Results 1 to 5 of 5

Thread: t205 challenge

  1. #1
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17

    t205 challenge

    Ok, this is the thread for T2_05 challenge, the challenge is over so we can freely talk about it.

    There are some nice cool tricks inside and the solution is not the classical hardcoded serial, this time you'll have to use your brain.
    Good luck!!!
    Attached Files Attached Files

  2. #2
    Registered User upb's Avatar
    Join Date
    May 2003
    Posts
    50
    Blog Entries
    4

    spoiler

    my solution.
    I'm not 100% sure its for t205 but it looks like that
    Attached Files Attached Files

  3. #3
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Well done upb!

    "On kolmenlaisia ihmisiä, niitä jotka ovat matemaattisesti lahjakkaita ja niitä, jotka eivät ole."
    Yes, it should be the right message but I still have some doubts about it mainly because the message is a simple phrase, nothing special. The english translation is: "There are three kinds of people, those who are mathematically gifted, and those who are not." I was expecting something else... maybe I'm not mathematically gifted :-D

    I have looked at the picture inside your archive but it's not the good one; I mean, when you open the picture it doesn't show the mail address, did you change it? Maybe you submit the original file and not the modified version. To let it show the address you have to change the image a little.

    The third layer (the dynamically loaded process) is PEX by Bart i believe,
    I don't like unpacking really (and I'm far from being an expert) but in my notes I read it's a modified version of it. So, I agree with you upb; for the others, you can trust me or you can directly take a look at Pex source code which is available online ;-)

    i wrote a small program to attach to the child process and dump out its memory because ollydbg refused to attach to it.
    I used softice with Iceext 'protect on' feature so I didn't have any problem stepping trhought the code, I didn't investigate too much in it but I believe there's atleast an anti-debugging method implemented in the challenge.

    The main problem of the challenge is -imho- to find an easy way to trace the files involved in the challenge. Some times ago, talking with Kayaker about a possible "mini project" with t205, he suggested some task for newbies (and not :-p):

    1. Identify the processes and threads used by the challenge, as well as noting their starting addresses.
    What tools or techniques can be used to accomplish this important first step?

    2. Determine the general course of program flow by identifying the API's involved, and their purpose, at crucial points in the challenge. What suitable API breakpoints can be used to "break into" real program code and avoid having to trace extensive amounts of SMC or packer code?

    3. What "anti-analysis" tricks are being used? Antitrace, antidump, SEH? How do you bypass or trace through them?
    Are packers used here and does dumping serve any purpose?

    4. Can portions of the challenge be extracted as isolated elements suitable for analysis in IDA?
    Could any IDA scripts be used to decrypt certain portions of the code to "expose" the hidden message and/or email address?

    For the moment 4 questions are enough, we can add something else later.

    If you have some problems with this challenge I suggest you to give it a try answering to the 4 questions above, I'm pretty sure you'll learn something new. So... good luck!

  4. #4
    Registered User upb's Avatar
    Join Date
    May 2003
    Posts
    50
    Blog Entries
    4
    yep i speak finnish myself too (a bit)
    the image opens with mspaint but not with win image viewer.
    btw the author confirmed it was correct solution, i was a little baffled myself too that it was so easy.
    sry for not writing a deeper analysis :P
    Last edited by upb; September 1st, 2006 at 08:13.

  5. #5
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    the image opens with mspaint but not with win image viewer.
    On my home system I can't see the image with both mspaint and win image viewer, only now I realize I can see the image using tools like photoshop or photoimpact... that's why I modified the image file. A useless task just for viewing it under win image viewer, shame on me :-p

Similar Threads

  1. Girls just want to have fun RE challenge
    By Kayaker in forum Mini Project Area
    Replies: 5
    Last Post: April 17th, 2013, 15:53
  2. A little challenge (maybe?)
    By hobgoblin in forum Mini Project Area
    Replies: 2
    Last Post: December 24th, 2002, 16:16
  3. A challenge ?
    By Woodmann in forum RCE Cryptographics
    Replies: 10
    Last Post: November 11th, 2001, 13:55
  4. Crackme challenge
    By crackme in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: February 21st, 2001, 14:45

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •