Blue Shadow Forensics Challenge

Hello everyone,
I have some trouble finding the “antidote”, does anyone have any ideas?

Google is your friend. Do what a forensic investigator would do, lookup indicators.

any hint? can’t find anything on google

Follow the information you already have from the challenge description, you don’t need Google for the first part.
Try harder… :wink:

muwhahahahah

I’m a **** **** fan and I get pretty much everything that I’m supposed to be looking for but I’ll be damned if I still can’t figure this out. Sometimes I find the word A******* and sometimes I see the word F***. Sometimes I see what appears to be the output of a program and sometimes I see nothing but ■■■■. My one question: should I be thinking in a different language or am I just a wermo?

Oh… wait a second…

Don’t overthink
I’m not a big fan of Star Wars so I had to do a little research on the virus

okay, I think I know what I need to do but I don’t know how to do it. :-/

@Mapperist said:
I’m a **** **** fan and I get pretty much everything that I’m supposed to be looking for but I’ll be damned if I still can’t figure this out. Sometimes I find the word A******* and sometimes I see the word F***. Sometimes I see what appears to be the output of a program and sometimes I see nothing but ■■■■. My one question: should I be thinking in a different language or am I just a wermo?

I exclusively speak english and h4x0r so no other languages involved

I have the twitter part worked out. Can someone DM me or allow me to DM them for a hint?

im stuck at the same position can anyone pm me ? i need a hint :frowning:

I’ve troubled with decoding, utf-8 gives me errors… Can someone provide a hint as to what I need to use to decode it?

So, in another encoding I’m able to see the text. I assume the file is called ex*****.a**? But I can’t debug or decompile it, probably because it’s not right as in the file there’s /00’s and other non-characters, making it impossible to run. I’ve also thrown in into an assembly program as there’s a word Rev***I, but that doesn’t work either.
Can anyone provide me a hint? I’m really stuck with this one, but I’m really interested in solving this.

okay im a big fan but only from the original 6 filmes and i dont know how i can find this key can anyone give me a little hint ?

okay update i got the flag but its incorrect can anyone pm me ?

This is wild, is it xxd, perl, folding, packing. 58 tweets how did you pack this into a file? FLAGLEN is what I see from strings after converting to a bin…pm anytime please

This one is stumping me. And I hope the following doesnt have spoilers. I tried to redact important parts.
I have the binary, ive been debugging it and noticed that it performs logical *** within a procedure call named E******.
BUT… this looks like a red herring? There are no ASCII characters which will pass thru this procedure and output HTB{…} as the third character in the input would have to be 0x14
I noticed there is a very interesting unused function call named RIt and also noticed that is not ever called from within the binary, and this sounds like it would be the key to unlocking it.
Im trying various things but it always ends in a SEGFAULT or an exception for unmapped memory when I try to force it to jump to procedure R
it.

I would appreciate a PM with a tip to point me in the right direction.

I got it.
After you know what to do with the tweets, DONT OVER THINK IT.
Google is your friend.
this took me hourse because I overthought the solution. As soon as you have figured out what to do with the tweets, you are literally 90% done and all you need is a google search for the answer

NOTE: If you are using a script to download the tweets, remember that Twitter changed from 140 to 280 characters so you may not be getting everything.