August 12, 20169 yr Hints about the challenges have been posted on their official site. http://researchcenter.paloaltonetworks.com/2016/08/labyrenth-capture-the-flag-ctf-hints/
August 12, 20169 yr On 8/10/2016 at 3:55 PM, m0rphiz3 said: i am talking about the shellcode one, algo is *c4, 11 len key, in which 5 are constants.. Four are constants, not five.
August 12, 20169 yr Yes, only four constants. I already calculated 4billion keys but still no valid one. I think, something is wrong with my code.
August 12, 20169 yr Since everyone is bruteforcing that one, let's reduce the keyspace a tad. fs[30] should be 0x01 That should cut it in half
August 12, 20169 yr 4 are constants, but one is a debugger check, which if debugger increments the constant, so it is also a constant
August 12, 20169 yr Yes you're right. I think it must be 0x00 which means the process is not being debugged. You sure about 0x01 Rurik? I changed a little bit of my code and the key space is now 803520 keys long. Can anybody confirm this? I still can't find the correct key. Spoiler Maybe my RC4 implementation is wrong. Edited August 12, 20169 yr by lazydaemon
August 13, 20169 yr @lazydaemon There are 5 constants including dbg flag which should be zero. Maybe you have missed out some keys. My keyspace was 1571328 keys long and that was found after taking into account of the possible values as per MSDN. In the end size of the keyspace didn't matter as it took just a few seconds to brute. I ripped out the encryption algo from the binary, so implementation did not matter.
Create an account or sign in to comment