14: Patching EXEs with Ollydbg

What You Need

A Windows machine, real or virtual. I used a Windows Server 2008 virtual machine.
You need several files to examine. They are all in the Documents folder of the VM your instructor handed out. If you don't have that, download them with these links:

00000.exe
3EXEs.zip
easy.zip
256exes.zip

Purpose

To practice disassembling and modifying binaries, and using Python scripts.

Challenge A: Patching an EXE (10 pts.)

Getting the EXE

In the Documents folder of the VM handed out by your instructor, find the 00000.exe file.

Checking the Hash

Calculate the SHA256 hash of the file. It should match the value shown below.

Running the EXE

Run 00000.exe in a Command Prompt. It asks for a "Launch code" and if you guess wrong, it insults you, as shown below.

Examining the EXE with Ollydbg

Open the file in OllyDbg, as shown below.

Look at the rightmost section, and you can easily see what the program does; it prints out "Launch codes?", reads in a decimal number (%d), and then chooses to print either a winning message with a result, or an insult.

The choice is performed by two instructions: CMP (Compare) and JNZ (Jump if Not Zero), outlined in green in the image below.

Replace those instructions with NOP (No Operation), as shown below. Save the patched file.

Running the Patched File

The patched file will accept any Launch code, as shown below.

Checking the Hash

Calculate the SHA256 hash of the patched file. It should match the value shown below.

Challenge A: Submit the CRC32 (10 pts)

Calculate the CRC32 hash of the patched file.

Use the form below to get your points.

Your Name:

CRC32 hash like this:
07b01710

Challenge B: Patching Three EXEs (10 pts.)

Getting the EXEs

In the Documents folder of the VM handed out by your instructor, find the 3EXEs.zip file.

Checking the Hash

Calculate the SHA256 hash of the file. It should match the value shown below.

Patch the Files

Patch all 3 files so they will accept any input.

Gather the Results

Run the three patched files. Each one returns a single character as a result. Keep the files in alphabetical order, by filename, like this:

File 00000.exe Result C
File 0000a.exe Result A
File 000a1.exe Result T

If those were the results, the answer would be CAT

The actual results are different, of course.

Challenge B: Submit the Results (10 pts)

Use the form below to get your points.

Your Name:

Results: 3 Characters like this:
CAT

Challenge C: Patching 19 EXEs (30 pts.)

Getting the EXEs

In the Documents folder of the VM handed out by your instructor, find the easy.zip file. Unzip it. There are 19 EXEs in it.

Goal

Patch all 19 files, run them, and combine the Results to get a 19-character flag.

Hints

There are hints here.

Challenge C: Submit the Results (30 pts)

Use the form below to get your points.

Your Name:

Results: 19 Characters like this:
Impenetrable!Cyber!

Challenge D: Patching 256 EXEs (50 pts.)

Getting the EXEs

In the Documents folder of the VM handed out by your instructor, find the 256exes.zip file. Unzip it. There are 256 EXEs in it.

Goal: Gather the Results

Patch all 256 files and run them. Each file will give you one "Result" character. Gather all those characters into a file 256 bytes long.

Calculate the SHA256 hash of that file. It should match the value shown below.

Calculate the CRC32 of that file to win.

Submit the CRC32 (50 pts)

Calculate the CRC32 hash of the 256-byte file.

Use the form below to get your points.

Your Name:

CRC32 hash like this:
07b01710

Credit

This is based on the 67k Challenge from EasyCTF 2017.

Modified 1-7-19