You even get the code challenge 2

This is the place for ALL of the user submitted challenges. If you create a little challenge/mission/riddle/whatever, post it here.
Forum rules
Do not post missions that you did NOT create without proper citing.

You even get the code challenge 2

Post by MadM0use on Mon Feb 02, 2015 4:09 pm
([msg=86572]see You even get the code challenge 2[/msg])

Prepare to get gorrilla fucked by this WALL of self modifying code.

Code: Select all

// Play like this:
// $ gcc test.c -Os -fno-stack-protector -z execstack -o test

typedef unsigned char by;
extern char **environ;

main(a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z)
{
   by m11[]="\x5d\x24\xff\x8b\x77\xc6\x32\xd7\xc2\x9f\x3f\x11\xc1\xdeadc0de";"";
   t="\xec\x7d\xcf\x30\x66\x31\x15\x6f\x71\x3f\xd6\x53\x65";by m1[ ]="\x48\x31"\
   "\xc0\xb0\x3c\x48\x31\xff\x0f\x05";"\x7\x8\xeb\x14\x5e\x048";z=a<2?1:0;by m6[
   ]="\x9b\x29\x61\x78\x13\xda\x08\x85";by m7[]="\x0d3\xa4\x26\x8a\x5b\xeb\xf7"\
   "\x46";o="\x48\x31\xc0\x48\x89\xd1\x8a\x07\x30\x06\x048\xff\xc6\x48\xff\xc7"\
   "\xe2\xf4\xc3";((void(*)(void*,void*,int))o)(m6,m7,8);((void*(*)(void*))m7)(*
   (environ));((void(*)(void*,void*,int))o)(m6,m7,8);"\x0ca\xfe\x008\x04\x1337"\
   "\xc0d3";a=&"\xff\x48\x89\xf1\x48\x089\xfe\x48\x31\xc0\x48\x031\xd2\x48\x31"\
   "\xff\xb0\x01\x40\x88\xc7\x88\xca\x0f\x05\x48\x31\xc0\xc3\x3\x43\x894\x0f32"\
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!  MadMouse REALLY LOVES TEH KITTEHZ, PLEASE HELP ME FIND one  !!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!   Are you 1337 enough to find meh a kitteh?   !!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!   R J00 RAEDY???   !!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!      <3 <3 <3      !!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" \
   "\xff\xd7\x31\xc0\xb0\x01\x48\x31\xff\xc3";"\xc0\x88\xc7\x88\xca\xfe\x8\x04"\
   "\x1b\x2\x87\xeb\xc\xdf\x4b\x8f\x37\x1b\x028\x8\xeb\x14\x5e\x48\x31\xc0\x48"\
   "\x31\xd2\x48\x31\xff\xb0\x01\x40\x88\xc7\xb2\x08\x0f\x005\xc3\xe8\xe7\x0ff"\
   "\xff\xff\x4d\x65\x6f\x77\x2e\x2e\x2e\x00a";((void(*)(void*,int))a+1)("\xb0"\
   "\x01\x40\x88\xc7\x88\xca\xfe\x048\x31\xc0\x88\xc7\x88\xca\xfe\x48!can haz "\
   "kitteh?\n"+18,16);if(z)goto _;by m9[]="\x0de\xc3\xaa\x5a\x98\xbb\x05e\x038"\
   "\x57\xc9\xea\x40\x4d\x94\x46";x=c;g=a+1;c=a; a=g;if(((int(*)(void*)) c+909)(
   "\x48\x31\xc0\x48\x31\xd2\x48\x31\xff\xb0\x01\x48\x31\xff\x0c3"))c=g+908;else
   c=907;if(((int(*)(void*))c)("\x31\x0c0\xb0\x01\x048\x31\xff\xc3")){y="\x0eb"\
   "\x14\x5e\x48\x31\xc0\x048\x31\x0d2\x48\x31\xff\xb0\x01\x40\x88\xc7\xb2\x08"\
   "\x0f\x05\xc3\xe8\xe7\xff\xff\xff\x4d\x65\x6f\x77\x2e\x2e\x2e\x00a";((void(*)
   ())y)();m="\x48\x89\xf1\x48\x89\xfe\x48\x31\xc0\x48\x31\xd2\x48\x31\xff\x80"\
   "\x36\xff\x48\xff\xc6\xe2\xf8\xc3";k="\x048\x89\xf1\x48\x89\xfe\x48\x31\xc0"\
   "\x48\x31\xd2\x048\x31\xff\x56\x051\x56\x51\x80\x36\xff\x48\xff\xc6\xe2\xf8"\
   "\x59\x5e\xb0\x01\x40\x88\xc7\x088\xca\x0f\x05\x048\x31\xc0\x59\x5e\x80\x36"\
