App 17!

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: App 17!

Post by cyberdrain on Tue Nov 18, 2014 5:56 pm
([msg=85143]see Re: App 17![/msg])

QtDevl wrote:I'm sorry but unfortunately I don't have the imagination to write a challenge :P
I'm more intrigued to solve them

Alright then, at least I tried.
Free your mind / Think clearly
User avatar
Posts: 2160
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)

Re: App 17!

Post by -Ninjex- on Wed Nov 19, 2014 1:46 am
([msg=85161]see Re: App 17![/msg])

cyberdrain wrote:QtDevl, if you have the time, could you dev up some binary exploitation missions? Sounds like you know what you're talking about and HTS could use some binary exploitation missions imho. :)

Can we keep stuff like this in pm?
For those that know
K: 0x2CD8D4F9
User avatar
Posts: 1691
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)

Re: App 17!

Post by synstealth on Fri Dec 04, 2015 11:05 am
([msg=90854]see Re: App 17![/msg])

Is this application working correctly?

Ive used Olly and successfully decipher my username into HTS-serial numbers, I tested the serial on the application 17, it says to enter that password on HTS, when I tried to enter the password on HTS - it says the password is invalid? what is going on??

let me know who to PM with my answer

-- Fri Dec 04, 2015 12:11 pm --

ilanman123 wrote:
QtDevl wrote:
ilanman123 wrote:Hi.
Like a number of people before me, the app says the password is correct but I can't submit it to HTS.
The password I got is HTS-142C-1A2A-2120-0118-0D13

As with programming 9, you must remember the server handles all the binary calculations as 64 bit integers, not 32 bit.
For example, your code is correct for the app, but for the server your code would really be

MODS: if this is a spoiler delete, but since he got a correct code, i presume this is ok.

Since I was asked as to why this happens, I'll explain it here.
The application was compiled for 32 bit, and it uses 32bit integers, which means all bitwise operations are done ON 32 bits( NOTE that compiling for 64 bits does not guarantee 64bit integers or unless you specifically use them ).
As me and mzungudo have found out for programming 9, the server on the other hand is 64 bits, so all integers are 64 bits, which means bitwise operations can AND WILL overflow to 64 bits if necessary.
Now, this wouldn't be a problem normally, but NightQuest ( app17 creator ) made a small mistake.
The app does a LEFT SHIFT x positions ( x position varies, if you've done this you'll know which one it is ), sometimes x can be more than 32, which is a problem as in c a left shift of more than int size ( 32 in this case ) bits IS UNDEFINED BEHAVIOUR.
The server on the other hand has 64 bit integers and can do shifts up to and including 64 bits.
So if you've made a keygen for this and want to submit your code, you should use 64 bit integers and you should be fine, the easiest way would be if you know php to convert your code to php and use a 64 bit server.Obviously the app won't accept the code, but the site will.
Fixing this can be easy or hard depending on which road you take, the app could have some sanity checks so bitwise operations don't overflow, the server could force 32bit integers or cut out extra bits when they overflow.
About 2 years ago me and mzungudo have proposed a fix but apparently it wasn't put online.

Thank you for explaining why this happens. This problem exists for more than 2 years, I wonder why they still haven't fixed it.

I saw this quote.. this made me realize if I wrote the php code and execute the php code on windows 10 64 bit will give me a 64 bit serial as a result instead of 32bit?
New User
New User
Posts: 4
Joined: Thu Aug 16, 2012 9:49 pm
Blog: View Blog (0)

Re: App 17!

Post by Leeky on Tue Apr 18, 2017 5:02 am
([msg=93613]see Re: App 17![/msg])

It's seems like noone posted anything here for a while, so I don't think I will find help but anyways:

I analyzed the whole assembly code and wrote a key-gen for it.
The application says I should test my stuff on the site ,but the site won't accept it.

After reading through this post I saw that the server checks my key with a 64bit generated key,
so I tried to adjust my key-gen and I was able to get the same results as in the post that mentioned it.
But still the site won't accept it.

Edit: Was just too dumb to try to write the non numeric hex characters uppercased
New User
New User
Posts: 1
Joined: Tue Apr 18, 2017 4:51 am
Blog: View Blog (0)

Re: App 17!

Post by 000000ffffff on Tue Apr 18, 2017 6:42 am
([msg=93614]see Re: App 17![/msg])

Yea, case sensitivity is pretty big from what I've seen so far.

Nice though, good catch.
New User
New User
Posts: 10
Joined: Thu Apr 06, 2017 10:26 am
Blog: View Blog (0)

Re: App 17!

Post by conscience on Mon Sep 24, 2018 12:02 am
([msg=96310]see Re: App 17![/msg])

Well, I finally decided to take a look at this one.
Quick question for those who love annoying questions from my lazy-ass self: Is this fella completable using (only) gdb?

Erm, already got my answer, thanks :)
Let him who hath understanding reckon the number of the beast, for it is a human number: His number is 0x029A.
Posts: 313
Joined: Thu Jan 08, 2009 9:05 pm
Blog: View Blog (0)

Re: App 17!

Post by tabacci on Wed Jan 16, 2019 1:22 pm
([msg=97118]see Re: App 17![/msg])

Thank you all for the hints!

After App17 accepted my password but HTS site did not, I followed the adviсe to migrate keygen to php and run on x64 server.

I tested my keygen php on x86 machine and it worked, but on x64 machine php shows
Fatal error: Uncaught ArithmeticError: Bit shift by negative number.

I guess the problem is in "<<" operator that I used.
If my guess is true what would you use instead of "<<" in keygen code?
New User
New User
Posts: 1
Joined: Sun May 11, 2014 8:42 am
Blog: View Blog (0)

Re: App 17!

Post by hacksys1338 on Fri Nov 20, 2020 10:53 am
([msg=108202]see Re: App 17![/msg])

Is this broken? Ive downloaded the windows version of the application 17 and ran it, Prompts for Username and I enter it, it spits out my password which is usable on the site but no congratulations message.

New User
New User
Posts: 1
Joined: Tue Sep 22, 2020 9:34 am
Blog: View Blog (0)


Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests