in the last days I announced a realistic challenge for you. I worked hard, so here is a real challenge for you. If you stuck at some point you can search in the hints section for some help .
Description of the RE Challenge
This time you have a step-by-step challenge, which can’t be solved that easy. It’s a little Connect Four game with a good protection (But not that good; shouldn’t be too hard ;)) which has to be hacked. Ok, there are different difficultys. I recommend to take the hard way: In a realistic scenario you have the obfuscated client and no chance to touch the server, so try it first that way. Maybe you could have a look at the server if you stuck. Also you can find help in the hints section.
- C# knowledge
- Fun at Reversing
- And if you don’t want to use the hints a knowledge of secure programming could be valuable
This time I packed it into a .rar archieve because it’s way easier.
This time you have to find a vulnerability which can be used to win the game. Imagine Player 2 plays not on the same computer but via internet and you (player 1) want to win against him. It is not allowed to change the server. You didn’t won just because your client says you had; the server has to print out that you’ve won. Don’t touch any files in the server folder. Ok, I had to forbid much . I hope I didn’t forget anything…
Your exercise is to write a patched client which can be used for winning the game easily.
What is Heartbeat?
[Spoiler]Heartbeat is a protection technique which sends every few seconds a hash of the client file to the server, that it can validate if it’s not patched.[/Spoiler]
How can I beat heartbeat in this case?
[Spoiler]In this game it is not validated if the hash is really from the client. Just copy the unpatched client and rename it to “heartbeat.exe”. Now change the String in the client representing the file which has to be hashed to “heartbeat.exe”. Everything now works fluentless ;). [/Spoiler]
You got lost in the Code and have no idea where to look at?
[Spoiler]Just think of it. Where can you change the server without changing the source? Yes, the input you give to the server. Have a straight look where you send input to your server and try to understand what you are sending. Maybe you then get an idea what could be bad validated…[/Spoiler]
You can’t find the vulnerability but want to go on hacking it. So where is it?
[Spoiler]As I said before it’s a validation mistake of the server. Maybe you even tried to send the server two times in a row a position from player 1 and he said “No, that’s not true!”. That was a good start! But not the player is the vulnerability, it is the position itself. The server doesn’t validate if it’s already taken by a player, so you can put a coin in a place where player 2 already placed one ;).[/Spoiler]
Any other hints needed?
Just PM me or ask in the comments if you stuck at a particular thing and the hints above would help you too much or didn’t help you.
If you did that challenge without having a look at the server source and you used the obfuscated version you’re really an 1337 h4xx0r . This is a realistic example how a vulnerabilty could be exploited. As always I’m already working on the next part, but what do you want: More tutorials in C# and should they be harder or easier than this one? Or do you want a new language, maybe Java/Android reversing or C/C++?