Application 3 **BROKEN**

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: Application 3 **BROKEN**

Post by Sorete on Wed Oct 11, 2017 4:06 pm
([msg=94774]see Re: Application 3 **BROKEN**[/msg])

I'm trying to do this using only x32dbg and Hex Editor Neo. This is what I have so far:

- app3win.exe seems to be made in Real Basic, which I never heard of. Strings don't end with a 0 like C strings, they start with a byte that serves as a character count, so they are limited to 256 chars.

- It has 9 sections: .text, .rdata, ... etc. The last one, .reloc, ends at file offset 0x1537FF. When the process is created, everything after this address is not loaded into memory. That's why we don't find the strings in memory, they start at 0x165190. They are loaded on demand when needed. I don't know how yet, that seems to happen somewhere in the button callback function.

This is fun. :)
User avatar
Sorete
New User
New User
 
Posts: 1
Joined: Wed Oct 11, 2017 3:09 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by Andersffs on Mon Feb 26, 2018 2:59 pm
([msg=95311]see Re: Application 3 **BROKEN**[/msg])

To anyone coming here in 2018, while there has been added more layers to stuff since the creation of this challenge, there's multiple ways to solve this pretty easy. I guess that you can solve this in the same way it was intended from the beginning. That's all I can say without spoiling it.

Happy hacking!
Andersffs
New User
New User
 
Posts: 2
Joined: Mon Feb 26, 2018 2:55 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by Zer0s on Wed Mar 28, 2018 5:19 pm
([msg=95434]see Re: Application 3 **BROKEN**[/msg])

Well the application still contains the same small bug. However, focus on your goal, even with the annoying bug, there's a way to solve this one!
Zer0s
New User
New User
 
Posts: 1
Joined: Wed Mar 28, 2018 5:14 pm
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by ghostrider11 on Sat May 12, 2018 1:30 pm
([msg=95682]see Re: Application 3 **BROKEN**[/msg])

The program stops at Reading packages...
I tried it redownloading but still nothing changed please if someone here can fix this error...
ghostrider11
New User
New User
 
Posts: 1
Joined: Thu May 10, 2018 10:47 am
Blog: View Blog (0)


Re: Application 3 **BROKEN**

Post by conscience on Sun May 13, 2018 9:30 am
([msg=95685]see Re: Application 3 **BROKEN**[/msg])

ghostrider11 wrote:The program stops at Reading packages...
I tried it redownloading but still nothing changed please if someone here can fix this error...


You don't need it fixed to solve the challenge. You can fix it on your own pretty easily.

conscience wrote:Okay, so the application is broken. However, it is easy to fix, thanks mainly to occamsrzr who pointed out that tiny bit of editing that fixes up the null-character problem.
@nexo: It does so indeed. Give it a round of wireshark to see it yourself.
(It is however not about the length of the string, but a wrong starting offset)

The other bug is the Host HTTP header value sent being incorrect. Since you have plenty of space where you need to edit... Make a guess! You only have to add a few characters ;)

Now that you have verified your app is responding as it should, you can, at your pleasure, set up your whatever to make the application receive the answer it expects.

I hope I didn't spoil anything; my goal was only to help others fix the bugs so they can complete the challenge without any impediments.


Whether it's intended as part of the challenge or not, please just take it as if it was, and work your way through the problem. Since the challenge is very solvable in its current condition, I highly doubt anyone would make any changes.
On the other hand, it takes around 10 minutes at most to beat this one in its current form, so it doesn't make much sense to ask and wait for the binary to be repaired.
Let him who has understanding recount the number of the beast, for it is a human number: His number is 0x029A.
conscience
Poster
Poster
 
Posts: 286
Joined: Thu Jan 08, 2009 9:05 pm
Location: 127.0.0.1
Blog: View Blog (0)


Previous

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests