Application 3 **BROKEN**

Learn to reverse engineer through some common application security methods.
Forum rules
DO NOT POST ANSWERS OR SPOILERS! [IE: Mission Links, Mission File Names/Pages, Scripts/Code, etc.]

Posting these will result in warnings/bans!

Re: Application 3

Post by l0l3z on Fri Mar 15, 2013 2:27 pm
([msg=74547]see Re: Application 3[/msg])

I used the file hosts in c:/windows/system 32/drivers/etc and wamp hehe
l0l3z
New User
New User
 
Posts: 1
Joined: Thu Feb 16, 2012 4:29 pm
Blog: View Blog (0)


Re: Application 3

Post by caramel91 on Sat Apr 20, 2013 4:37 am
([msg=75246]see Re: Application 3[/msg])

I've no idea why the program keep stuck at Status : Reading data...
caramel91
New User
New User
 
Posts: 1
Joined: Fri Oct 26, 2012 12:12 pm
Blog: View Blog (0)


Re: Application 3

Post by impulse_x on Sat May 18, 2013 9:27 am
([msg=75656]see Re: Application 3[/msg])

Hi,

Running this app, I enter some bogus serial # and click authenticate.
It's stuck at "Status: Reading data...".

Looking at wireshark, I see that I get a "Bad request" response.

Am I missing something?

Ix
impulse_x
New User
New User
 
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)


Re: Application 3

Post by limdis on Sat May 18, 2013 11:11 am
([msg=75661]see Re: Application 3[/msg])

The mission is still broken. Sorry for inconvenience.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1346
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Application 3

Post by liantinis on Sun May 19, 2013 11:29 pm
([msg=75699]see Re: Application 3[/msg])

limdis wrote:The mission is still broken. Sorry for inconvenience.

To paraphrase extbasic mission 13 : "It does validate. It really does".
Just finished it (without program hanging @ Status : Reading data...).
Your friends (and mine) are a hex-editor (no disassembler for this one), wireshark and some creative* thinking.

Good hunting

* when I say that the program doesn't hang I mean there's a way to prevent this. The fact that the program-site communication context is indeed broken, shouldn't discourage you. Think of it this way: Suppose you wanted to run this app badly, but the company site was either down or (as in our case) malfunctioning. What would you do then?

--edit--
one last thing: you can finish this mission without messing with the hosts file or setting up a server, although these are good ideas in general...
Last edited by liantinis on Sun May 19, 2013 11:51 pm, edited 1 time in total.
liantinis
New User
New User
 
Posts: 4
Joined: Thu May 16, 2013 2:39 am
Blog: View Blog (0)


Re: Application 3

Post by limdis on Sun May 19, 2013 11:46 pm
([msg=75700]see Re: Application 3[/msg])

liantinis wrote:To paraphrase extbasic mission 13 : "It does validate. It really does".
Just finished it (without program hanging @ Status : Reading data...).
Your friends (and mine) are a hex-editor (no disassembler for this one), wireshark and some creative* thinking.

Good hunting

* when I say that the program doesn't hang I mean there's a way to prevent this. The fact that the program-site communication context is indeed broken, shouldn't discourage you. Think of it this way: Suppose you wanted to run this app badly, but the company site was either down or (as in our case) malfunctioning. What would you do then?

+1
This ^
Going to play with this now just to pull off what you just did. Outstanding :geek:
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1346
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Application 3

Post by impulse_x on Tue May 21, 2013 9:25 am
([msg=75726]see Re: Application 3[/msg])

liantinis wrote:
limdis wrote:The mission is still broken. Sorry for inconvenience.

To paraphrase extbasic mission 13 : "It does validate. It really does".
Just finished it (without program hanging @ Status : Reading data...).
Your friends (and mine) are a hex-editor (no disassembler for this one), wireshark and some creative* thinking.

Good hunting

* when I say that the program doesn't hang I mean there's a way to prevent this. The fact that the program-site communication context is indeed broken, shouldn't discourage you. Think of it this way: Suppose you wanted to run this app badly, but the company site was either down or (as in our case) malfunctioning. What would you do then?


