So I had 4 random spare Steam keys, I do not know what game they are but they have a value from 1 to 9.99 USD. So I came up with some small challenge where the key is hidden within the code. You must reverse engineer the code to extract the key. Once extracted you will be able to directly activate the key on Steam, you better do so once you found it before someone else catches up.
[B]Challenge 1 (Solved - [/B][URL]https://facepunch.com/showthread.php?t=1584473&p=52855052&viewfull=1#post52855052[/URL][B]):[/B]
[URL="https://share.epic-domain.com/steamkey1.zip"]Download[/URL], [URL="https://hastebin.com/ojudatizak.pl"]Source Code[/URL]
SHA256 hashes from Key:
[code]Unformatted: ABCDEFGHIJKLMOPQ: 02737a32e0838bd2a9b25f1d12ce598e7de13515d97c92857fca911a5ea15503
Formated: ABCDE-FGHIJ-KLOPQ: 49536bd2acb42bf822cc93cf10ae54cefd27aeb4d0ade7c4b1fd9c9342cd4d34[/code]
[B]Challenge 2 (Unsolved)[/B]
Soon
[B]Results[/B]
It would be nice to let us know if you have solved the challenge so I can update the status and prepare the next one.
Happy hunting!
I [I]think[/I] I got it, but I'd like to keep the challenge open for others in case anyone else is interested. I'll give it 24 hours I guess, and if nobody's posted anything by then I'll take it.
[code]SHA256(key) = 508c0caaba15aa0909dae589e95db74c50b7e805b771316fb13ded5177784b5e[/code]
I have some comments, but don't want to spoil anyone.
I'm afraid thats not the key. I'll update the first post with the SHA256 of the key.
Thanks! This was fun.
[img]https://u.x64.re/f/PlumQuarrelsomeMohrg[/img]
edit:
took me 24 minutes from downloading to posting, I have some reverse engineering experience but I wouldn't consider myself good at all
hope that helps you gauge difficulty
Dangit, I typo'd the first part as "WGV[b]N[/b]" instead of "WGV[b]W[/b]", that's why the hash didn't match.
Key was WGVW8-TB3WJ-L6NTD then.
Now for my comments:
As someone who sometimes reverse engineers real-world, compiled, non-obfuscated binaries, but never does these challenges, it took me 10 minutes, give or take. So I found it a little easy. I have a feeling I might have cheesed it though :v: I just stepped through it for a bit and found there was only one consecutive memory range it was consistently writing to, so I just placed watchpoints on that and noted down whenever it wrote something that looked Steam-key-like instead of random unprintable characters. Didn't try to understand the program's logic.
So I'm wondering what, if anything, was the [I]intended[/I] approach?
Was fun though, thank you!
I've got no idea how any of this works, it may as well all be hieroglyphs, but it's super awesome seeing people enjoying doing this.
DrTaxi's way of handling things was also really chill. He didn't wanna cheese through it super quick, gave other people 24h to give it a go, and then asked to see what the intended approach was. Sportsmanship right there.
[QUOTE=DrTaxi;52855100]Dangit, I typo'd the first part as "WGV[b]N[/b]" instead of "WGV[b]W[/b]", that's why the hash didn't match.
Key was WGVW8-TB3WJ-L6NTD then.
Now for my comments:
As someone who sometimes reverse engineers real-world, compiled, non-obfuscated binaries, but never does these challenges, it took me 10 minutes, give or take. So I found it a little easy. I have a feeling I might have cheesed it though :v: I just stepped through it for a bit and found there was only one consecutive memory range it was consistently writing to, so I just placed watchpoints on that and noted down whenever it wrote something that looked Steam-key-like instead of random unprintable characters. Didn't try to understand the program's logic.
So I'm wondering what, if anything, was the [I]intended[/I] approach?
Was fun though, thank you![/QUOTE]
Pretty much how I did it. I only ever reverse games and stuff, terrible at all these CTF-like challenges since they usually involve a lot more complex puzzle elements :v:
To be fair I was not sure how high I should raise the bar but I think I know where to aim at now :) I'll bring up one more soon, need some time to get it right. Also I've released the source code on the first post.
I just did a CTF challenge for a college club, might have to give Challenge 2 a try if I have time.
Not as experienced with reverse-engineering binaries, but hey, why not learn?
Some of us [URL="https://ctftime.org/team/27944"]Gmod nerds[/URL] have been doing CTFs recently.
I'll be down to give your next challenge a shot.
Sorry, you need to Log In to post a reply to this thread.
