Eat the Cake! by Little Pwnie
Hi everyone ,
I've been trying for days this reverse challenge..
and it is obvious there is something that I can't catch!
I've used all "convention" tool : OllyDbg, Immunity Denugger, WinDbg, IDA..
I've also tried objdump to disassemble and mingw tools on linux ..
Am i on the right track? Any hint toward what I'm missing?
thanks,
p4d0vh4ck
Tagged:
Sign In to comment.
Quick Links
Categories
- 1.6K All Categories
- 234 Support
- 22 Billing
- 134 VPN Connection
- 70 Website
- 1K Discussion
- 501 Machines
- 249 Challenges
- 11 RastaLabs
- 38 Exploits
- 7 Programming
- 197 Off-topic
- 385 Tutorials
- 229 Writeups
- 46 Video Tutorials
- 58 Tools
- 50 Other
- 8 Links
- 8 News
Comments
I am having trouble as well. It does seem packed. Not sure if I correctly unpacked it.
SPOILER
You've practically told them the solution...
Sorry, if it's a spoiler please remove it... Just wanted to give them some directions, could've gone a bit far...
Hi. A little hint should be useful.
I solved it using Ollydbg, I am the noobest guy around here maybe, still I think it's kinda too easy for 60 points. You can't expect the password to be in plaintext format, just a little knowledge about assembly instructions is enough to get it.
I've just a question about the final password to retrieve: is it really 15 characters?
It doesn't run after unpacking it, is it supposed to do that?
try unpack on windows 7 if doesn't run after unpacking
Yes
@gavz I tried unpacking it on Windows 7 still not running...
If it's supposed to work with upx, it doesnt on Windows 7. The produced binary is not unpacked properly. Is this normal? Should I try to unpack manually?
Solved it. No need to manually unpack. If upx doesnt cut it for you, try some other tools.
Pretty straight forward after unpacking.
tested on windows 8.1
@gavz thanks I figured it out, it was about which unpacker to use
I do not remember how i it unpack:
1. upx.exe -d on VM windows 8.1 or windows 7 or
2. through Ollydbg
I'm afraid I've been wasting my time on this challenge, so I'd appreciate some advice: how do you know if it's unpacked correctly? If it runs in the debugger, and it shows the ASCII strings that print out, etc., is it correct?
I finally solved this challenge. It just wasn't quite as straightforward as I expected from reading this thread. Feel free to DM for hints.
Oops so I spoke too soon. Turns out that two of the digits I only got because of guessing correctly.
I am a total RE noob - Could anyone PM me or post here some links to help solve this challenge?
Appreciate everyones help! Thanks!
Hi all, can someone PM me ? I unp****d using PE********. Now I am reversing, I think it is checking multiple bytes in the provided string, but not all of them...Do I have to guess the bytes which are not compared ?
EDIT -> This box involves some guesswork from what I understand, solved it but 1-2 digits had to be guessed. Did anyone solve it without guessing ?
I have trouble with it also...
1. is not working after unpack
2. the password check in the code reveals incomplete flag...
Any suggestions? Thanks!
For everyone having issues after unpacking: https://digital-forensics.sans.org/blog/2014/02/17/malware-analysis-and-aslr-on-windows-8-1
TL/DR: Disable ASLR on the binary.
Having said that, you can complete this challenge through static analysis alone. I used IDA. If your password is missing characters, you haven't examined the program's control flow carefully enough. Not sure how much more I can say without spoiling.
solved, by guessing few letters
)
Type your comment> @portos060474 said:
I used IDA and Im missing four letters. Obvious ones do not work -:(