Blue Shadow Forensics Challenge

hello,

i am new here, i just need to know if the E** file that we got, need to be executed with an input from S*** w**** episode ? Or i just need to get the hint from the episode and append it in the HTB{}.
thank u

give some nudge pleasee… convert all binary?

So Got the binary no bother, and got a pop culture reference, not really sure where to go from their however

Stuck again.
Got the elf but cannot run it. Got the s*** w*** episode thing but google didn’t help me with ‘Blue Bhadow v****’ since idk what to look for.
Read all the comments in this section but still stuck. PM me pleaseeeeeeeeeeee

I’ve found answer.
Hint: After download binary text concatenate it and use CyberChef for getting binary executive file. After it go from message. SW ep.* only a sign on your way, go to fan universe, big Disney cartoon between new trilogy and classical movies :slight_smile:

Hi there, can anyone give a nudge?
edit: ■■■■, I had a very stupid mistake. Easy indeed.

Good challenge, I’d say more misc than forensics as the most difficult part is scraping the data.
Pro tip: Don’t be like me and waste 2 hours because you got the tweets in the wrong order

I did the same… (facepalm)
Start as the normal order of events are done…

Kinda straightforward but time consuming challenge. And really need to come to the forums if you are not in star wars fan zone.

I have copied all the binary numbers from @blue_shad0w_ in twitter, but I cannot execute the .bin file which start from “.ELF…4…4. …” generated by the cyberchef. May anyone recommend me what I should do now for this challenge as I am still want to complete this challenge. Thanks first. Hope anyone who have completed this challenge will PM me to give some useful suggestions

A couple things that might help:

  • If you use CyberChef, use it within Kali – saving the output did not work properly within MacOS.

  • If you are like me and had no idea what to do with the Star Wars hint, find a Star Wars Wiki Page for a topic having the same name as the challenge. Read it carefully (or use CEWL on it).

  • The binary is looking for a single value to be passed to it, and is expecting the data to be in lower case. The flag may not return accurately with mixed case.

i got the data from twitter and stored it to a file but cant find a way to make it as executable

Ok a little help needed here please. I have the file running but how do you know what to pass to it not asking for the answer but how do you tell if its a -something, --something, etc.

if you can’t make it execute-able:

  1. Double check again if you got all the data or just partial. Because, copy paste somehow won’t get all the data.
  2. you know what’s an executable header should looks like, so make sure u got the order right when u are putting it all together.

Hope that helps!

The first few steps are the most important…if you’re not able to execute, you did something wrong. Make sure everything is in chronological order, use cyber chef, and export using their function (don’t copy and paste into a file). Would recommend using Kali. The other hints here regarding googling and other things will then be relevant if the file can execute.

Not sure if anyone still active around this challenge, but im confused :/…
so i got the flag, dd it, and now i got the b*t string, which doesnt suit anything, i tried to change it after the real name i found on google and nothing.
also tried under HTB{} but nothing.

any tip or clue? thanks!

I seem to be the only one getting “SHT table size or offset is invalid” error from IDA. I read the assembly and I understand what happens inside but I’m afraid I might be missing something.

@moti1408 said:

Not sure if anyone still active around this challenge, but im confused :/…
so i got the flag, dd it, and now i got the b*t string, which doesnt suit anything, i tried to change it after the real name i found on google and nothing.
also tried under HTB{} but nothing.

any tip or clue? thanks!

Take a look at the binary, again, and you should see what to do with what you have (if memory serves me right, that is :smiley: )

@TrigusinDarom said:

I seem to be the only one getting “SHT table size or offset is invalid” error from IDA. I read the assembly and I understand what happens inside but I’m afraid I might be missing something.

I got the same, but simply ignored it :wink:

@HomeSen So it really is reading the wiki page? Because I feel I’ve used all of the strings, even the one inside peh.

@TrigusinDarom said:

@HomeSen So it really is reading the wiki page? Because I feel I’ve used all of the strings, even the one inside peh.

Well, if I remember correctly, it is about making an educated guess, in the end :wink:

All you need is a wiki page and a terminal
PM for nudge if you’re stuck