Eat the Cake! by Little Pwnie

Hi everyone ,
I’ve been trying for days this reverse challenge…
and it is obvious there is something that I can’t catch!

I’ve used all “convention” tool : OllyDbg, Immunity Denugger, WinDbg, IDA…
I’ve also tried objdump to disassemble and mingw tools on linux …

Am i on the right track? Any hint toward what I’m missing?

thanks,
p4d0vh4ck

I am having trouble as well. It does seem packed. Not sure if I correctly unpacked it.

SPOILER

You’ve practically told them the solution…

Sorry, if it’s a spoiler please remove it… Just wanted to give them some directions, could’ve gone a bit far…

Hi. A little hint should be useful.

I solved it using Ollydbg, I am the noobest guy around here maybe, still I think it’s kinda too easy for 60 points. You can’t expect the password to be in plaintext format, just a little knowledge about assembly instructions is enough to get it.

I’ve just a question about the final password to retrieve: is it really 15 characters?

It doesn’t run after unpacking it, is it supposed to do that?

try unpack on windows 7 if doesn’t run after unpacking

@lucazzz said:
I’ve just a question about the final password to retrieve: is it really 15 characters?

Yes

@gavz I tried unpacking it on Windows 7 still not running…

If it’s supposed to work with upx, it doesnt on Windows 7. The produced binary is not unpacked properly. Is this normal? Should I try to unpack manually?

Solved it. No need to manually unpack. If upx doesnt cut it for you, try some other tools.
Pretty straight forward after unpacking.

@Narmu said:
@gavz I tried unpacking it on Windows 7 still not running…

tested on windows 8.1

@gavz thanks I figured it out, it was about which unpacker to use

@Narmu said:
@gavz thanks I figured it out, it was about which unpacker to use

I do not remember how i it unpack:

  1. upx.exe -d on VM windows 8.1 or windows 7 or
  2. through Ollydbg

I’m afraid I’ve been wasting my time on this challenge, so I’d appreciate some advice: how do you know if it’s unpacked correctly? If it runs in the debugger, and it shows the ASCII strings that print out, etc., is it correct?

I finally solved this challenge. It just wasn’t quite as straightforward as I expected from reading this thread. Feel free to DM for hints.

Oops so I spoke too soon. Turns out that two of the digits I only got because of guessing correctly.