PAN LabyREnth CTF – Windows #3

Sample: 57174eac6975871458d393301bbaa67e799e85ed66fefb912875152581eb2f79 (PW: infected)

file SquirtleChallenge.exe
SquirtleChallenge.exe: PE32 executable for MS Windows (console) Intel 80386 32-bit

Starting the sample, you will be prompted for a password.


So the next thing is to find out the password. After loading the file in IDA and searching for the string “Type the password:” you will quickly see what you need to type in.


After typing “incorrect” as a password you will also get a lot of hints what the code needs to  give you the flag. The guys from PAN even give you the URLs where to find additional information about the specific Anti-Debugging technique.


In the end you can either patch out the checks or step over via a debugging. If you’ve done everything right, a valid JPEG file “answer.jpg” will be dropped in the same directory as SquirtleChallenge.exe.


Decode the binary code:



This entry was posted in Reverse Engineering and tagged , . Bookmark the permalink.