Application 3 **BROKEN**

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: Application 3 **BROKEN**

Post by Sorete on Wed Oct 11, 2017 4:06 pm
([msg=94774]see Re: Application 3 **BROKEN**[/msg])

I'm trying to do this using only x32dbg and Hex Editor Neo. This is what I have so far:

- app3win.exe seems to be made in Real Basic, which I never heard of. Strings don't end with a 0 like C strings, they start with a byte that serves as a character count, so they are limited to 256 chars.

- It has 9 sections: .text, .rdata, ... etc. The last one, .reloc, ends at file offset 0x1537FF. When the process is created, everything after this address is not loaded into memory. That's why we don't find the strings in memory, they start at 0x165190. They are loaded on demand when needed. I don't know how yet, that seems to happen somewhere in the button callback function.

This is fun. :)
User avatar
New User
New User
Posts: 1
Joined: Wed Oct 11, 2017 3:09 pm
Blog: View Blog (0)

Re: Application 3 **BROKEN**

Post by Andersffs on Mon Feb 26, 2018 2:59 pm
([msg=95311]see Re: Application 3 **BROKEN**[/msg])

To anyone coming here in 2018, while there has been added more layers to stuff since the creation of this challenge, there's multiple ways to solve this pretty easy. I guess that you can solve this in the same way it was intended from the beginning. That's all I can say without spoiling it.

Happy hacking!
New User
New User
Posts: 2
Joined: Mon Feb 26, 2018 2:55 pm
Blog: View Blog (0)


Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests