fl0wer Posted October 23, 2022 Share Posted October 23, 2022 (edited) Could use some help with challenge 5.. I am rather new to reversing, sorry for the dumb questions here. I am too stuck on ch5. Spoiler When you guys are decrypting, are you editing the actual binary before execution (through some python script that iterates through the binary)? Or are you decrypting during runtime? It looks like stuff is getting encrypted/obfuscation, but I struggle to find some kind of input key that I can follow to identify what exactly is getting encrypted. First thing I did was to set the time back to June 14th 2022, I did this manually through the Windows systime. I also tried to just set `eax` to `0xF` where the program does a `cmp eax, F` to see if time is right. Both things "works" it seems - gets me out of the long `sleep`. However, when moving forward, I am not sure what and where something gets encrypted - and how I decrypt it. I see where the first base64 encoded string is being created, but I feel I need to figure out what is being base64 encoded in the first place, which I struggle with. The word `ahoy` prefixed by some numbers seems to what's doing a XOR obfuscation, but I am not sure at all. I spent around 8 hours looking at this 😅. I guess I need to read up on encryption/decryption. I learned something new about base64 encoding/decoding - didn't know you could change the scheme's index cipher and it would still be valid base64, pretty cool. Hope someone can help 🙂 Edited October 23, 2022 by fl0wer Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now