Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[crackme] Find the flag by extremecoders

Extreme Coders
Extreme Coders
in CrackMe

Featured Replies

Posted

This is a CTF style challenge. 


 




Objective  : You need to find the flag which will print the good boy message

Rules      : Everything is allowed

 

Have fun!



 


Virustotal scan


findtheflag.rar

Edited by Extreme Coders

    • Like 4

    Solved by kao

    Go to solution

    Stupid patch.


    :)


     


    findtheflag1.rar

    post-31931-0-77926200-1446451530_thumb.j

    Edited by GIV

    • Like 3
    • Author

    @GIV: Good Work. :)


     


    A little hint if someone else is interested in finding the actual flag. It consists of exactly 30 printable ascii characters.


    •
    • Like 1

    They can do a simple compare of my patched file with original file. Is just a byte patch.


    Is a xor and a compare operation and a simple jump to pass the bad boy message.


     


    I have searched in memory the bad boy string, put a hwbp on access on the first letter then when it was triggered i looked in the call stack to see from where it was accessed and forward using the stack i have reached the actual check routine.


    I have no patience to recompose the original string just i have put a compare to be equal (EAX=0) and so the program jumps always to good boy.


    Edited by GIV

    The thing is, in an actual CTF you'd need the string. C'mon yer ol' lad, put a little extra effort in this, at least it is not the usual "überpacked" .NET file, too much of that sith has been posted here in the last year...

    Edited by SmilingWolf

    • Like 2
    • Solution

    flag{Y0u_s0lved_that_r1ght!!!}



     


    EDIT: I enjoyed it so much that I think it deserves a small writeup. Coming up in few hours.. :)


    Edited by kao

    • Like 11
    • Author

    That was quick. I am literally out of words.


     


    You actually deserve a prize for this. :)


    Where there is no hope there is KAO ;)

    oh not to forget tonyweb ;)

    Edited by Jasi2169

    Thank you Extreme Coders, nice challenge.



    flag{Y0u_s0lved_that_r1ght!!!}



     


    Attachments include


      cleaned (NOPed) executable findtheflag1.p1.rar


      a Mathematica nb file plus its html output Untitled-2.rar


      pseudo-code maincode.txt


    •
    • Like 3
    • Author

    @Gyrus: Excellent work.  :thumbs:


    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.