Bitch and whine in the company forum? :) This 'excercise' kinda proves a point that online-drm *really* sucks.
If the company's DRM site is down, you're screwed.

Seriously though, I'm thinking either
a) hex edit the app such that it skips the serial checking. (Not exactly an easy task)
b) hex edit the app such that it accepts whatever I enter.

But since you mentioned that a disassembler isn't needed, then I'm a little stumped.

Ix
impulse_x
New User
New User
 
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)


Re: Application 3

Post by liantinis on Tue May 21, 2013 11:21 pm
([msg=75734]see Re: Application 3[/msg])

@ impulse_x::

It's way easier than you may think at first.
From your previous post I see that you've already done the wireshark thing.
You just need to focus on that and rethink your b) branch:
b) hex edit the app such that it accepts whatever I enter.


To put it differently: Think that the communication with the site is OK. If you know what to do in this case, then it's not
difficult to figure out what to do in our case.

PS:: Suppose that the forum/mail system/wiki/whatever of the 'company' is also down. What would you do then? ;)
liantinis
New User
New User
 
Posts: 4
Joined: Thu May 16, 2013 2:39 am
Blog: View Blog (0)


Re: Application 3

Post by impulse_x on Wed May 22, 2013 8:47 pm
([msg=75744]see Re: Application 3[/msg])

liantinis wrote:@ impulse_x::

It's way easier than you may think at first.
From your previous post I see that you've already done the wireshark thing.
You just need to focus on that and rethink your b) branch:
b) hex edit the app such that it accepts whatever I enter.


To put it differently: Think that the communication with the site is OK. If you know what to do in this case, then it's not
difficult to figure out what to do in our case.

PS:: Suppose that the forum/mail system/wiki/whatever of the 'company' is also down. What would you do then? ;)


Well, I looked at the url that it was sending to hackthissite.org, and tried it on the browser. It came out 'false', so
I'm guessing that I hexedit it to think that whatever returns is ok. (I'm currently thinking dissassembly here.. back
in the hey-days of DOS hex editing, it was easy; but with Windows, I'm lost. )

Thanks for the info.. My mind's currently blank right now. Gonna have to view the file in a hex editor again and
stare at it long enough. ;)

Ix

-- Thu May 23, 2013 3:39 pm --

Haven't really gotten anywhere yet.

Basically I opened the exe in a hex editor and searched through the file for "Status...." or even "Welcome...".
I find these string instances. (No, it doesn't help me.) I then see "true" and "false" around there.

Then (bear with me) I opened the EXE in ollydb. I can not, for the life of me, find any of the string
instances. :( I was taking the 'long and hard' way via reverse engineering this app3win. I suppose
that's not the way of doing this exercise, but I thought I'd give it a try. Nope. Totally didn't come
up with anything. (If someone out there is familiar with ollydb, can you tell me why when I
hexedit the EXE file, I see the strings; but when I look at it through ollydb, I don't even when
I searched the whole thing.) I'm guessing I'm doing something wrong.

So, back to the drawing board and b).

PS: Is there a reverse engineering forum or is this a no-no on this site?
impulse_x
New User
New User
 
Posts: 19
Joined: Fri May 10, 2013 4:57 am
Blog: View Blog (0)


Re: Application 3

Post by limdis on Thu May 23, 2013 12:45 pm
([msg=75750]see Re: Application 3[/msg])

Right so, few days back I said I was going to try this. There are a couple of 'easy' ways but it REALLY got me thinking and now I've been trying to pull it off with some tcp injection, without being mitm. I've been banging my head a little bit trying to get it to work. liantinis + 1 again.

impulse_x wrote:PS: Is there a reverse engineering forum or is this a no-no on this site?

REing is ok, as long as it's not blatantly illegal what are tempting to do.


As for this thread. Until the challenge is fixed we're going to go soft on spoilers since a few of us are trying to rehack the simulation.
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1346
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


PreviousNext

Return to Application

Who is online

Users browsing this forum: No registered users and 0 guests