Jump to content
Tuts 4 You

[crackme]F-Secure khallenge


Loki

Recommended Posts

The contest starts on Friday 1st of August 2008 at 12:00 and ends on August 3rd 2008 at 11:59 (local Assembly time, EEST).

Khallenge is a reverse engineering challenge made by F-Secure for the Summer ASSEMBLY 2008 event held in Helsinki, Finland. The contestants must reverse engineer binaries in order to discover keys that the executables will accept. After completing the first level, instructions will be given on how to proceed to the next level.

Further information about challenge, including the official rules, is available from Assembly '08 web site. You can find more information about the people behind this compo from F-Secure Security Labs Weblog.

Go here to check it out:

http://www.khallenge.com/

Posted in the crackme forum as thats what these are. I'm closing the thread to respect F-Secure's request that this should not be discussed openly prior to the end of the competition. I'll reopen it afterwards so that you can discuss methods and problems :)

Have fun - perhaps you'll win one of the iPod's ;)

Edited by Loki
Link to comment

Am I just crazy or did you have to crack an MD5 hash on level 2? I stopped doing it because I didn't feel like doing that lol. The smallest password length I got for level 2 was 9 characters.

Link to comment

^ I second that ;) I encountered a few that work in that fashion where CMP BYTE PTR [EBP+8] checked the bit for command line argument (usually 0x2) ;)

Link to comment

Hi all. The level 2 make me feel bored with challenge. So many cases. Here is strings we need have to by pass first check (password has 9 chars) :

10.?G??Dx?A?
12.?E??Fz?C?
17.?N??Mq?H?
18.?O??Lp?I?
19.?L??Os?J?
20.?M??Nr?K?
21.?J??Iu?L?
22.?K??Ht?M?
23.?H??Kw?N?
24.?I??Jv?O?
25.?V??Ui?P?
26.?W??Th?Q?
27.?T??Wk?R?
28.?U??Vj?S?
29.?R??Qm?T?
30.?S??Pl?U?
31.?P??So?V?
32.?Q??Rn?W?
36.?g??dX?a?
38.?e??fZ?c?
43.?n??mQ?h?
44.?o??lP?i?
45.?l??oS?j?
46.?m??nR?k?
47.?j??iU?l?
48.?k??hT?m?
49.?h??kW?n?
50.?i??jV?o?
51.?v??uI?p?
52.?w??tH?q?
53.?t??wK?r?
54.?u??vJ?s?
55.?r??qM?t?
56.?s??pL?u?
57.?p??sO?v?
58.?q??rN?w?

First check :

004012F4 50 PUSH EAX
004012F5 E8 C6FEFFFF CALL FSC08_Le.004011C0
004012FA 8BF8 MOV EDI,EAX
004012FC 81F7 69B462A4 XOR EDI,A462B469
00401302 81FF 69B462A4 CMP EDI,A462B469

'?' char is char that we need find to make correctly on MD5 check. MD5 hash was modified.

Link to comment

well if are solved not are problem in post the 1rts item

1)
Enter the key: BOFPCongratulations! Please send an e-mail to Easy2o08@khallenge.com

when send an email you see the 2nd , and bypass the md5 uu, not know how solve as pass+correct crc

example how must write the pass in the argument, mine argument is "apuromafo" /open archive and argument apuromafo

post-28194-1217967738_thumb.jpg

the fixed work nice but ..what are the correct pass.. not know

maybe can help this of old year

http://securityxploded.com/hackerchallenge2007phase3.php

http://zairon.wordpress.com/2007/08/06/f-s...-2007-solution/

Edited by apuromafo
Link to comment
Khallenge III was over the weekend, here are the current solution statistics:

Level 1: 393

Level 2: 20

Level 3: 8

During the run of the competition, the final level was solved by 4 people:

1. Igor Skochinsky (iPod Touch 32GB)

2. Kaspars Osis (iPod Touch 16GB)

3. "bbuc" (t-shirt)

4. Ludvig Strigeus (t-shirt)

Igor & Kaspars are returning winners from previous Khallenge competitions (1) (2). Great job guys!

Runners-up:

Alexander Polyakov, "Lancert", "push.ret", "Hellspawn", V. Usatyuk, "Piotras", "ASMax"

Level 1 contains a hidden message, here are the winners:

1. Alexandru Maximciuc (t-shirt)

2. Volodymyr Pikhur (t-shirt)

3. Richard Baranyi (t-shirt)

On a personal note, while designing the challenges I've been wondering if level 2 was too difficult. The statistics have proven it was. However, according to your responses, it was great fun! I'm glad to hear that many people enjoyed it. Next year though, we'll aim to get the challenges into a bit better balance. ;-)

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...