Press "Enter" to skip to content

[HKUSpaceCTF] Official Reverse Write-up

Hello - 100

You can easily find that there has variable call flag

Go to hex view


Hidden password - 100

After type whatever password you like, you can use cheat engine to search the process

Answer is? - 100

Same with previous question


Shield - 150


HelloRevenge - 200

Just a simple memory search skills.

Input Please give me the flag , and search 1 in cheat engine.

keep increase the solved times, and search the value in cheat engine.

Finally, we got HelloRevenge.vmp.exe+1F2E0 save the solved times. We can change the value to 13333337, and input Please give me the flag one more times, and you will get the flag.


Unbreakable shell - 225

We can see that the program are protected by UPX.

But it is such a weak protection. You can download the tools to unpack :!OAx0wL7K!gLPZh7pkMv7d8as5serOmg!XdphxZiS

After unpack, you can see the real entry point is in 0x00401280, so, we can set a break point in that address, and run the program. After that, we can unpack the shell.

And you are able to search strings now.

After have some analysis, i think that 0x40138e is the main comparison point.

So, i decide to try patch jnz to jz. And set a break point here to see the effect.


Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *