Official Window's Infinity Edge Discussion

I found 2 troll flags, and then the real one. If it’s easy to see, it’s wrong.

I see. I would PM you for a nudge but I don’t have enough rank. Is this challenge possible on Linux or do you need windows specific debuggers? (idk if this is a spoiler. forgive me if it is)

@sparkla this = needing to use windows specific debuggers to reverse stuff

nvm got it. Just had to dig a little deeper :slight_smile:

This is a very enjoyable straightforward challenge. If you did oBfsC4t10n challenge this one should not cause any problems.

is it necessary to create some algorithm to decrypt?

Type your comment> @clubby789 said:

I found 2 troll flags, and then the real one. If it’s easy to see, it’s wrong.

How did you manage after? I am a few steps after that and currently have no idea how to go about run everything that’s being dropped

You don’t need to run any shellcode, and you don’t need Windows. This is forensics, not reversing

Real great work from the authors.

I just have troll flags at the moment, but i’d be curious to know if this is close to some malware that actually existed ?

I am pretty sure i am at the end of the russian dolls, i know what tools are used, what technique is used to run them, etc… but i’m surprised i cannot debug a piece of shellcode at the end. For the other challenges i had no problem but in this case it just doesn’t work… would appreciate some help.

I feel like I’ve been through everything multiple times. I’ve found the troll flags, decoded everything I can find but still no flag. What am I missing!!!

Got it. Go read the brief again before you go on a wild goose chase. Then use that information to narrow down where you should look.

Finally solved this challenge! It was very fun, thanks @splintercode and @stefano118!
You indeed don’t need to run any shellcode…
If anyone needs a small nudge, feel free to send me a PM!

i’d appreciate a nudge on this !!

About time I solved this. Great challenge @splintercode and @stefano118

Nice mix of trolling and herring there @splintercode @stefano118 - great challenge.
To anyone still stuck - keep at it - the advice above is good, if you need a small nudge - PM.

Thanks @splintercode and @stefano118 for the great challenge that help us explore real life tools and techniques that attackers could use

Someone active for a little nudge? PM me.

If anyone reads this and can give me a nudge, I’d greatly appreciate it. Here’s what I’ve done so far:

  • Built a C# library to mimic the shell code decryption algo
  • Decrypted all of the packets (aside from a particular one response string that has padding errors)
  • Found both fake flags
  • Built a C# library to build out the temp file in the packets

I feel like I’ve combed through every piece of data in this pcap and I’m just missing something obvious. So, if anyone comes across this and I don’t have an update saying I solved it: please, for the love of my sanity, send help!

Could anyone share some hints for the final steps? Like @karhu, I have decrypted packets, reconstructed the tmp file, and that left me with a very interesting kind of file, but I’m hitting a wall there. Is it necessary to use a special malware software like for the oBfsC4t10n challenge? And just like @karhu, my sanity would benefit from your help as well!