Official Window's Infinity Edge Discussion

If anyone reads this and can give me a nudge, I’d greatly appreciate it. Here’s what I’ve done so far:

  • Built a C# library to mimic the shell code decryption algo
  • Decrypted all of the packets (aside from a particular one response string that has padding errors)
  • Found both fake flags
  • Built a C# library to build out the temp file in the packets

I feel like I’ve combed through every piece of data in this pcap and I’m just missing something obvious. So, if anyone comes across this and I don’t have an update saying I solved it: please, for the love of my sanity, send help!

Could anyone share some hints for the final steps? Like @karhu, I have decrypted packets, reconstructed the tmp file, and that left me with a very interesting kind of file, but I’m hitting a wall there. Is it necessary to use a special malware software like for the oBfsC4t10n challenge? And just like @karhu, my sanity would benefit from your help as well!

Does anyone here have any clue? Im at the same point as @karhu was 1 year ago…

Thank you