Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[crackme]F-Secure khallenge

Loki
Loki
in CrackMe

Featured Replies

Posted
The contest starts on Friday 1st of August 2008 at 12:00 and ends on August 3rd 2008 at 11:59 (local Assembly time, EEST).

Khallenge is a reverse engineering challenge made by F-Secure for the Summer ASSEMBLY 2008 event held in Helsinki, Finland. The contestants must reverse engineer binaries in order to discover keys that the executables will accept. After completing the first level, instructions will be given on how to proceed to the next level.

Further information about challenge, including the official rules, is available from Assembly '08 web site. You can find more information about the people behind this compo from F-Secure Security Labs Weblog.

Go here to check it out:

http://www.khallenge.com/

Posted in the crackme forum as thats what these are. I'm closing the thread to respect F-Secure's request that this should not be discussed openly prior to the end of the competition. I'll reopen it afterwards so that you can discuss methods and problems :)

Have fun - perhaps you'll win one of the iPod's ;)

Edited by Loki

Do you know who won the iPod's, anyone we know?

Ted.

  • Author

Not me..... :P

They usually announce it on the blog so I'll update the thread when its there :)

Am I just crazy or did you have to crack an MD5 hash on level 2? I stopped doing it because I didn't feel like doing that lol. The smallest password length I got for level 2 was 9 characters.

It was a pain in the *** with all the crap added to it - RDTSC + GetCurrentProcessId()..

Is it normal that Level 2 doesn

It's starts, but you have to run it with the key as argument in command line.

^ I second that ;) I encountered a few that work in that fashion where CMP BYTE PTR [EBP+8] checked the bit for command line argument (usually 0x2) ;)

Then my system doesn

Hi all. The level 2 make me feel bored with challenge. So many cases. Here is strings we need have to by pass first check (password has 9 chars) :

10.?G??Dx?A?
12.?E??Fz?C?
17.?N??Mq?H?
18.?O??Lp?I?
19.?L??Os?J?
20.?M??Nr?K?
21.?J??Iu?L?
22.?K??Ht?M?
23.?H??Kw?N?
24.?I??Jv?O?
25.?V??Ui?P?
26.?W??Th?Q?
27.?T??Wk?R?
28.?U??Vj?S?
29.?R??Qm?T?
30.?S??Pl?U?
31.?P??So?V?
32.?Q??Rn?W?
36.?g??dX?a?
38.?e??fZ?c?
43.?n??mQ?h?
44.?o??lP?i?
45.?l??oS?j?
46.?m??nR?k?
47.?j??iU?l?
48.?k??hT?m?
49.?h??kW?n?
50.?i??jV?o?
51.?v??uI?p?
52.?w??tH?q?
53.?t??wK?r?
54.?u??vJ?s?
55.?r??qM?t?
56.?s??pL?u?
57.?p??sO?v?
58.?q??rN?w?

First check :

004012F4 50 PUSH EAX
004012F5 E8 C6FEFFFF CALL FSC08_Le.004011C0
004012FA 8BF8 MOV EDI,EAX
004012FC 81F7 69B462A4 XOR EDI,A462B469
00401302 81FF 69B462A4 CMP EDI,A462B469

'?' char is char that we need find to make correctly on MD5 check. MD5 hash was modified.

Here's one I modified when I was messing with it...

dump_fixed.rar

well if are solved not are problem in post the 1rts item

1)
Enter the key: BOFPCongratulations! Please send an e-mail to Easy2o08@khallenge.com

when send an email you see the 2nd , and bypass the md5 uu, not know how solve as pass+correct crc

example how must write the pass in the argument, mine argument is "apuromafo" /open archive and argument apuromafo

post-28194-1217967738_thumb.jpg

the fixed work nice but ..what are the correct pass.. not know

maybe can help this of old year

http://securityxploded.com/hackerchallenge2007phase3.php

http://zairon.wordpress.com/2007/08/06/f-s...-2007-solution/

Edited by apuromafo

  • Author
Khallenge III was over the weekend, here are the current solution statistics:

Level 1: 393

Level 2: 20

Level 3: 8

During the run of the competition, the final level was solved by 4 people:

1. Igor Skochinsky (iPod Touch 32GB)

2. Kaspars Osis (iPod Touch 16GB)

3. "bbuc" (t-shirt)

4. Ludvig Strigeus (t-shirt)

Igor & Kaspars are returning winners from previous Khallenge competitions (1) (2). Great job guys!

Runners-up:

Alexander Polyakov, "Lancert", "push.ret", "Hellspawn", V. Usatyuk, "Piotras", "ASMax"

Level 1 contains a hidden message, here are the winners:

1. Alexandru Maximciuc (t-shirt)

2. Volodymyr Pikhur (t-shirt)

3. Richard Baranyi (t-shirt)

On a personal note, while designing the challenges I've been wondering if level 2 was too difficult. The statistics have proven it was. However, according to your responses, it was great fun! I'm glad to hear that many people enjoyed it. Next year though, we'll aim to get the challenges into a bit better balance. ;-)

LOL? "Level 1 contains a hidden message" - interesting :) )

Gotta find that one ;)

greetz

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.