JOIN BREACHFORUMS TELEGRAM
ARMs Race Official Discussion
by cavour13 - Wednesday February 21, 2024 at 12:00 PM
Elite User

Posts: 231
Threads: 18
Joined: Jul 2023
Reputation: 1
#1
Feb 21, 2024, 12:00 PM
Hi all and good luck !

i did some research about the hex blob provided by the challenge but im kinda lost about next step
Reply
VIP User
VIP
Posts: 48
Threads: 5
Joined: Jan 2024
Reputation: 10
#2
Feb 21, 2024, 02:30 PM
IDK why that hex string keep changing if reload the page
Reply
Breached
Member
Posts: 45
Threads: 2
Joined: Sep 2023
Reputation: 0
#3
Feb 21, 2024, 07:30 PM
(Feb 21, 2024, 02:30 PM)OsuLearner Wrote: IDK why that hex string keep changing if reload the page

Ikr so annoying. so seems we need to use pwntools ?
Reply
Breached
Member
Posts: 45
Threads: 2
Joined: Sep 2023
Reputation: 0
#4
Feb 24, 2024, 05:27 AM
Solved. Pm for writeup
Reply
Banned

Posts: 59
Threads: 0
Joined: Sep 2023
Reputation: 0
#5
Aug 06, 2024, 07:06 AM
Here code:
import socket
from unicorn import *
from unicorn.arm_const import *

def recvuntil(sock, delim=b'\n'):
    data = b''
    while not data.endswith(delim):
        data += sock.recv(1)
    return data

def HexToArm(hex_str):
    code_bytes = bytes.fromhex(hex_str)

    # Initialize Unicorn for ARM architecture
    mu = Uc(UC_ARCH_ARM, UC_MODE_ARM)

    # Map 2MB memory for this emulation at address 0x10000
    ADDRESS = 0x10000
    mu.mem_map(ADDRESS, 2 * 1024 * 1024)

    # Write machine code to be emulated to memory
    mu.mem_write(ADDRESS, code_bytes)
    mu.reg_write(UC_ARM_REG_R0, 0x0)

    # Emulate machine code in infinite time
    try:
        mu.emu_start(ADDRESS, ADDRESS + len(code_bytes))
    except UcError as e:
        print("ERROR: %s" % e)

    # Read back the value of R0 register
    r0 = mu.reg_read(UC_ARM_REG_R0)

    return str(r0)

def main():
    host = "83.136.255.41"
    port = 39006

    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.connect((host, port))
    for i in range(51):
        response = recvuntil(sock)
        decoded_response = response.decode()
        print(decoded_response)

        colon_index = decoded_response.find(': ')
        content = decoded_response[colon_index + 1:].strip()
        response = recvuntil(sock, b'Register r0:')
        decoded_response = response.decode()

        result = HexToArm(content)
        sock.send((result + '\n').encode())
        print(decoded_response + result + "\n")
    sock.close()

if __name__ == "__main__":
    main()


This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Replying With Hidden Content
Reply
Breached
Member
Posts: 40
Threads: 2
Joined: Jan 2024
Reputation: 0
#6
Aug 06, 2024, 10:55 AM
https://me0w.gitbook.io

i wrote this writeup!
Reply
Breached
Member
Posts: 45
Threads: 2
Joined: Sep 2023
Reputation: 0
#7
Oct 27, 2024, 07:49 PM
(Aug 06, 2024, 10:55 AM)awwliveyet Wrote: https://me0w.gitbook.io

i wrote this writeup!

Nice writeup ! : )
Reply
Banned

Posts: 29
Threads: 8
Joined: Jun 2024
Reputation: 0
#8
Oct 28, 2024, 02:53 PM
https://me0w.gitbook.io COULD HAVE ATTACHED OTHER DETAILES LINKS FOR SOLVING IN DEPTH

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Selling in HTB | /Thread-CPTS-FULL-EXAM-WRITEUP
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [FREE] CPTS 12 FLAGS pulsebreaker 68 1,941 8 hours ago
Last Post: VictorPipeau
  [FREE] HackTheBox Dante - complete writeup written by Tamarisk Tamarisk 601 91,585 8 hours ago
Last Post: VictorPipeau
  [FREE] 300+ Writeups PDF HackTheBox/HTB premium retired Tamarisk 371 92,799 9 hours ago
Last Post: phannguyenbaouy1
  [FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags Techtom 21 2,616 Today, 05:08 AM
Last Post: popoler
  Hack the box Pro Labs, VIP, VIP+ 1 month free Method RedBlock 23 2,269 Yesterday, 02:10 PM
Last Post: kkkato

Forum Jump:


 Users browsing this forum: 1 Guest(s)