Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Do I have to bruteforce the key for challenge 6 (the shellcode challenge)?

  • Replies 59
  • Views 27.9k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Yippee-ki-yay!  Congrats! You have successfully solved all of the challenges in the windows tier! Care to try another tier? >:P

  • Found something interesting-ish (or completely useless, who knows) There is binary on the main front page (obviously), which is largely garbage ("00100000" repeated), but in the middle there is s

  • It's just tricky.  

@lazydaemon Bruteforce with restrictions which makes it easier I would say.

On 8/10/2016 at 3:55 PM, m0rphiz3 said:

i am talking about the shellcode one, algo is *c4, 11 len key, in which 5 are constants..

Four are constants, not five.

Yes, only four constants. I already calculated 4billion keys but still no valid one. I think, something is wrong with my code.

Since everyone is bruteforcing that one, let's reduce the keyspace a tad.
fs[30] should be 0x01

That should cut it in half :)

4 are constants, but one is a debugger check, which if debugger increments the constant, so it is also a constant

Yes you're right. I think it must be 0x00 which means the process is not being debugged. You sure about 0x01 Rurik?

I changed a little bit of my code and the key space is now 803520 keys long.

Can anybody confirm this?

I still can't find the correct key. 

Spoiler

Maybe my RC4 implementation is wrong.

 

Edited by lazydaemon

@lazydaemon There are 5 constants including dbg flag which should be zero.  
Maybe you have missed out some keys. My keyspace was 1571328 keys long and that was found after taking into account of the possible values as per MSDN.
In the end size of the keyspace didn't matter as it took just a few seconds to brute.

I ripped out the encryption algo from the binary, so implementation did not matter.

Ok, I solved it. Made a couple of really stupid mistakes in my code ;-)

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.