Monday at 10:40 AM4 days 6 minutes ago, Washi said:@Sawyer555Automation is your best friend in this challenge.It uses 20 bytes as input, I guess bruteforce isn't an option. Do I have to let the binary work for me somehow? I was going to try and understand the encryption somehow but I believe this is not the right way.
Monday at 02:50 PM4 days On 10/12/2025 at 8:35 PM, Washi said:A debugger's callstack is your best friend :)You probably want to revisit that reasoningThen we must conclude things that come in are not the right input parameters...The same approach should apply for the entire binary. Follow the breadcrumbs, they are sneaky with some of the encryption throughout the protocol...Are they really 4 exact copies of the binary?@Washi no, it has difference but I don't know what its effect is? What should I do next, please?
Tuesday at 05:31 PM3 days Author @Sawyer555 On 10/13/2025 at 12:40 PM, Sawyer555 said:Do I have to let the binary work for me somehow?The binary itself is probably going to be too inefficient for you to do anything interesting at runtime, other than validating some individual tests. As for bruteforce, flare-on typically requires no bruteforce for any challenge, let alone bruteforcing 0x20 bytes which definitely won't finish before the end of the universe :^).@pypy @Washi no, it has difference but I don't know what its effect is? What should I do next, please?Pay close attention to how it differs. Is it deterministic?
Tuesday at 10:09 PM2 days Any hints for ch6?I have the decompiled Python code and the contracts, but I can't derive the keys Edited Tuesday at 10:11 PM2 days by eric_cartman
Wednesday at 01:31 AM2 days 7 hours ago, Washi said:@Sawyer555The binary itself is probably going to be too inefficient for you to do anything interesting at runtime, other than validating some individual tests. As for bruteforce, flare-on typically requires no bruteforce for any challenge, let alone bruteforcing 0x20 bytes which definitely won't finish before the end of the universe :^).@pypy@Washi no, it has difference but I don't know what its effect is? What should I do next, please?Pay close attention to how it differs. Is it deterministic?@Washi thank you very much, I have solved it!
Wednesday at 09:27 PM1 day On 10/14/2025 at 8:31 PM, Washi said:@Sawyer555The binary itself is probably going to be too inefficient for you to do anything interesting at runtime, other than validating some individual tests. As for bruteforce, flare-on typically requires no bruteforce for any challenge, let alone bruteforcing 0x20 bytes which definitely won't finish before the end of the universe :^).I have progress a lot, but I'm really struggling to figure out what happens between the "f" functions and the memcmp. It's some sort of matrix manipulation but just so damn complicated. How am I supposed to reverse that?
Yesterday at 08:58 AM1 day Author @Sawyer555 Try to identify the high level semantics that the code implements, as opposed to zooming in too much on the individual operations. After that, then it is pen and paper time :)
Yesterday at 11:28 AM1 day On 10/12/2025 at 9:34 AM, pypy said:hi, can you give some hints for CH4, please? I've patched the M byte to make it run and I see it clones 4 copies. What should I do next?Try playing with filename... It change something?
Create an account or sign in to comment