Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
I sent you a PM, just to make sure not to spoil anything for the others . I completed reversing as well after a day, even though I spent most time trudging through what turned out to be the initialization of the runtime... Will write my program tomorrow.
is this really packed or a bogus? never played with encryptpe tho. if it was packed, why there is console API in the beginning and can see strings clearly?
evaluator: I'm having fun with this, yes. I didn't expect the type of challenge that the program contains. It even contains some of its own antidebug this time, although most of the protection is again in the (third party) packer.
dion: let's just say that as with most packers/protectors, EncryptPE can be used to selectively protect certain functions. You will know it when you see it.
That is anti-Olly. Those huge format strings exploit a bug in Ollydbg to make it crash, it's a very common trick. Correspondingly there are also many options available for fixing it.
I'm pretty stumped on this one as well. If the message is not inside the program as the challenge description states, then where is it? They can't really make assumptions about specific other files with specific contents existing on the drive... Even ntdlr probably changes between Windows versions
Reversing the hashes is pretty hopeless as well, considering the length of the input data (255 bytes most times)...
from what said, it is closer to you than it seems, i took liberty to point 'it' to the panda file itself. dunno, it runs 2 times, watched in filemon, and nothing more... maybe overflowed inside
dion wrote:from what said, it is closer to you than it seems, i took liberty to point 'it' to the panda file itself. dunno, it runs 2 times, watched in filemon, and nothing more... maybe overflowed inside
saw alots of fork() there. my wild guess could be overflowed. well. i got no idea how it works.