Find The Secret Flag

Maybe this might help somebody out, but this challenge can be done neither by changing the assembly nor by using python. It’s all in there.

Spoiler Removed - Arrexel

It is only needs a small patch and a bash script :wink:

I’d argue that there’s no need for patching the binary. Just look at the right spot and maybe write a simple script :slight_smile:

Spoiler Removed - egre55

Spoiler Removed - egre55

I got a key and the message “Are you sure it’s the right one? …”. I don’t know how to continue further. I found the “secret function” but I have no idea with what to call it.

Solved, took a bit but this was a very cool challenge

Solved it too.
But have some questions about the solution.
If anyone feels like it, it would be nice to have a chat about it, feel free to reach me.
Thanks

@trebla said:

I think that I have found the name of the creator but I have weird characters between the two names and at the end of the string.

I got the same problem. Try doing what you are doing but on the whole file.

Hi, I’ve got to the exact same point.

At this moment I am able to decode all the “strings” found inside the asm, but the one with the name of the creator has garbage chars as stated before.

I tried to find other meanings to those “extra” hex codes but without any luck.

I’m pretty sure I’m decoding the correct hex because I was able to get it both by extracting the hex from the asm and both by getting an already decoded string from the asm (with a little patch).

Do you have any suggestion on this?
Thanks!

Ok, I finally did it… this morning I suddenly woke up with a possible solution on my mind about why I had some “garbage” characters, took the pc and fixed the decoding XD
:slight_smile:

Anyone willing to mentor me on this one? I’m not an experienced debugger… still learning the basics.
I can understand, on a high level, what the program is doing and I’ve found flags and strings that appear to be part of the solution.
Looking online for the solution is not the way that I want to go, so if anyone is willing to spend some cycles with me, that would be awesome :slight_smile:

Thanks!

Can someone PM for this challenge? Maybe I can help you with whatever you are stuck with.

Fantastic challenge! I neither patched the binary nor used a script. I first went through the ‘obvious’ / ‘visible’ part of the code with disassembler and debugger … to find out that I am really ‘not sure’ if this the flag because of the ambiguity of the alleged solution.

Then I tried to really solve it by reading the rest of the assembly, analyzing what the remaining stuff does or better, would do.
As this part is to some extent similar to the rabbit hole, it may help to have ploughed through the other stuff in detail through it’s not really required.

I made a patch on the binary and found the name of the authors. Using the original binary and the same argument it was possible to get the flag, but I don’t know why the portal isn’t accepting. It should be HTB{flag}, right? Should I convert to l33t speak?

I’ve got it. My mistake (as usual).

Cheers and happy new years. \o/

Hi guys, i’m having problems to find what this binary needs. I tried every single way I learn until now to print what it need but with no success!
I get a hash prompted on CLI (gdb) but could’t use it.
I couldn’t find what to insert on /tmp/secret.
Could someone please help me (probably more like guiding through) solve this challenge.
Any help will be welcome.

Thanks in advance!

I got the names of the two creators of this challenge, but I wasted 4 hours of my life not being able to understand what the flag is supposed to be. I tried EVERYTHING. I tried to enter the flag alone, to enter it as a hex and even to enter different combinations by excluding characters off the flag. Can someone help me understand what the ■■■■ the creators of this so called “challenge” are thinking ?

No need gdb for this challenge. ptrace is enough.

@tabacci said:
No need gdb for this challenge. ptrace is enough.

Could you please guide me through? I already tryed everything I knew and I jusnt cant pass through this one!! :frowning:
Thanks in advance!