impossible password

Hi,

I am new to reversing but have worked through a couple of them at this point. Very cool stuff and I have learned a lot. However, I am now facing impossible password which is a very different format. I have figured out step 1. Step 2 is what I am working on and I am not sure of the approach. Any suggestions? I have a vague idea of what is going on as it runs, but not how to solve. I am thinking maybe something like angr but is there a more straightforward way?

Thanks!

u should try to trace what’s going on

If I get what you mean by step 2… solving step 2 could be a good exercise, but may not be necessary to get the flag.

@jwstone said:
If I get what you mean by step 2… solving step 2 could be a good exercise, but may not be necessary to get the flag.

How could you get the flag without doing the second part? That does not make sense

@3XPL017 said:

@jwstone said:
If I get what you mean by step 2… solving step 2 could be a good exercise, but may not be necessary to get the flag.

How could you get the flag without doing the second part? That does not make sense

I observe there are 3 parts.

I confirm that the second part isn’t needed.

Is this supposed to crash binja (demo version)?

It doesn’t crash my binja

I only see 2 parts to this challenge in IDA.

Spoiler Removed

@DrWahbi said:
hey , i’m sorry but i tried every thing , from Hex editor to ollydbg to trace the jumps but the debugger can’t read bin , but there’s no message to trace , i found something like SuperSekretKey but i didn’t understand what next , please any hints !

Try to chmod +x the .bin file…btw running GDB on it works, its just there is no symbol table :slight_smile: Also, if anyone has a small hint to share, it would be really appreciated
Thanks

Well @n3m0 , if it’s “Impossible Password” it means is quite real impossible :slight_smile:
Always follow the hints (titles, descriptions… ) here in HTB, they say it all.
Anyway, you only need to know some basics of GDB to overcome this impossible password… nothing impossible though

Good luck,
padovah4ck

@padovah4ck is absolutely correct. If you don’t like GDB, use radare2 :slight_smile: I actually solved this from the disassembly without breakpoints or actual debugging, but that was not the easy road.

I’ve been using radare2 for these and it’s been awesome!

I solved the challenge and learnt a lot about reverse engineering and how to follow the opcodes execution. I would like to give a suggestion (for those who are new ) Use the combination of EDB-debugger and Radare2 - Graph mode and you can understand the entire assembly.

Hack The Box

So I am on stage 2 **; There are 20-ish HEX characters, but it won’t accept them as a password. Guys, I need a clue

I don’t understand the stages people are talking about. I only understand that it should be debugged, but is possible to solve from disassembly alone. I am trying radare2 and gdb, When I try to debug, it seems strange because no matter where I try to put breakpoints, it never prints any output to the screen. would appreciate a hint.

OK nvm my first post. I get it now. I got to the second part but due to above hints will try to jump.

OK wow that was strange. I got the flag, though I’m not completely sure how what I did worked.

So I played a bit around on stage ** and i found out that abc", “def” will be read as abc",
So I wondered if there is a way to inject something like 1==1 into strcmp. Can someone PM me and give me a hint whether I’m thinking in the right direction