Hi,
I am new to reversing but have worked through a couple of them at this point. Very cool stuff and I have learned a lot. However, I am now facing impossible password which is a very different format. I have figured out step 1. Step 2 is what I am working on and I am not sure of the approach. Any suggestions? I have a vague idea of what is going on as it runs, but not how to solve. I am thinking maybe something like angr but is there a more straightforward way?
Thanks!
u should try to trace what’s going on
If I get what you mean by step 2… solving step 2 could be a good exercise, but may not be necessary to get the flag.
@jwstone said:
If I get what you mean by step 2… solving step 2 could be a good exercise, but may not be necessary to get the flag.
How could you get the flag without doing the second part? That does not make sense
@3XPL017 said:
@jwstone said:
If I get what you mean by step 2… solving step 2 could be a good exercise, but may not be necessary to get the flag.How could you get the flag without doing the second part? That does not make sense
I observe there are 3 parts.
I confirm that the second part isn’t needed.
Is this supposed to crash binja (demo version)?
It doesn’t crash my binja
I only see 2 parts to this challenge in IDA.
Spoiler Removed
@DrWahbi said:
hey , i’m sorry but i tried every thing , from Hex editor to ollydbg to trace the jumps but the debugger can’t read bin , but there’s no message to trace , i found something like SuperSekretKey but i didn’t understand what next , please any hints !
Try to chmod +x the .bin file…btw running GDB on it works, its just there is no symbol table 
Also, if anyone has a small hint to share, it would be really appreciated
Thanks
Well @n3m0 , if it’s “Impossible Password” it means is quite real impossible
Always follow the hints (titles, descriptions… ) here in HTB, they say it all.
Anyway, you only need to know some basics of GDB to overcome this impossible password… nothing impossible though
Good luck,
padovah4ck
@padovah4ck is absolutely correct. If you don’t like GDB, use radare2 I actually solved this from the disassembly without breakpoints or actual debugging, but that was not the easy road.
I’ve been using radare2 for these and it’s been awesome!
I solved the challenge and learnt a lot about reverse engineering and how to follow the opcodes execution. I would like to give a suggestion (for those who are new ) Use the combination of EDB-debugger and Radare2 - Graph mode and you can understand the entire assembly.
So I am on stage 2 **; There are 20-ish HEX characters, but it won’t accept them as a password. Guys, I need a clue
I don’t understand the stages people are talking about. I only understand that it should be debugged, but is possible to solve from disassembly alone. I am trying radare2 and gdb, When I try to debug, it seems strange because no matter where I try to put breakpoints, it never prints any output to the screen. would appreciate a hint.
OK nvm my first post. I get it now. I got to the second part but due to above hints will try to jump.
OK wow that was strange. I got the flag, though I’m not completely sure how what I did worked.
So I played a bit around on stage ** and i found out that abc", “def” will be read as abc",
So I wondered if there is a way to inject something like 1==1 into strcmp. Can someone PM me and give me a hint whether I’m thinking in the right direction