Find The Secret Flag

phingage · June 25, 2018, 4:01pm

Spoiler Removed - egre55

phingage · June 25, 2018, 5:55pm

Spoiler Removed - egre55

BananaPr1nc3 · July 22, 2018, 2:32pm

I got a key and the message “Are you sure it’s the right one? …”. I don’t know how to continue further. I found the “secret function” but I have no idea with what to call it.

QHpix · September 4, 2018, 3:35pm

Solved, took a bit but this was a very cool challenge

Hrafnskogr · September 8, 2018, 3:57pm

Solved it too.
But have some questions about the solution.
If anyone feels like it, it would be nice to have a chat about it, feel free to reach me.
Thanks

mrlb · October 31, 2018, 12:26pm

@trebla said:

I think that I have found the name of the creator but I have weird characters between the two names and at the end of the string.

I got the same problem. Try doing what you are doing but on the whole file.

Hi, I’ve got to the exact same point.

At this moment I am able to decode all the “strings” found inside the asm, but the one with the name of the creator has garbage chars as stated before.

I tried to find other meanings to those “extra” hex codes but without any luck.

I’m pretty sure I’m decoding the correct hex because I was able to get it both by extracting the hex from the asm and both by getting an already decoded string from the asm (with a little patch).

Do you have any suggestion on this?
Thanks!

mrlb · November 1, 2018, 7:26am

Ok, I finally did it… this morning I suddenly woke up with a possible solution on my mind about why I had some “garbage” characters, took the pc and fixed the decoding XD

anthonws · November 25, 2018, 5:27pm

Anyone willing to mentor me on this one? I’m not an experienced debugger… still learning the basics.
I can understand, on a high level, what the program is doing and I’ve found flags and strings that appear to be part of the solution.
Looking online for the solution is not the way that I want to go, so if anyone is willing to spend some cycles with me, that would be awesome

Thanks!

ForeGuards · December 5, 2018, 7:05am

Can someone PM for this challenge? Maybe I can help you with whatever you are stuck with.

kekra · December 8, 2018, 4:20pm

Fantastic challenge! I neither patched the binary nor used a script. I first went through the ‘obvious’ / ‘visible’ part of the code with disassembler and debugger … to find out that I am really ‘not sure’ if this the flag because of the ambiguity of the alleged solution.

Then I tried to really solve it by reading the rest of the assembly, analyzing what the remaining stuff does or better, would do.
As this part is to some extent similar to the rabbit hole, it may help to have ploughed through the other stuff in detail through it’s not really required.

maycon · December 30, 2018, 3:08am

I made a patch on the binary and found the name of the authors. Using the original binary and the same argument it was possible to get the flag, but I don’t know why the portal isn’t accepting. It should be HTB{flag}, right? Should I convert to l33t speak?

maycon · December 31, 2018, 3:31pm

I’ve got it. My mistake (as usual).

Cheers and happy new years. \o/

viralata · January 10, 2019, 11:30am

Hi guys, i’m having problems to find what this binary needs. I tried every single way I learn until now to print what it need but with no success!
I get a hash prompted on CLI (gdb) but could’t use it.
I couldn’t find what to insert on /tmp/secret.
Could someone please help me (probably more like guiding through) solve this challenge.
Any help will be welcome.

Thanks in advance!

Revolution · January 14, 2019, 1:35am

I got the names of the two creators of this challenge, but I wasted 4 hours of my life not being able to understand what the flag is supposed to be. I tried EVERYTHING. I tried to enter the flag alone, to enter it as a hex and even to enter different combinations by excluding characters off the flag. Can someone help me understand what the ■■■■ the creators of this so called “challenge” are thinking ?

tabacci · January 28, 2019, 11:00am

No need gdb for this challenge. ptrace is enough.

viralata · January 29, 2019, 1:02am

@tabacci said:
No need gdb for this challenge. ptrace is enough.

Could you please guide me through? I already tryed everything I knew and I jusnt cant pass through this one!!
Thanks in advance!

ydrah · January 29, 2019, 12:50pm

Hmmm seems to me like the number which is provided as input must be brute forced, the file has to be create and the *** placed in it…Is there a way to solve without brute force ? Please PM me if I am wrong, will save me hours of life.

EDIT: Weird, the hidden function returns ■■■■…however if I run the weird string in that function through the xor brute on cyberchef it gets this out of it:

Key = 78: DECODER$.STEFANO…$…$.]r

But this is not accepted as a flag…can someone pm me ? getting angry at this point…

tabacci · February 2, 2019, 8:21pm

@ydrah
You are right. But the binary should be patched in two places.
You can skip the first patch by actions you described, but the second patch to hidden function is necessary.
Then run with different args bruting it slightly and wait the flag.

mendedsiren63 · February 11, 2019, 11:19am

Guys! sorry to ruin the party! but I am not even able to execute the file. This file runs and doesn’t give me CLI interface to type anything… anyone encountered same issue?

merlinthebox · March 18, 2019, 11:59am

Hints

It works. You just have to figure out how to make it progress. (Needs something to be somewhere)
If you don’t like shortcuts, you need to patch the binary. Utilize everything, leave no function behind!
Cyber chef makes a delicious xor cake.
You can skip 1&2 if shortcuts are your thing.

Thanks to the creators for this challenge!