All Activity

Can anyone help me with 4? What i have donne until now I've patched the M byte to make it run.(it is sufficient? Need other patches?) For What i see the program create some copies with one byte change for each copy. But now i can't understand What to do. Any hint?

Extending my previous post: I know that it has something to do with NO_SEH but don't know what to do with this information. I'm looking for the table for hours but don't find anything useful...

Anybody hints for ch4?. Don't know where to look for. I saw the changing byte and also the two execution paths. Probably the one with jmp eax at the end needs to be taken. But I didn't see any condition that I can patch. I'm also not sure if I fixed anything in the PE, but it is running. I'm grateful for any hint. :)

I've bruted almost every possible keys with 0 results. Who can indicate the correct direction for validating the last character, which would increase transactions to 16?

Anyone hints/directions for 7? I am completely clueless

Have you tried all possible combinations? Cause in my understanding only one branch should lead to flag

Project swapped to DiskInfoDotnet bin

Edit: Dumb mistake in how I was collecting info. Done I've been stuck on the 5th for a few days. I know exactly what it's doing, and how, and am debugging it like turtles - all the way down. I have all the possible branches in a massive spreadsheet, but nothing stands out. There has to be a way without brute forcing and it has to be something stupidly simple...

I think I have understood the logic .. I need some help to automatically check the “state” for each step

Did you find anything? I can see that it calls file apis and also has some states initialization. Ida cant decompile the binary cause the function is too big

You are almost ready. If it exits without output you are maybe running the wrong python version. Are you sure you have the right username? You can send me a message if you want

Anyone for a nudge in the 5th flag?

Need help on CH2... I've been working on CH2 and successfully reversed the signature algorithm to find the username that passes authentication. The code uses the arc4 package to decrypt the final flag with RC4 encryption. I can verify the username is correct because when reversed it produces the exact target signature the code checks against, but when I try decrypting the flag using that username as the key I just get garbage. I've tried patching os.getlogin to return the correct username and running the actual script but it exits silently without output. I'm stuck figuring out what exact value gets passed as the key to the ARC4 cipher constructor. The username itself doesn't work as the key directly. Any hints on what im missing ut here would be greatly appreciated /|\

requiring sanity check on challenge 6 chain of demand i guess the correct way here is to restore seed. and there is only one option for seed (because of lcg design and first encrypted message). but that seed does not seem to work since lcg does not generate correct value for encrypting next message and also cannot regenerate same rsa key as given. unlikely that problem with an implementation, i tried both reimplementing lcg\xor and deploying bytecode on test environment (in python tho, could it be some weird bignumber endianess problem?!) with same result also tried to play with the rsa key generation algo but it does not seem to be vulnerable. what am i missing?

Any hints for ch5?

snk have both private and public. and there is a ms tool that extracts public key as snk format for delayed signing. so there must be a tool that could just convert text public to public binary. that does not involve any prk

Do you need a specific version of Python to run CH2? I tried with 3.13.7 (my default) and none of the bytecode executed. Again tried with Python 3.11 and I get "AttributeError" trying to execute the first bytecode. At this point I'm unsure whether this is part of the challenge or not.

I have problems with CH2. I looked at the code object and identified other code objects. Now I am able to see the prints ("Verifiying lead researcher...") etc. I dont know how to use it. I also found the use of RC4, but no material for it. There is also no output on my screen. Would be grateful for any help.

There is no way to convert public key to snk since snk also includes private key and not only public key. Calculating private key of RSA is still problematic.

depending on where you are, you might have to fix it more and run it again or fix it again and don't close all of the windows too quickly Does anyone have a hint for 5? it seems the password is limited to certain characters and those again can only appear in a certain order. but trying all possible "allowed" passwords on the decryption function doesn't seem to get me anywhere.

Any hints for challenge 4? I already fixed the PE file. After running it, it creates several copies of it and opens all of them.

any hints for 4? is it just not that deep? bc i ran it looking for diffs n also at the windows error reporting data

That's and important line, don't just comment it out. Do something else.. :)

some link from CodeProject is dead - use webarchive

Someone please share zero 2 automated reversing course. Thank you.