Application 3 **BROKEN**

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: Application 3 **BROKEN**

Post by Sorete on Wed Oct 11, 2017 4:06 pm
([msg=94774]see Re: Application 3 **BROKEN**[/msg])

I'm trying to do this using only x32dbg and Hex Editor Neo. This is what I have so far:

- app3win.exe seems to be made in Real Basic, which I never heard of. Strings don't end with a 0 like C strings, they start with a byte that serves as a character count, so they are limited to 256 chars.

- It has 9 sections: .text, .rdata, ... etc. The last one, .reloc, ends at file offset 0x1537FF. When the process is created, everything after this address is not loaded into memory. That's why we don't find the strings in memory, they start at 0x165190. They are loaded on demand when needed. I don't know how yet, that seems to happen somewhere in the button callback function.

This is fun. :)
User avatar
Sorete
New User
New User
 
Posts: 1
Joined: Wed Oct 11, 2017 3:09 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by Andersffs on Mon Feb 26, 2018 2:59 pm
([msg=95311]see Re: Application 3 **BROKEN**[/msg])

To anyone coming here in 2018, while there has been added more layers to stuff since the creation of this challenge, there's multiple ways to solve this pretty easy. I guess that you can solve this in the same way it was intended from the beginning. That's all I can say without spoiling it.

Happy hacking!
Andersffs
New User
New User
 
Posts: 2
Joined: Mon Feb 26, 2018 2:55 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by Zer0s on Wed Mar 28, 2018 5:19 pm
([msg=95434]see Re: Application 3 **BROKEN**[/msg])

Well the application still contains the same small bug. However, focus on your goal, even with the annoying bug, there's a way to solve this one!
Zer0s
New User
New User
 
Posts: 1
Joined: Wed Mar 28, 2018 5:14 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by ghostrider11 on Sat May 12, 2018 1:30 pm
([msg=95682]see Re: Application 3 **BROKEN**[/msg])

The program stops at Reading packages...
I tried it redownloading but still nothing changed please if someone here can fix this error...
ghostrider11
New User
New User
 
Posts: 1
Joined: Thu May 10, 2018 10:47 am
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by conscience on Sun May 13, 2018 9:30 am
([msg=95685]see Re: Application 3 **BROKEN**[/msg])

ghostrider11 wrote:The program stops at Reading packages...
I tried it redownloading but still nothing changed please if someone here can fix this error...


You don't need it fixed to solve the challenge. You can fix it on your own pretty easily.

conscience wrote:Okay, so the application is broken. However, it is easy to fix, thanks mainly to occamsrzr who pointed out that tiny bit of editing that fixes up the null-character problem.
@nexo: It does so indeed. Give it a round of wireshark to see it yourself.
(It is however not about the length of the string, but a wrong starting offset)

The other bug is the Host HTTP header value sent being incorrect. Since you have plenty of space where you need to edit... Make a guess! You only have to add a few characters ;)

Now that you have verified your app is responding as it should, you can, at your pleasure, set up your whatever to make the application receive the answer it expects.

I hope I didn't spoil anything; my goal was only to help others fix the bugs so they can complete the challenge without any impediments.


Whether it's intended as part of the challenge or not, please just take it as if it was, and work your way through the problem. Since the challenge is very solvable in its current condition, I highly doubt anyone would make any changes.
On the other hand, it takes around 10 minutes at most to beat this one in its current form, so it doesn't make much sense to ask and wait for the binary to be repaired.
Let him who hath understanding reckon the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 293
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by Sh4d0vv on Sun Sep 23, 2018 1:33 pm
([msg=96308]see Re: Application 3 **BROKEN**[/msg])

Hey i'm kinda new here so, in application 3 when i write something on the box and press authenticate it doesn't show anything i mean, of course I'm not talking about the serial number what I'm saying is that something is wrong with the application cause i press Authenticate, and where it says status, it stuck on "Reading data", already downloaded a new one like 5 times, so the problem isn't my pc, however it says that i must be connected to the internet, and i am so could be something wrong with the internet i'm using ?
I really like these challenges and i had to forget this application and go to the application 4, i really want solve this so if anyone could help, i am all listening and i would appreciate it very much.
Sh4d0vv
New User
New User
 
Posts: 1
Joined: Sun Sep 23, 2018 1:19 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by conscience on Sun Sep 23, 2018 11:05 pm
([msg=96309]see Re: Application 3 **BROKEN**[/msg])

I quickly checked for you and I don't get such a message myself.
Didn't complete it this time, 'cause I'm lazy AF, but I'm 99% sure it works just like it did a couple of years ago.

But hey, it says it wants to connect to something, so it'd be wise to figure out what it wants to connect to and satisfy it by probably one of the following means:
  • Find out why it can't connect and fix the problem (e.g. firewall blocking; did Windows ask?)
  • Try to devise a workaround for 'unresolvable' impediments (e.g. application bug or the target server doesn't exist)

If you haven't done so yet, crunch and munch your way through this whole topic, because everything you need to solve this challenge is likely right here. Also, I'd like to point you (and everyone else) once again to the excellent advice from occamsrzr as it helps a lot with a particular problem to be worked around.

PS.: I don't really know whether you are completely new to security or just this site. App missions, even though they're generally quite basic, can get a bit hairy sometimes.
Let him who hath understanding reckon the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 293
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Previous

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests

cron