backin Posted November 8, 2023 Share Posted November 8, 2023 3 minutes ago, f355 said: ch13 Hide contents so I wrote a reverse shell server-side script, so I can issue commands to the client and receive responses. I found 2 commands one gives life tip, another tells I need to provide password. I am kind of stuck at this point, any pointers would be appreciated.. Also the debugging here is tricky since the executable relaunches itself after every command, so it is hard to debug how commands are processed and responses generated. Any tips for proper debugging? Should I patch the binary so it doesn't terminate itself? Spoiler Hi! Yes, you are in right direction. You should find out what password you should provide. Try to trace that via x64dbg or ida pro. Look closely to constants put to registers Also i am curious did you managed to deobfucate code - and how) Link to comment Share on other sites More sharing options...
ChaoticEnigma Posted November 10, 2023 Share Posted November 10, 2023 I know there's not much time left, but anyone want to drop a hint for the end of ch13? I think I understand everything in the program, but I just don't see how to work forwards/backwards to identify the right PRNG seed. I have the whole thing pretty well de-obfuscated, and I can run the flag decryption in unicorn. But it doesn't seems practical to brute force. Am I just overlooking something simple? Or is it an Angr problem... then I'll just give up now. Link to comment Share on other sites More sharing options...
X0rby Posted November 11, 2023 Share Posted November 11, 2023 ch13 Link to comment Share on other sites More sharing options...
ChaoticEnigma Posted November 12, 2023 Share Posted November 12, 2023 Saw that on twitter earlier, that's a great explanation. My bad for treating the ROP code as an opaque operation, I wouldn't have thought it would be decrypting and re-encrypting the flag haha. Although the official writeup makes even less sense now. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now