Find The Secret Flag

This challenge made me want to end it all… And nobody in this thread mentions the issue that confused me the most.

If you get the string with the names of the creators but with a bunch of “unwanted” characters, then do some research about the bell character.

Alternatively, you do not need to know anything about what I mentioned above if you just patch the binary in the right places which, in my opinion, is a bit painful to work out.

new to HTB (and infosec in general), took me a full day!
boy that was challenging, but i learned alot from it.
i made it with 2 binary patches, as well as python script (that did more than just the filecheck).

tips:

  1. strings- take a close look at them. to which function each string belongs to?
  2. the program has few requirements to run properly. find those in the code
  3. identify the important zone that needs to run, as well as its required registers values.

Hello everyone, I’m a beginner. can someone help me ? .
I already found the hidden function , but I didn’t understand the input meaning of the main function,
if the file creation is necessary in the future of the program for the state of the variables ,
and the xor printed how to reverse it

@ydrah i think you finished this challenge already i’m stuck on the hidden function to get the flag can you PM me or if someone can, please?

FInally

Solved this just by looking at the disassembled code, no debugger necessary (though it’d help I guess). Found the function and quickly brute forced the key with cyberchef. I feel this one was easier than “Debug Me”.

I was wondering why I can’t debug this, and now I think it might be stripped.
Even with that knowledge, still not getting very far!

Finally got it! Took over a week, and a little help. This may the most difficult challenge I’ve ever completed on HTB. I’ve done a couple reversing challenges with higher difficulty ratings (e.g. cake); but for me they were easier. I think it might be because I have an easier time when I can use graphical debuggers.

Done, take care when you let IDA to propose you a decoded string
eg. db “xyz” look at the hexadecimal, it will avoid me to spend time to search for some string characters

Just done this one. It seriously took me more time to figure out what to do with the flag than to patch the binary. So my main hint is - beware of deep rabbit holes! :slight_smile:

Quite a nice challenge for people keen on RE. Thank you @decoder and @stefano118 for making this available.

Hi guys, I found the flag but HTB doesn’t accept it. Can anyone help me ?

I struggled with this for many hours, but ultimately I wrote perl code to do what that one function does. Didn’t need to do binary altering or debugging or cyberchef, just need to understand the assembly.

Note that static analysis and dynamic (running) analysis can give you different info, and ptrace hack can make debugging difficult.

I have been trying to solve this challenge for hours now. I have found the name of the creators and the correct input to be given when you execute the program. I did all this by just analysing the code and bruteforcing it.

However, I am still not able to find the flag. Earlier challenges which I solved had the flag in the format HTB{sometext}. Does this challenge also have the flag in the same format? if not, do I have to combine the correct string and the authors name? I tried a few combination but they didn’t work.

Please help me with this.

Im really stuck with this one, got the creators names (from 2 places), got the argument, done different patches to the binary but cannot make it spit the correct flag :frowning:

edit: nvm got it

solved it. The biggest issue I had was to find a decent debugger to work with in Linux. I am spoiled in Windows land with X64dbg and the likes. Combining GDB with Peda helped a bit but I still struggle with all-terminal debuggers. My hint on this one would be find the secret routine, find the info you need to reverse the secret code and most important, use a hexdump of the encrypted secret for reversing, the string representation gave me a false decrypted result.

All in all a nice challenge, thanks to the creator!

Got it, fun challenge. What @SackOfHacks said about the hexdump is very correct

So I was finally able to solve it but I’m wondering how people were able to solve this without patching. Anybody who didn’t patch willing to explain their solution?

In this program Is ptrace used for anti-debugging only?

I’ve done it but i’m shoked :wink:

Just my two cents on whoever get stuck here… remember that you may not have the right key…
I was stuck because the key I was using expose a similar “expected” string, but wasn`t the right one!..