App 17!

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: App 17!

Post by cyberdrain on Tue Nov 18, 2014 5:56 pm
([msg=85143]see Re: App 17![/msg])

QtDevl wrote:I'm sorry but unfortunately I don't have the imagination to write a challenge :P
I'm more intrigued to solve them

Alright then, at least I tried.
Free your mind / Think clearly
User avatar
cyberdrain
Expert
Expert
 
Posts: 2154
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: App 17!

Post by -Ninjex- on Wed Nov 19, 2014 1:46 am
([msg=85161]see Re: App 17![/msg])

cyberdrain wrote:QtDevl, if you have the time, could you dev up some binary exploitation missions? Sounds like you know what you're talking about and HTS could use some binary exploitation missions imho. :)


Can we keep stuff like this in pm?
image
For those that know
K: 0x2CD8D4F9
User avatar
-Ninjex-
Moderator
Moderator
 
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: App 17!

Post by synstealth on Fri Dec 04, 2015 11:05 am
([msg=90854]see Re: App 17![/msg])

Is this application working correctly?

Ive used Olly and successfully decipher my username into HTS-serial numbers, I tested the serial on the application 17, it says to enter that password on HTS, when I tried to enter the password on HTS - it says the password is invalid? what is going on??

let me know who to PM with my answer

-- Fri Dec 04, 2015 12:11 pm --

ilanman123 wrote:
QtDevl wrote:
ilanman123 wrote:Hi.
Like a number of people before me, the app says the password is correct but I can't submit it to HTS.
The password I got is HTS-142C-1A2A-2120-0118-0D13


As with programming 9, you must remember the server handles all the binary calculations as 64 bit integers, not 32 bit.
For example, your code is correct for the app, but for the server your code would really be
HTS-142C-1A2A-2120-2705-160E

MODS: if this is a spoiler delete, but since he got a correct code, i presume this is ok.

LATE EDIT:
Since I was asked as to why this happens, I'll explain it here.
The application was compiled for 32 bit, and it uses 32bit integers, which means all bitwise operations are done ON 32 bits( NOTE that compiling for 64 bits does not guarantee 64bit integers or unless you specifically use them ).
As me and mzungudo have found out for programming 9, the server on the other hand is 64 bits, so all integers are 64 bits, which means bitwise operations can AND WILL overflow to 64 bits if necessary.
Now, this wouldn't be a problem normally, but NightQuest ( app17 creator ) made a small mistake.
The app does a LEFT SHIFT x positions ( x position varies, if you've done this you'll know which one it is ), sometimes x can be more than 32, which is a problem as in c a left shift of more than int size ( 32 in this case ) bits IS UNDEFINED BEHAVIOUR.
The server on the other hand has 64 bit integers and can do shifts up to and including 64 bits.
So if you've made a keygen for this and want to submit your code, you should use 64 bit integers and you should be fine, the easiest way would be if you know php to convert your code to php and use a 64 bit server.Obviously the app won't accept the code, but the site will.
Fixing this can be easy or hard depending on which road you take, the app could have some sanity checks so bitwise operations don't overflow, the server could force 32bit integers or cut out extra bits when they overflow.
About 2 years ago me and mzungudo have proposed a fix but apparently it wasn't put online.

Thank you for explaining why this happens. This problem exists for more than 2 years, I wonder why they still haven't fixed it.




I saw this quote.. this made me realize if I wrote the php code and execute the php code on windows 10 64 bit will give me a 64 bit serial as a result instead of 32bit?
synstealth
New User
New User
 
Posts: 4
Joined: Thu Aug 16, 2012 9:49 pm
Blog: View Blog (0)


Re: App 17!

Post by Leeky on Tue Apr 18, 2017 5:02 am
([msg=93613]see Re: App 17![/msg])

It's seems like noone posted anything here for a while, so I don't think I will find help but anyways:

I analyzed the whole assembly code and wrote a key-gen for it.
The application says I should test my stuff on the site ,but the site won't accept it.

After reading through this post I saw that the server checks my key with a 64bit generated key,
so I tried to adjust my key-gen and I was able to get the same results as in the post that mentioned it.
But still the site won't accept it.

Edit: Was just too dumb to try to write the non numeric hex characters uppercased
Leeky
New User
New User
 
Posts: 1
Joined: Tue Apr 18, 2017 4:51 am
Blog: View Blog (0)


Re: App 17!

Post by 000000ffffff on Tue Apr 18, 2017 6:42 am
([msg=93614]see Re: App 17![/msg])

Yea, case sensitivity is pretty big from what I've seen so far.

Nice though, good catch.
000000ffffff
New User
New User
 
Posts: 10
Joined: Thu Apr 06, 2017 10:26 am
Blog: View Blog (0)


Previous

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests

cron