kellek's noprelo



4:19 PM 09/15/2018


Unix/linux etc.


Crack noprelo - The goal is to show the Good Boy message.

IDAPRO on 10:31 AM 09/28/2018: Hello kellek, the behavior of the ptrace function is not well defined. This function only can take two possible values (0 or -1) depending on the number of calls that you have done to it. This makes impossible to resolve the challenge by line command.

kuroguro on 6:32 PM 09/28/2018: I wonder if the ptrace is there so a parent process can attach to it and manipulate it's memory? Not 100% sure what counts as a valid solution in this case.

kuroguro on 8:35 PM 09/28/2018: Does this count? :D gdb --batch-silent -ex='catch syscall ptrace' -ex=r -ex=c -ex='set ($eax) = 1337' -ex=c --args ./noprelo __gmon_start__

kellek on 8:06 AM 09/30/2018: IDAPRO: try harder :) @kuroguro: No solutions in the comments please. Your solve feels like patching during runtime, you should not modify the binary (even if it's in memory).

kuroguro on 1:12 PM 11/01/2018: Can we get a hint? I can't figure it out :/

kuroguro on 4:10 PM 11/01/2018: Would making the binary load a custom libc wrapper count as a solution or can ptrace really return the value? Or is there some other workaround I haven't noticed?

darksk4 on 12:35 AM 01/03/2019: Hello :) Did you already saw my solution? This is my first time so I really don't know how to sent it.

theroot99 on 7:27 PM 05/23/2019: Hi! Cool Crackme! Does patch the binary where the compare on the return value of ptrace is done count as a solution? Or is there an other way to make ptrace return that value?