Hi guys, I seem to be stuck too. I managed to brute force the number for the parameter. I also managed to get the “hit any key” part through patching. But the string I’m getting looks useless, even after I tried putting it in cyberchef. Any help would be appreciated.
Thanks to a particular three letter agency and their new tool I was able to do everything I needed for this for free.
Learned so much about reversing and the tool from this challenge. Great start to Linux reverse engineering.
Happy to provide pointers through DM
Can someone help me with this? The binary doesn’t print anything when I run it 
I finally managed to get the Flag after analysing the asm-code for couple of hours. G***** from the N, * and * was very helpful. I learned a lot about reversing in this challenge. I managed to solve this challenge without patching the application, but I would like to talk about other solutions. Can anyone who solved it by patching the application drop me a DM?! Thanks a lot !
Happy to provide hints through DM.
I got the creator name but i cant verify it, anyone can PM to help me pls 
I feel like I’m close but not quite there yet…
I found the XOR key, and can get the program to spit out some hex that translates to some readable ASCII text. However, continuing from there just causes the program to exit.
I then tried forcing the program to execute a function that seemed to never be called by changing RIP to the secret function address. I can get to the application saying “–hit any key”, but then after that, it just exits normally with no more data seeming to be provided to me. Not sure what the do next.
Anyone able to send me a nudge would be greatly appreciated.
@i4n said:
Anyone have any suggestions for this one? Most seem to be stuck at the same spot and have found a way to either print the “–hit any key” or “are you sure its the right one”. I can’t seem to figure out exactly what’s going on with this. I know you can change the input in a couple ways and redirect to other functions but haven’t come up with anything that produces the flag
Nice comment, also this was not so difficult as snake for example. I did it just with static analysis.
Is it expected for the binary not to work properly?
When using a debugger (let’s say GDB), and stepping in, I get this message:
“_IO_new_fopen (filename=0x400c76 “/DIR/FILENAME”, mode=0x400c73 “rb”) at iofopen.c:88
88 iofopen.c: No such file or directory.”
p.s. Of course the file in the expected location
just solved. i spent 6 hours 
. Some tips: 1. radare2 use “aaaa”, find main and calls from main. 2. search for strings. 3. think about some strings (string) u found, where they are called from? good look, and try harder.
Ty, @BananaPr1nc3, your comment is pretty helpfull!
Is correct add a function to call the piece of the code where there is the string “–hit any key” ? I had a lot of output string but the converted hex and xor doesn’t really mean nothing. I saw the strings inside the binary but no one captured my attention. Some helps
Type your comment> @Arkango said:
Is correct add a function to call the piece of the code where there is the string “–hit any key” ? I had a lot of output string but the converted hex and xor doesn’t really mean nothing. I saw the strings inside the binary but no one captured my attention. Some helps
You are on the correct path. When your program prints “useless” stuff, try to backtrack where your operands come from and ask yourself if that makes any sense. At multiple points in the binary, things remain unused which should be used. Radare2 hints at what you could try, can’t tell how it looks like in other disassemblers.
Hint: Find the right byte and profit. No reversing required. Having said that, I did spent time reversing to arrive at this hint. 
This challenge made me want to end it all… And nobody in this thread mentions the issue that confused me the most.
If you get the string with the names of the creators but with a bunch of “unwanted” characters, then do some research about the bell character.
Alternatively, you do not need to know anything about what I mentioned above if you just patch the binary in the right places which, in my opinion, is a bit painful to work out.
new to HTB (and infosec in general), took me a full day!
boy that was challenging, but i learned alot from it.
i made it with 2 binary patches, as well as python script (that did more than just the filecheck).
tips:
- strings- take a close look at them. to which function each string belongs to?
- the program has few requirements to run properly. find those in the code
- identify the important zone that needs to run, as well as its required registers values.
Hello everyone, I’m a beginner. can someone help me ? .
I already found the hidden function , but I didn’t understand the input meaning of the main function,
if the file creation is necessary in the future of the program for the state of the variables ,
and the xor printed how to reverse it
@ydrah i think you finished this challenge already i’m stuck on the hidden function to get the flag can you PM me or if someone can, please?
FInally
Solved this just by looking at the disassembled code, no debugger necessary (though it’d help I guess). Found the function and quickly brute forced the key with cyberchef. I feel this one was easier than “Debug Me”.
I was wondering why I can’t debug this, and now I think it might be stripped.
Even with that knowledge, still not getting very far!
Finally got it! Took over a week, and a little help. This may the most difficult challenge I’ve ever completed on HTB. I’ve done a couple reversing challenges with higher difficulty ratings (e.g. cake); but for me they were easier. I think it might be because I have an easier time when I can use graphical debuggers.