| Runtime (Windows) (x64) |
nice, I think it was as "runtime" as it is possible |
2025-09-11 00:18 |
| Runtime (Windows) (x64) |
One last thing I have to ask, the loader was PIC C/C++ code with custom gcc/vc options or handwritten asm? the push rcx {i think it was rcx} pop rcx to get the encrypted data's address was nice |
2025-09-10 22:58 |
| Runtime (Windows) (x64) |
Overall yes I think the challenge did each job "mostly debbugging" because the shellcode on each own was quite complex so I literally went step-by-step on it. |
2025-09-10 22:53 |
| Runtime (Windows) (x64) |
soo, started with debugging it, BUT with the suspended cmd process thing u did, I had to attach the newly created process to the debugger every time I needed to reloaded the exe for setting the BPs so it was a no go (because each time it was a new Process the BPs were gone).Then decided to extract the whole shellcode and wrote a simple shellcode executioner to debug it. Last step was to extract the final exe from memory to analyse it.The last step could have been for sure "only runtime" but I think extracting the exe and analyse it static was easier.For the first part, analysing it only in memory would take ages.There are still suspended cmd process xD |
2025-09-10 22:51 |
| Runtime (Windows) (x64) |
must took a great effort to write the PIC loader, noice |
2025-09-10 19:30 |
| Runtime (Windows) (x64) |
painful challenge, too many steps to write a writeup so just posting the password Shadow42!, good job mate |
2025-09-10 19:25 |
| KeyGen Me! |
one hint tho, your input does not matter, its before the input actually, and its not a "unique" one |
2025-09-07 02:53 |
| KeyGen Me! |
HOLLYY, haven't seen more "useless code" being used so smart.Really confused me. Good job m8.I don't post the psswd, everyone should try |
2025-09-07 02:33 |