[Reverse] Headache

I have found the dummy flag in the hexdump, but now I have no other leads.

Any suggestions or tips?

Prepare to have a headache, possibly heartache as well :wink:

If you did the other reversing challenges here, it is (relatively) straightforward, but not trivial. Other than a debugger (i used radare), there are no additional tools required, yet they might be helpful.

If you don’t understand the behavior of the binary at all, elfparser (available on Github) might give you some leads. You also want to have a look at the string-usage in the disassembly, it can give you a good idea of where to set breakpoints.

So I got the flag (not the troll flag): HTB{w*****4*s_****l} but it’s showing as incorrect. Did I get doubly trolled and am missing something?

Anything that’s incorrect is not the flag. Try again.

Any tutorials or steps I can follow to bypass the ptrace anti-debug technique for this challenge.
I observed ptrace detection found in elfparser.

For those who are still struggling with this, bear in mind that an ELF file can be modified somehow sometimes on the fly. So don’t trust what you see by using conventional static analysis tools such as radare2 or IDA.

This binary is full of fake flags, don’t despair and try harder.

Type your comment> @uNam3m3 said:

Any tutorials or steps I can follow to bypass the ptrace anti-debug technique for this challenge.
I observed ptrace detection found in elfparser.

Google is full of references to this. You can either patch or debug the binary.

If you are debugging , think what ptrace returns when it does fail and change this value to bypass it.

Finally did it. Holy ■■■■ this challenge was annoying. Though saying that, I did learn an absolute ton about GDB in the process so it’s not all that bad. Anyone attempting this, watch out for troll flags. There are like 5 of them or something absolutely silly.

Really enjoyed this challenge, lots of learning and a few headaches :slight_smile:

For me, it was getting over the first hump was the hardest. Afterwards the rest flows fairly naturally. I used mainly GDB and Ghidra.

Do not stop at the first step you may miss something… With the help of strace and a good debugger it does the trick… well it was c000l and not so h4rd if you want to finish it h3r3 in time

Type your comment> @job0 said:

Really enjoyed this challenge, lots of learning and a few headaches :slight_smile:

For me, it was getting over the first hump was the hardest. Afterwards the rest flows fairly naturally. I used mainly GDB and Ghidra.

Ghidra isn’t showing me any functions.

Solved but my head is on fire!

I found the function where there is the md5 o simply hex char sequence, and that is used in a function with best… ever… strings . is that the right function ?

Holy mother of ************* this was so ■■■■■■■ difficult. I learned so much from this though.

I tried to get flag but all of them fake.
If I run debug and enter the flag, result will “Login success!”; but I directly run script, it’s failed.
I tried to modify some instruction but error.
Please give me some hint!!!
Thanks so much!

Edit: Too many fake flags but I eventually found the right one. So headache…

Has anyone gotten Ida to run/debug this, it keeps giving me an error because it not a ‘standard’ executable. I think I understand how it was compiled… but that doesn’t help me run it

Did anybody use angr for solving this kind of challenge?

I’ve done all the lower points challenges but I’ve got no idea on where to start to do this one. Is there any good reference to study?

Finally got this one!!! Lots of headache for sure. But at the same time good learnings.