Eat the Cake! by Little Pwnie

Sorry, if it’s a spoiler please remove it… Just wanted to give them some directions, could’ve gone a bit far…

Hi. A little hint should be useful.

I solved it using Ollydbg, I am the noobest guy around here maybe, still I think it’s kinda too easy for 60 points. You can’t expect the password to be in plaintext format, just a little knowledge about assembly instructions is enough to get it.

I’ve just a question about the final password to retrieve: is it really 15 characters?

It doesn’t run after unpacking it, is it supposed to do that?

try unpack on windows 7 if doesn’t run after unpacking

@lucazzz said:
I’ve just a question about the final password to retrieve: is it really 15 characters?

Yes

@gavz I tried unpacking it on Windows 7 still not running…

If it’s supposed to work with upx, it doesnt on Windows 7. The produced binary is not unpacked properly. Is this normal? Should I try to unpack manually?

Solved it. No need to manually unpack. If upx doesnt cut it for you, try some other tools.
Pretty straight forward after unpacking.

@Narmu said:
@gavz I tried unpacking it on Windows 7 still not running…

tested on windows 8.1

@gavz thanks I figured it out, it was about which unpacker to use

@Narmu said:
@gavz thanks I figured it out, it was about which unpacker to use

I do not remember how i it unpack:

  1. upx.exe -d on VM windows 8.1 or windows 7 or
  2. through Ollydbg

I’m afraid I’ve been wasting my time on this challenge, so I’d appreciate some advice: how do you know if it’s unpacked correctly? If it runs in the debugger, and it shows the ASCII strings that print out, etc., is it correct?

I finally solved this challenge. It just wasn’t quite as straightforward as I expected from reading this thread. Feel free to DM for hints.

Oops so I spoke too soon. Turns out that two of the digits I only got because of guessing correctly.

I am a total RE noob - Could anyone PM me or post here some links to help solve this challenge?

Appreciate everyones help! Thanks!

Hi all, can someone PM me ? I unp****d using PE********. Now I am reversing, I think it is checking multiple bytes in the provided string, but not all of them…Do I have to guess the bytes which are not compared ?

EDIT → This box involves some guesswork from what I understand, solved it but 1-2 digits had to be guessed. Did anyone solve it without guessing ?

I have trouble with it also…

  1. is not working after unpack
  2. the password check in the code reveals incomplete flag…

Any suggestions? Thanks!

For everyone having issues after unpacking: https://digital-forensics.sans.org/blog/2014/02/17/malware-analysis-and-aslr-on-windows-8-1

TL/DR: Disable ASLR on the binary.

Having said that, you can complete this challenge through static analysis alone. I used IDA. If your password is missing characters, you haven’t examined the program’s control flow carefully enough. Not sure how much more I can say without spoiling.