Try it here.
Challenge #13 - Can you find the key?
#1
Posted 29 August 2011 - 02:15 AM
Try it here.
#2
Posted 29 August 2011 - 04:57 PM
#3
Posted 29 August 2011 - 05:02 PM
The .exe has it's executable code at offset 0x0800, finally telling that there is nothing to say.
But there is a different code in the .exe starting at 0x1400 bringing the solution.
I tried some time with debugger (OllyDbg) to execute the code at 0x1400, but w/o success. Anybody has a suggestion?
Maybe relocation table change?
Peter
#4
Posted 29 August 2011 - 05:06 PM
You may insert a JMP at the very beginning & then try to execute it in OllyDbg.I tried some time with debugger to execute the code at 0x1400, but w/o success. Anybody has a suggestion?
PE Explorer is a very good tool to explore EXE header. May be you have some luck with that. I used it for some time some year ago.Maybe relocation table change?
#5
Posted 29 August 2011 - 05:13 PM
I can change the registers, but currently I cannot change the code.
Do you know the How To?
Peter
#6
Posted 29 August 2011 - 05:54 PM
Select the instruction you want to change, then hit spacebar.Do you know the How To?
#7
Posted 29 August 2011 - 09:51 PM
#8
Posted 29 August 2011 - 11:38 PM
#9
Posted 29 August 2011 - 11:52 PM
#10
Posted 30 August 2011 - 09:33 PM
CFF explorer is free and might be even better (only the disassembler is not that advanced): post #7 of http://reboot.pro/15001/PE Explorer is a very good tool to explore EXE header. May be you have some luck with that. I used it for some time some year ago.
#11
Posted 01 September 2011 - 08:02 PM
Challenge #14 might be easier to solve tough.
#12
Posted 02 September 2011 - 06:00 AM
#13
Posted 05 September 2011 - 09:22 PM
Yes, it is.Taking out the first letters from the updated challenge text, I guess the challenge is related to PE/COFF file format.
#14
Posted 06 September 2011 - 07:11 PM
#15
Posted 06 September 2011 - 07:19 PM
No. The string you see, is from a fprintf command. When the program is correctly fixed and run, the "%x" part will be replaced by a hexadecimal number stored in the "key" variable and printed to the screen.key is 0x%x
fprintf(stdout, "The key is 0x%x.\n", key);
#16
Posted 06 September 2011 - 08:44 PM
#17
Posted 06 September 2011 - 08:57 PM
If you want to do it the hard way, it might be possible this way, although I doubt it."The key is.." which is also in the new last section. That's ok, not a prob, but still error when running. Probably some more pointers need to be fixed..?? On the right track here?
A tip: To find the solution, you don't need a debugger at all. A pair of good eyes (or just one good eye) and a hexeditor to view the file carefully, might give you a clue. Be sure to read the PE/COFF spec.
#18
Posted 07 September 2011 - 08:05 PM
#19
Posted 07 September 2011 - 08:10 PM
Yes . And, did you find it a rather easy solution or not?Is it this one?
Challenge #13: Pretty Easy. Come On, File Fixers! It's only a bit tricky!
#20
Posted 07 September 2011 - 08:14 PM
#21
Posted 07 January 2012 - 12:45 AM
#22
Posted 07 January 2012 - 03:00 AM
#23
Posted 07 January 2012 - 12:40 PM
#24
Posted 08 January 2012 - 04:39 AM
Is this it?
SHA-1 Hash: (Full value of 0x%x generated hash)
8da1f266225b4f7d18aac434f72b5d112464eb6d
#25
Posted 08 January 2012 - 04:42 AM
No need to wait for Icecube. Original post contains a link to try out the challenge.Is this it?
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users