Can anyone help me with 4?

What i have donne until now

I've patched the M byte to make it run.(it is sufficient? Need other patches?) For What i see the program create some copies with one byte change for each copy. But now i can't understand What to do. Any hint?

Need help regarding ch5, i can see that its a finite state machine but there are so many handlers. Any hints how can i get the states each state function can transition into?

Edited October 3Oct 3 by iamwho

6 hours ago, iamwho said:

Need help regarding ch5, i can see that its a finite state machine but there are so many handlers. Any hints how can i get the states each state function can transition into?

Same here .. I understand all the logic, found where flag is decrypted but I can’t try to automate the branches exploring to find the correct path .. anyone for a real hint about this?

Just now, Bakko said:

Can anyone help me with 4?

What i have donne until now

I've patched the M byte to make it run.(it is sufficient? Need other patches?) For What i see the program create some copies with one byte change for each copy. But now i can't understand What to do. Any hint?

18 hours ago, Bakko said:

Can anyone help me with 4?

What i have donne until now

I've patched the M byte to make it run.(it is sufficient? Need other patches?) For What i see the program create some copies with one byte change for each copy. But now i can't understand What to do. Any hint?

18 hours ago, Bakko said:

Can anyone help me with 4?

What i have donne until now

I've patched the M byte to make it run.(it is sufficient? Need other patches?) For What i see the program create some copies with one byte change for each copy. But now i can't understand What to do. Any hint?

Never mind i managed to solve it

eeee

@aka7am @iamwho

Pay close attention to the things that are checked for in the if statements guarding the goody boy message. What comparisons are being made? How do these relate to the "branching mechanism" you're talking about?

Any tips on ch 8? I have no slight progress.

Should I study on how MetaObject structured?

On 10/3/2025 at 3:58 AM, aka7am said:

Same here .. I understand all the logic, found where flag is decrypted but I can’t try to automate the branches exploring to find the correct path .. anyone for a real hint about this?

Either scripting in your disassembler of choice (BN, Ghidra, IDA), or use something like Capstone.

Any help for ch6? Kinda stuck on what to do, i have unpacked the py bytecode.

2 hours ago, iamwho said:

Any help for ch6? Kinda stuck on what to do, i have unpacked the py bytecode.

Adding to this, i think its some smart contract thing. Although im not very well versed in web3, can anyone point out some learning resources for it?

Quick question about Ch7:

What I've done so far:

I found out that a connection is established on port 8000. The server responds with an encrypted message that looks something like this: {“ack”: “username@computername”}. Here, username@computername is used as the key for an XOR algorithm with AES S Box. Then another connection is initialized, which sends the collected information about the infected system. This information is encrypted in a different way. I'm stuck here because it's extremely difficult to read. Do I have to work through it, or is there an easier way to solve it?

43 minutes ago, piano96 said:

Quick question about Ch7:

What I've done so far:

I found out that a connection is established on port 8000. The server responds with an encrypted message that looks something like this: {“ack”: “username@computername”}. Here, username@computername is used as the key for an XOR algorithm with AES S Box. Then another connection is initialized, which sends the collected information about the infected system. This information is encrypted in a different way. I'm stuck here because it's extremely difficult to read. Do I have to work through it, or is there an easier way to solve it?

I solved it in the hard/long way, not sure if there is an easier one.

36 minutes ago, Torraske said:

I solved it in the hard/long way, not sure if there is an easier one.

Ok thank you. So at least I‘m on a way that solves the problem?

4 hours ago, piano96 said:

Ok thank you. So at least I‘m on a way that solves the problem?

Yes 🙂

Any help with ch7, the main function is huge and highly obfuscated.

@piano96 did you clean the functions. I also saw that it establishes a connection on port 8000 using x64dbg.
Reading the main function is pain with junk

9 minutes ago, jhinga said:

Any help with ch7, the main function is huge and highly obfuscated.

@piano96 did you clean the functions. I also saw that it establishes a connection on port 8000 using x64dbg.
Reading the main function is pain with junk

I did not deobfuscate anything. Ida was not really helpful.

2 minutes ago, piano96 said:

I did not deobfuscate anything. Ida was not really helpful.

i cant find where the actual logic is for sockets. I tried debugging it but still cant find it.

Anybody a hint for challenge 8? I found the instructions where it compares the calculated value against the expected one but don't have a clue where it comes from. Wrote some deobfuscation scripts but they were not really helpful. Don't know how to proceed