. The produced binary is not unpacked properly. Is this normal? Should I try to unpack manually?

  • Solved it. No need to manually unpack. If upx doesnt cut it for you, try some other tools.
    Pretty straight forward after unpacking.

  • edited August 2018

    @Narmu said:
    @gavz I tried unpacking it on Windows 7 still not running...

    tested on windows 8.1

  • @gavz thanks I figured it out, it was about which unpacker to use

  • @Narmu said:
    @gavz thanks I figured it out, it was about which unpacker to use

    I do not remember how i it unpack:
    1. upx.exe -d on VM windows 8.1 or windows 7 or
    2. through Ollydbg

  • I'm afraid I've been wasting my time on this challenge, so I'd appreciate some advice: how do you know if it's unpacked correctly? If it runs in the debugger, and it shows the ASCII strings that print out, etc., is it correct?

  • I finally solved this challenge. It just wasn't quite as straightforward as I expected from reading this thread. Feel free to DM for hints.

  • Oops so I spoke too soon. Turns out that two of the digits I only got because of guessing correctly.

  • I am a total RE noob - Could anyone PM me or post here some links to help solve this challenge?

    Appreciate everyones help! Thanks!

  • edited January 24

    Hi all, can someone PM me ? I unp****d using PE********. Now I am reversing, I think it is checking multiple bytes in the provided string, but not all of them...Do I have to guess the bytes which are not compared ?

    EDIT -> This box involves some guesswork from what I understand, solved it but 1-2 digits had to be guessed. Did anyone solve it without guessing ?

  • I have trouble with it also...
    1. is not working after unpack
    2. the password check in the code reveals incomplete flag...

    Any suggestions? Thanks!

  • edited February 24

    For everyone having issues after unpacking: https://digital-forensics.sans.org/blog/2014/02/17/malware-analysis-and-aslr-on-windows-8-1

    TL/DR: Disable ASLR on the binary.

    Having said that, you can complete this challenge through static analysis alone. I used IDA. If your password is missing characters, you haven't examined the program's control flow carefully enough. Not sure how much more I can say without spoiling.

    opt1kz

  • solved, by guessing few letters :))

  • Type your comment> @portos060474 said:

    solved, by guessing few letters :))

    I used IDA and Im missing four letters. Obvious ones do not work -:(

    m4rc1n

Sign In to comment.