debugme

radare2 and python or just r2 if your a skilled debugger

I was trying to install ScyllaHide as a plugin to OllyDbg, but it doesn’t seem to have the configuration files mentioned in the instructions. :neutral:

or I could do the r2 + python way, but what exactly does one use python for here? String decoding analysis?

Vanilla Ollydbg in Kali Linux was what I used. No extra plugins needed.

Well, nice job. I’m not a Guru though. XD more of a n00b. I’ll keep bashing my head against the wall with it, though. I kind of like it.

Finally got it! x32dbg + ScyllaHide, and I placed a NOP in one spot, after a lot of trial and error and following interesting looking things. Very clever & fun!

■■■ I cracked it !
After 3 weeks of battles :smiley:
Hint: All you need to do this is IDA 7.0 free. No more tool needed for me.

Ugh, that one was hard. Pretty new to reversing but slogged through it. I only used x32dbg (comes with scylla, I guess).

Good reading that helped me through it: http://pferrie.host22.com/papers/antidebug.pdf

I used x32dbg. Not sure if the Scylla hide feature was needed but I checked several boxes anyway.

Hint: Find the beginning of the actual program and JUMP there… The rest is basic RE analysis.

In my experience with using OllyDBG, after dealing with the anti-debugging techniques some instructions were not being displayed correctly which hindered my RE analysis and got me stuck. Tried x32dbg and managed to solve it from there.

Hope someone finds that helpful!

Think i found the decryption of the flag before the program exits, but it decrypting rubish … using x32dbg and scylla hide

I’ve been struggling with this challenge for several days. Learned quite a lot about anti-debugging techniques on the way. I’ve used IDA 7.0 Free to complete the challenge.

Just completed today morning. Nice challenge. It did not make my hair white like “find the secret flag” did, but I really enjoyed. Now only heavy reverse stuff left to complete, so real headache is just before me -:slight_smile:

Someone please reach out and help me. I’m completely lost. Trying to use Suylla but again, super lost.

I’m truing patch binary with modificated sym._main I’m repite decrypt as it done in this programm but my new file raise exception by address 0x401722
Could somebody give tips into PM about it?

Thanks.

I’ve done it with x32dbg but I interest how can do it with radare2.
I like radare2 :slight_smile:

I really liked this challenge. Thank you for uploading it!

I just completed this challenge and i don’t agree that its hard. There is no need to patch anything. I used x32dbg, then advanced → Hide Debugger option from x32dbg. just go along and keep your eyes open :slight_smile: . You can use scyllahide as well. If the program exits, may be it is its natural behavior. Dont doubt your anti-debugging plugin.

i guess i need help with that , am using IDA i started the debugger and am trying to use anti debugging techniques but am not sure what am i doing where am going with that

Later to several attemps, think to found a possible flag, but it´s wrong. Someone can help me? Thanks in advance :slight_smile:

It turns out that I had the flag very quicky but for whatever reason it did not work, perhaps I noted it down wrong. Nothing more to add beyond what has already been said.