[Reversing] Exatlon

Hello everyone,

I’ve seen there is no topic about this challenge, so I start it. Anybody has an idea about this it ? Cause I have reversed a lot with Ida but I can’t find anything… And when I see the first blood speed, I think I’m missing something…

Thanks in advance !

I used IDA too, If you follow the input you can understand what’s going on, but maybe there are easier way to achieve the flag

Yeah I’m having a bit of trouble as well, could use a nudge…

why the ■■■■ it’s not working!

yeah i found what i believe is a possible password but it’s a long string and the program won’t accept it as a password. i’ve also checked for bitwise operations to see if it and’s or xor’s the string but i just confused myself even more. any nudges would be appreciated. thx

Type your comment> @rshackleford85 said:

yeah i found what i believe is a possible password but it’s a long string and the program won’t accept it as a password. i’ve also checked for bitwise operations to see if it and’s or xor’s the string but i just confused myself even more. any nudges would be appreciated. thx

same here!

Type your comment> @rshackleford85 said:

yeah i found what i believe is a possible password but it’s a long string and the program won’t accept it as a password. i’ve also checked for bitwise operations to see if it and’s or xor’s the string but i just confused myself even more. any nudges would be appreciated. thx

You are in the right direction. I would suggest to enter any character as the user input (for instance a ‘Z’) and see how the program transforms such value and compares it with the string that you have found. Try the same with a ‘Y’, and so on until you find the pattern.

EDIT : Solved it ! However, I didn’t understand the goal of this chall… I’ve full guessed how to get the flag

load this into IDA / Ghidra. Don’t read the decompilation… carefully find the responsible function. I did everything manually like the guys mentionned above but when you understand the code it’s super easy to convert/script it

Do you believe it’s possible to complete this challenge with GDB? Mainly since I have no clue how IDA works

@InsomniacOG said:

Do you believe it’s possible to complete this challenge with GDB? Mainly since I have no clue how IDA works

To find out what is going on, yes, GDB might be of help. But in order to not get lost, it is advised to first find out what part of the program you want to investigate with GDB. If IDA is too confusing for you, I’d suggest trying Ghidra. It is pretty intuitive to use, and also has a pseudo-c decompiler built in :wink:

Type your comment> @rshackleford85 said:

yeah i found what i believe is a possible password but it’s a long string and the program won’t accept it as a password. i’ve also checked for bitwise operations to see if it and’s or xor’s the string but i just confused myself even more. any nudges would be appreciated. thx

I’m stuck here as well, i think i have a possible password but the program wont accept it. If anyone who’s using r2 could help me out I’d appreciate!

i found set of numbers that i think it’s possibly password but its not working and i have no idea to go next. T T

Dear Santa,
I wish to be a good reverser, so maybe I will stop looking the screen with a retarded face for hours.

davihack

Type your comment> @davihack said:

Dear Santa,
I wish to be a good reverser, so maybe I will stop looking the screen with a retarded face for hours.

davihack

I do the same thing…

Got the flag, but only by extrapolating rather than actually reversing this thing. If anyone could give me a breakdown of that one function, I’d much appreciate it!

After solving the challenge, I can say that it can be solved without debugging or decompiling the code; of course, I did some analysis using Cutter/Radare2 initially but I did not completely reverse the code.

can I ask someone to give me a helping hand with this. more like i want to understand it.
I have loaded it into ghidra and can see some data but don’t know how to manipulate it

i got a long number string. i am stuck here. can anyone tell me if im in the right direction ?

okay. i was able to solve this.
this was pretty interesting one.
pm for a nudge.