[PATCHME] Look Deeper Inside

0x00pf · November 1, 2017, 6:41am

Continuing the discussion from [KEYGEN] Look Inside:

Please be aware that, in case you are trying to solve the KEYGEN Look Inside, the content on this new challenge may disclose extra details about the keygen. Of course it is up to you to keep on reading.
You have been warned

PATCHME

[spoiler]
This Greedy Brothers Corp applications are really bad. That Alpha version for their DAMS system has some nasty bugs. But one of then is specially bad. The GBC programmers forgot to remove some debug code that forced fixed code into the system avoiding the load of external LCB programs, as it was the initial intention.

That is now being sold by the company as a security feature but…

Can you patch the binary to enable the load and execution of external bytecodes?

For this challenge, challenge solver badges will be awarded only to the first person to post a valid patch.

Additional badges will only be awarded to progressively shorter (in number of bytes changed) patches

There are two functions that have to be patched. You have to patch both to get your badge !!!

If you are trying this you had already got the binary from the KEYGEN challenge.

Good Luck![/spoiler]

Thanks to @Leeky for noticing this BUG and make possible this additional challenge

Leeky · November 6, 2017, 7:44pm

Just got the time to fix the bug:

With the binary named LookInside
echo -ne “\x90\x90” | dd of=LookInside seek=643 bs=1 count=2 conv=notrunc
echo -ne “\xd7\xd2” | dd of=LookInside seek=13179 bs=1 count=2 conv=notrunc
going to include an explanation for this in my writeup

0x00pf · November 7, 2017, 6:51am

Congrats! You made it again

Looking forward to your write up!

I believe it is possible a 2 bytes patch (haven’t checked it yet)… Anybody?

0x00pf · November 13, 2017, 6:22am