App18

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: App18

Post by LoGiCaL__ on Mon Sep 17, 2012 7:32 pm
([msg=69430]see Re: App18[/msg])

Just so you know app 18 has had bugs. It is known about, you can check here: https://www.hackthissite.org/pages/bugManagement/index.php?strAction=View&intBugID=3860 I'll bring it up to one the admins and see if anything can be done. I'll contact you and let you know what's going on.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1060
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: App18

Post by atom0s on Tue Sep 18, 2012 7:31 am
([msg=69440]see Re: App18[/msg])

Thanks Logical. :) Submitted the report.
http://www.hackthissite.org/pages/bugMa ... BugID=3943
User avatar
atom0s
New User
New User
 
Posts: 3
Joined: Mon Sep 17, 2012 6:34 am
Blog: View Blog (0)


Re: App18

Post by NightQuest on Tue Sep 18, 2012 10:46 am
([msg=69443]see Re: App18[/msg])

For reference, I just sent this to someone via PM:
Sadly, the website portion of the challenge was written by someone else.
The application, as you know, generates a license internally and then checks it against your input piece by piece; the website however generates the entire file, and does a md5 compare on both the submitted answer, and the generated one.
In addition to this, the 'algorithm' I use in the app is very flawed in the fact that it relies on number rollover (a number greater than the max of an unsigned int will roll over to 0). PHP does not however, have limits on data types, and this causes several issues in addition to the aforementioned.
Sadly, until the algorithm for these apps are rewritten with PHP in mind (or the server-side uses a language with number rollover like a CGI script), these problems will not be resolved.

If those are not your issues, make sure you have the proper amount of NULLs and such, as the app has a tenancy to accept them even without the right amount.

Sorry to be the bearer of bad news. :/
Image
User avatar
NightQuest
Developer
Developer
 
Posts: 46
Joined: Sun Feb 22, 2009 6:03 am
Blog: View Blog (0)


Re: App18

Post by atom0s on Tue Sep 18, 2012 12:01 pm
([msg=69445]see Re: App18[/msg])

If those are not your issues, make sure you have the proper amount of NULLs and such, as the app has a tenancy to accept them even without the right amount.


Ah great to know. Just fixed my license with this bit of info and got it to work on the site as well. :)
User avatar
atom0s
New User
New User
 
Posts: 3
Joined: Mon Sep 17, 2012 6:34 am
Blog: View Blog (0)


Re: App18

Post by NightQuest on Tue Sep 18, 2012 12:10 pm
([msg=69446]see Re: App18[/msg])

atom0s wrote:Ah great to know. Just fixed my license with this bit of info and got it to work on the site as well. :)

Glad to hear, and grats. :)
I should probably make the app more strict I guess, since the site is pretty strict and I can't exactly easily change that. xP
Image
User avatar
NightQuest
Developer
Developer
 
Posts: 46
Joined: Sun Feb 22, 2009 6:03 am
Blog: View Blog (0)


Re: App18

Post by DrakierD on Tue Sep 18, 2012 6:57 pm
([msg=69457]see Re: App18[/msg])

NightQuest wrote:I should probably make the app more strict I guess, since the site is pretty strict and I can't exactly easily change that. xP


I vote to re-make the app to as closely as possible match the validation requirements through the PHP. I know this has been a sticking point for a lot of people. Sometimes it works, and other times it doesn't. It's pretty frustrating being on the "not working" side.

So I'd say take whatever the PHP side does, and replicate it in the app as closely as possible (then test the heck out of it). Hopefully you can get it working. Let me know if you need any helps with it. *grins*
DrakierD
Experienced User
Experienced User
 
Posts: 51
Joined: Tue Apr 07, 2009 2:14 pm
Blog: View Blog (0)


Re: App18

Post by titty on Wed Jan 23, 2013 9:34 pm
([msg=72581]see Re: App18[/msg])

Yep, running into the same problem. App eats up my .lic file fine, but when I go to upload it on the site, it fails. Tried a number of the solutions mentioned to no avail. Bug reported! I'll keep tryin.

edit: I also made a keygen in php, which works for the app, but not for the site. So, if any mods are interested I can upload that too.
titty
New User
New User
 
Posts: 2
Joined: Wed Jan 23, 2013 9:32 pm
Blog: View Blog (0)


Re: App18

Post by fashizzlepop on Thu Jan 24, 2013 11:54 am
([msg=72596]see Re: App18[/msg])

Jump on IRC and light up NightQuest. He can help you get the points if you have the right answer but the site won't acknowledge it.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)


Re: App18

Post by loxaXcracker on Wed Apr 24, 2013 9:25 am
([msg=75308]see Re: App18[/msg])

I ran into the same problem as everyone else. The app accepts the lic file just fine but the site won't accept it. I'm positive that I have the correct number of nulls and I've tried different combinations but to no avail. Can some mod please level me up manually if I send him the file?
loxaXcracker
New User
New User
 
Posts: 1
Joined: Tue Apr 22, 2008 3:57 pm
Blog: View Blog (0)


Re: App18

Post by sharpskater69 on Wed May 08, 2013 8:51 pm
([msg=75507]see Re: App18[/msg])

I'd like to echo that last post. Several weeks ago I sent NightQuest a PM, and no response so far. Things happen, I understand. If anyone else with the ability could check my file, I'll upload it and send a link.

All the important checks pass and the text pad loads. It seems like the nulls are correct as well.
sharpskater69
New User
New User
 
Posts: 34
Joined: Tue Apr 22, 2008 4:10 pm
Blog: View Blog (0)


PreviousNext

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests

cron