Monday at 10:40 AM5 days 6 minutes ago, Washi said:@Sawyer555Automation is your best friend in this challenge.It uses 20 bytes as input, I guess bruteforce isn't an option. Do I have to let the binary work for me somehow? I was going to try and understand the encryption somehow but I believe this is not the right way.
Monday at 02:50 PM5 days On 10/12/2025 at 8:35 PM, Washi said:A debugger's callstack is your best friend :)You probably want to revisit that reasoningThen we must conclude things that come in are not the right input parameters...The same approach should apply for the entire binary. Follow the breadcrumbs, they are sneaky with some of the encryption throughout the protocol...Are they really 4 exact copies of the binary?@Washi no, it has difference but I don't know what its effect is? What should I do next, please?
Tuesday at 05:31 PM4 days Author @Sawyer555 On 10/13/2025 at 12:40 PM, Sawyer555 said:Do I have to let the binary work for me somehow?The binary itself is probably going to be too inefficient for you to do anything interesting at runtime, other than validating some individual tests. As for bruteforce, flare-on typically requires no bruteforce for any challenge, let alone bruteforcing 0x20 bytes which definitely won't finish before the end of the universe :^).@pypy @Washi no, it has difference but I don't know what its effect is? What should I do next, please?Pay close attention to how it differs. Is it deterministic?
Tuesday at 10:09 PM4 days Any hints for ch6?I have the decompiled Python code and the contracts, but I can't derive the keys Edited Tuesday at 10:11 PM4 days by eric_cartman
Wednesday at 01:31 AM4 days 7 hours ago, Washi said:@Sawyer555The binary itself is probably going to be too inefficient for you to do anything interesting at runtime, other than validating some individual tests. As for bruteforce, flare-on typically requires no bruteforce for any challenge, let alone bruteforcing 0x20 bytes which definitely won't finish before the end of the universe :^).@pypy@Washi no, it has difference but I don't know what its effect is? What should I do next, please?Pay close attention to how it differs. Is it deterministic?@Washi thank you very much, I have solved it!
Wednesday at 09:27 PM3 days On 10/14/2025 at 8:31 PM, Washi said:@Sawyer555The binary itself is probably going to be too inefficient for you to do anything interesting at runtime, other than validating some individual tests. As for bruteforce, flare-on typically requires no bruteforce for any challenge, let alone bruteforcing 0x20 bytes which definitely won't finish before the end of the universe :^).I have progress a lot, but I'm really struggling to figure out what happens between the "f" functions and the memcmp. It's some sort of matrix manipulation but just so damn complicated. How am I supposed to reverse that?
Thursday at 08:58 AM3 days Author @Sawyer555 Try to identify the high level semantics that the code implements, as opposed to zooming in too much on the individual operations. After that, then it is pen and paper time :)
Thursday at 11:28 AM2 days On 10/12/2025 at 9:34 AM, pypy said:hi, can you give some hints for CH4, please? I've patched the M byte to make it run and I see it clones 4 copies. What should I do next?Try playing with filename... It change something?
2 hours ago2 hr Need a little nudge for 8. I found the handler for the OK button.I think I found the comparison of the correct value, but I'm not really sure.I think it's some sort of a 8-byte hash (or some other calculation) of the input, compared to a certain value.The problem is that this value exists even when entering the OK button handler function, so that's why I'm not sure.Am I in the right direction? Or am I wasting my time?
Create an account or sign in to comment