Open in app

Sign in

Write

Sign in

Cyber Talents — Eye of Sauron

Kamran Saifullah
3 min readAug 24, 2019

--

In this challenge we are provided with a .NET application which takes input from the user and if the input is correct, we shall pass else we will not!

On running the executable we can see it’s graphical interface!

As we do not have the code. We need to decompile this executable in order to find the inner working of this program. At first i opened up this executable in dotPeek.

On the left side we can see different base types and at the end “txtPass”. This clearly shows that the user input will be checked somewhere in the program. So this was the time to look a little closer on the code.

I found the part of the function which will check for the user input and will pass him if provided input with match the defined one.

Reversing the logic of this function we conclude that!

  1. Label 2 + Label 3 + Label 4 + Label 5.
  2. Reverse the strings after combining all 5.

The logic seems to be quite simple. At first the portions of the input will be taken and a single token will be made. Once done, the order of that token will be reversed to get the right token!

At this moment, we need to find those tokens!

After looking on the program, i found that values were assigned to the variables made and these values were being concatenated and then reversed.

Now, as we have the parts of tokens. Its time to combine them and they will look like this.

d0248b4e + 47886655 + 83f05688 + c154b6ea

But, when the form will be loaded the text for the label4 will be changed and we can conclude that with this private function.

The previously value for label4 is 83f05688 and the new one is 83f05689. So, we need to change this value.

Also the value for label3 is being changed as soon as the button is clicked!

The previously value for label3 is 47886655 and the new one is 47996655. So, we need to change this value as well and the token will be!

d0248b4e + 47996655 + 83f05689 + c154b6ea

d0248b4e4799665583f05689c154b6ea

Now, we have this token, in order words the hash as it looks like. All we need now is to get it reversed and that can be done easily via “rev” command on Linux!

ae6b451c98650f3855669974e4b8420d

We are all done. Let’s try this on the form!

We are done with the challenge!

Programming
Cybertalent
Eyeofsauron
Ctf
Reverse Engineering

--

--

Kamran Saifullah
Kamran Saifullah

Written by Kamran Saifullah

422 Followers
56 Following

Malware/RE/Firmware Analysis, App Sec/Off Sec, VAPT, Phishing Simulations/SE | Risk Management, IS Governance, Audits, ISO 27001 LI

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams