[Reverse] Headache

edited September 2019 in Challenges

I have found the dummy flag in the hexdump, but now I have no other leads.

Any suggestions or tips?

Comments

  • Prepare to have a headache, possibly heartache as well ;)

    limbernie
    Write-ups of retired machines

  • edited September 2019

    If you did the other reversing challenges here, it is (relatively) straightforward, but not trivial. Other than a debugger (i used radare), there are no additional tools required, yet they might be helpful.

    If you don't understand the behavior of the binary at all, elfparser (available on Github) might give you some leads. You also want to have a look at the string-usage in the disassembly, it can give you a good idea of where to set breakpoints.

    Gordin
    Press F to give respect

  • So I got the flag (not the troll flag): HTB{w*****4*s_****l} but it's showing as incorrect. Did I get doubly trolled and am missing something?

  • Anything that's incorrect is not the flag. Try again.

    limbernie
    Write-ups of retired machines

  • Any tutorials or steps I can follow to bypass the ptrace anti-debug technique for this challenge.
    I observed ptrace detection found in elfparser.

  • For those who are still struggling with this, bear in mind that an ELF file can be modified somehow sometimes on the fly. So don't trust what you see by using conventional static analysis tools such as radare2 or IDA.

    This binary is full of fake flags, don't despair and try harder.

    Sociaslkas

  • Type your comment> @uNam3m3 said:
    > Any tutorials or steps I can follow to bypass the ptrace anti-debug technique for this challenge.
    > I observed ptrace detection found in elfparser.

    Google is full of references to this. You can either patch or debug the binary.

    If you are debugging , think what ptrace returns when it does fail and change this value to bypass it.

    Sociaslkas

  • Finally did it. Holy crap this challenge was annoying. Though saying that, I did learn an absolute ton about GDB in the process so it's not all that bad. Anyone attempting this, watch out for troll flags. There are like 5 of them or something absolutely silly.

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • Really enjoyed this challenge, lots of learning and a few headaches :)

    For me, it was getting over the first hump was the hardest. Afterwards the rest flows fairly naturally. I used mainly GDB and Ghidra.

    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • edited November 2019

    Do not stop at the first step you may miss something... With the help of strace and a good debugger it does the trick.... well it was c000l and not so h4rd if you want to finish it h3r3 in time

  • Type your comment> @job0 said:

    Really enjoyed this challenge, lots of learning and a few headaches :)

    For me, it was getting over the first hump was the hardest. Afterwards the rest flows fairly naturally. I used mainly GDB and Ghidra.

    Ghidra isn't showing me any functions.

  • Solved but my head is on fire!

    Hack The Box

  • I found the function where there is the md5 o simply hex char sequence, and that is used in a function with best... ever... strings . is that the right function ?

  • Holy mother of ************* this was so goddamn difficult. I learned so much from this though.

  • Lots of trolls there, but nice :)
    IDA freware + gdb.

  • edited April 1

    I tried to get flag but all of them fake.
    If I run debug and enter the flag, result will "Login success!"; but I directly run script, it's failed.
    I tried to modify some instruction but error.
    Please give me some hint!!!
    Thanks so much!

    Edit: Too many fake flags but I eventually found the right one. So headache................

  • Has anyone gotten Ida to run/debug this, it keeps giving me an error because it not a 'standard' executable. I think I understand how it was compiled... but that doesn't help me run it
  • Did anybody use angr for solving this kind of challenge?

  • I've done all the lower points challenges but I've got no idea on where to start to do this one. Is there any good reference to study?

  • Finally got this one!!! Lots of headache for sure. But at the same time good learnings.

  • Man, I took way longer on this than I really needed to. Once I realized what was happening, and tread carefully, I knew right where to go. Good challenge!

    I used mainly GDB and objdump for this. Also needed Capstone for some more analysis.

    For anybody who's still stuck, let me try to give some non-spoiler hints (if these count as spoilers, feel free to remove this):
    1. (GDB) Catchpoints may help you figure things out a bit.
    2. Read the description of the challenge, it's important.

  • Done! Great challenge.

Sign In to comment.