debugme

Ugh, that one was hard. Pretty new to reversing but slogged through it. I only used x32dbg (comes with scylla, I guess).

Good reading that helped me through it: http://pferrie.host22.com/papers/antidebug.pdf

I used x32dbg. Not sure if the Scylla hide feature was needed but I checked several boxes anyway.

Hint: Find the beginning of the actual program and JUMP there… The rest is basic RE analysis.

In my experience with using OllyDBG, after dealing with the anti-debugging techniques some instructions were not being displayed correctly which hindered my RE analysis and got me stuck. Tried x32dbg and managed to solve it from there.

Hope someone finds that helpful!

Think i found the decryption of the flag before the program exits, but it decrypting rubish … using x32dbg and scylla hide

I’ve been struggling with this challenge for several days. Learned quite a lot about anti-debugging techniques on the way. I’ve used IDA 7.0 Free to complete the challenge.

Just completed today morning. Nice challenge. It did not make my hair white like “find the secret flag” did, but I really enjoyed. Now only heavy reverse stuff left to complete, so real headache is just before me -:slight_smile:

Someone please reach out and help me. I’m completely lost. Trying to use Suylla but again, super lost.

I’m truing patch binary with modificated sym._main I’m repite decrypt as it done in this programm but my new file raise exception by address 0x401722
Could somebody give tips into PM about it?

Thanks.

I’ve done it with x32dbg but I interest how can do it with radare2.
I like radare2 :slight_smile:

I really liked this challenge. Thank you for uploading it!

I just completed this challenge and i don’t agree that its hard. There is no need to patch anything. I used x32dbg, then advanced → Hide Debugger option from x32dbg. just go along and keep your eyes open :slight_smile: . You can use scyllahide as well. If the program exits, may be it is its natural behavior. Dont doubt your anti-debugging plugin.

i guess i need help with that , am using IDA i started the debugger and am trying to use anti debugging techniques but am not sure what am i doing where am going with that

Later to several attemps, think to found a possible flag, but it´s wrong. Someone can help me? Thanks in advance :slight_smile:

It turns out that I had the flag very quicky but for whatever reason it did not work, perhaps I noted it down wrong. Nothing more to add beyond what has already been said.

Hey, I’m kind of new to reverse engineering I have completed some of the easy ones here but I’m facing real difficulties in this one, I’m using x64dbg with scylla and I’m trying to go in by steps and also have tried to change some jumps on debug check and fill it with nop but I’m still stuck and the patch exe i generated is not even running in windows.

Any help would be appreciated, thank you.

hey guys,
how can I know if I’m on the right way? I’m using x32dx (hide debugger setting on) + ScyllaHide, but can’t seem to find anything. I’m really new to RE, so would appreciate a hit or two ^^

thanks!

What are the required tools.Iam using Termux on Android.Can someone explain the methodology behind the Debugger Challenge.Or is that too much?Thank you.

Took me a day to solve it without any tooling (besides IDA and its embedded debugger). At first it may seem a bit complex but as you start pulling the string it becomes more and more evident what you need to actually bypass.

Check the file entry point and start from there !

can any one help me to decrypt an Exe ??

solved it , no need for debugger just static analysis(binary ninja) + python is enough.