CodeGate 2012 Quals – Binary 400

The Rewolf in Kaspersky

Down

Summary: unpack file, analyze crashdumps, bruteforce

The program is packed x86 PE file. It takes few minutes to unpack file. If you execute the file we see this window

So, input doesn’t work. Also if you press any keystroke the application will crash. I think tt is really wired behavior for program =)

Anyway, after hour which was spent to analyze reason of crashes, the idea came up to my mind. If every keystroke initiates crash then we can’t do anything. It should be at least one keystroke which doesn’t lead to crash. So, the easiest  way to find that keystroke is a bruteforce. I wrote small bruteforce autohotkey script with restart application and try every keystroke.

Surprisingly, it worked! After simplifying the script looks like

    Run C:\!work\codegate.exe
    WinWait Codegate 2012
    WinActivate
 
    Send {BS}  
    Send {h}
    Send {a}
    Send {n}
    Send {u}
    Send {l}
    Send {9}
    Send {3}
    Send {shift}
    Send {k}
    Send {e}
    Send {i}
    Send {vk60}
    Send {vk76}

When this script finished to execute, the application looked like

Press “Ok!” and bingo!

Key: WonderFul_lollol_!