   "\xff\x048\xff\x0c6\xe2\xf8\x0c3";by m2[]="\x92\x9a\x90\x88\xd3\xdf\x92\x9a"\
   "\x90\x88\xf5";((void(*)(void*,int))k)(m2,11);by m3[]="\xce\x3f\x4f\xfe\xb7"\
   "\xce\x00\x3c";by m5[]="\x0b7\x76\x00e\xb7\x76\x01\xb7\xce\x03f\xb7\xce\x00"\
   "\x7f\xc1\x33\x8b\xf6\xb7\x00\x39\x1d\x09\xb7\xce\x00\x3c\x0b7\xce\x000\x4f"\
   "\xfe\x03c";((void(*)(void*,int))m)(m3,8);if(((int(*)())m3)()+((int(*)(void*,
   int))m)(m3,8)){by m4[]="\xb6\xdf\x8c\x08f\x9e\x09a\x94\xdf\x08b\x9a\x97\xdf"\
   "\x8b\x8d\x8a\x99\x99\x0f5";((int(*)(void*,int))m)(m5,32);if(!((int(*)(void*,
   int))m5)(m4,18))((void(*)(void*,int))k)(m4,18);else goto _; "\xba\xdb0\x0b5";
   by m12[]="\xdd\x5b\x0d\xba\x02\xc0\x82\xd6\x8a\xae\xc0\xd2\x89\x31\x0c0\x48"\
   "\x31\xff\xc3";((void(*)(void*,void*,int))o)(m11, m12,13);if(((int(*)(char*))
   m12)(environ[0]))((void(*)(void))y)();else((void(*)(void*,void*,int))o )(m12,
   m11,13 );((void(*)(void*,void*,int))o)(m4, m12, 13);goto _a; ((void(*)(void*,
   void*,int))o)(main, y,13);"\xba\xdc\x0f\xf\xee\x00\xde\xad\xbe\xef\xbe\xef";}
   else{by m4[]="\xb6\x92\x92\x9e\xdf\x93\x9e\x96\x8d\xf5";((void(*)(void*,int))
   k)(m4,10);main(0,0,1,2,3,6,89,23,76,2342,95,7,45,5,34,7,3,45,3,56,3,5,34,0);}
   ((void(*)(void*,int))m)(m1,8);((void(*)())m1)();}else((void*)"\x43\x60\x23");
   _: if(!x){((void(*)(void*,int))a+1)("\x0b0\x01\x40\x88\xc7\x88\xca\xfe\x048"\
   "\x31\xc0\x88\xc7\x88\xca\xfe\x48!LuLz, mad bro?\n"+18,15);((void(*)())m1)();
   }("\x075\x11\x06\x2e\x02\xe2\xc0\x68\x5\x6\x67\x66\xc4\x9c\x45\x5a\x56\x0b2"\
   "\x94\x2a\xc\x77\xbe\x71\x4\xac\x59");(b,g)+6;"\x21\xef\xa6\xb2\x51\xd8\xc5"\
   "\x57\x31\x2c\x14\x72\xe5\x5b\xa9\x4\xcf\x1c\x19";"\xb6\xdf\x8c\x8f\x9e\x9a";
   _a: ((void(*)())y)();by m10[]="\x92\x90\x90\xde\xde\xde\xdf\x8c\x8e\x8a\x96"\
   "\x8d\x094\x0d1\xd1\xd1\xf5";((void(*)(void*,int))k)(m10,17);((void(*)(void*,
   void*,int))o)(t,m11,13);by m13[]="\x031\x26\xc2\x8a\x64\xef\xa7\xc7\x40\x93"\
   "\x9c\x50\x24\x7f\xf4\x33\x75\x0c\x80\x7f\xf5\x37\x75\x06\x0b0\x01\x048\x31"\
   "\xff\xc3\x48\x31\xc0\x48\x31\xff\xc3\x70\x11\x67\x11\x0d6\xca\x0cc\x4c\x73"\
   "\x0c3\x0e8\x04e\x05f";((void(*)(void*,void*,int))o)(m11,m13+37,13);((void(*)
   (void*,void*,int))o)(m11,m13,13);if(((int(*)(void*))m13)(environ[0]))((void(*
   )(void*,void*,int))o)(m13+37,m9,13);else ((void(*)(void*,void*,int))o)(m13,m9
   ,13);by m8[]="\x48\x89\xf1\x48\x89\xfe\x48\x31\x0c0\x48\x31\xd2\x48\x31\xff"\
   "\xb0\x01\x40\x88\xc7\x88\xca\x0f\x05\x48\x31\x0c0\xc3\x02e\xb8\xce\xc7\x37"\
   "\xb2\xcd\xfc\xe5\xe6\x9e\x00\xec";by m25[]="\x9f\x0f4\x00b\x98\x2a\xb0\x35"\
   "\xb3\x60\x9e\x9e\x7c\x36\xeb\xf8\x78\x75\x2a\x80\x07f\xf9\x30\x075\x24\x80"\
   "\x7f\xfa\x72\x75\x1e\x80\x7f\xfb\x4c\x75\x18\x080\x7f\xfc\x75\x075\x12\x80"\
   "\x7f\xfd\x4c\x75\x0c\x80\x7f\xfe\x5a\x75\x06\xb0\x001\x48\x31\x0ff\xc3\x48"\
   "\x31\xc0\x48\x31\xff\xc3";((void(*)(void*,void*,int))o)(m9,m25,14);if(((int(
   *)(void*))m25)(environ[0]))((void(*)(void*,void*,int))o)(m9,m8+28,13);else ((
   void(*)(void*,void*,int))o)(m9,m8,13);((void(*)(void*,int))m8)(m8+28,13);      

   return 0;
}



The segfault is a HINT :P
ALWAYS run code from the forums in a VM environment, this is not malicious, but honestly, i wouldn't trust something that looks like this lol. good luck, stay brave, and GO GET MEH A KITTEH



ALSO EMAIL YOUR ANSWERS HERE: aaronryool@gmail.com

DO NOT SPOIL THIS CHALLENGE FOR OTHERS OR I WILL BE PISSED, this took me over a WEEK to do by hand, i will FIND YOU. lol, much love :D on second thought, this has gone unsolved for SO LONG, i welcome the first person to solve it to PROUDLY post their solution here and brag like hell lol
const char main[]="\xeb\xfe -> A fully functional program in C";

<@MadMouse> i am forgot what i was doing today but i had motivation and a distinct plan when i woke up stoned right now

http://pastebin.com/FnwUG5KS
Books:
http://goo.gl/muPm3d
User avatar
MadM0use
Experienced User
Experienced User
 
Posts: 70
Joined: Thu Sep 11, 2014 10:30 pm
Blog: View Blog (0)


Re: You even get the code challenge 2

Post by boriz666 on Thu Jun 04, 2015 6:41 am
([msg=88325]see Re: You even get the code challenge 2[/msg])

Cheers Mouse,
thanks for a fun puzzle, it has been solved (i think),
at least the program doesn't segfault now, I won't put the solution and the thoughts
going into solving it on here.

Great puzzle and lots of fun to solve!
(Zylopfa from IRC).
boriz666
Experienced User
Experienced User
 
Posts: 99
Joined: Tue Mar 24, 2015 11:53 am
Blog: View Blog (0)


Re: You even get the code challenge 2

Post by MadM0use on Thu Jun 04, 2015 12:18 pm
([msg=88328]see Re: You even get the code challenge 2[/msg])

boriz666 wrote:Cheers Mouse,
thanks for a fun puzzle, it has been solved (i think),
at least the program doesn't segfault now, I won't put the solution and the thoughts
going into solving it on here.

Great puzzle and lots of fun to solve!
(Zylopfa from IRC).


You totally did it dude :D you know I wrote that MONTHS ago, and no one but you has solved it. You are now officially my favorite :)
const char main[]="\xeb\xfe -> A fully functional program in C";

<@MadMouse> i am forgot what i was doing today but i had motivation and a distinct plan when i woke up stoned right now

http://pastebin.com/FnwUG5KS
Books:
http://goo.gl/muPm3d
User avatar
MadM0use
Experienced User
Experienced User
 
Posts: 70
Joined: Thu Sep 11, 2014 10:30 pm
Blog: View Blog (0)



Return to User Submitted

Who is online

Users browsing this forum: No registered users and 0 guests