Flare-On 7 2020 Challenge #1: Fidler

We received the application binary file together with the python source code.

Tools to use:

  • notepad++

When you start the application, you get:

While checking the code infidler.py, we see that it first call to password_screen():

Which will return True if it password_check will return True:

Checking it and we can see that our input is being checked against the key:

To find the key we can just copy the code inside python:

We moved to the second stage:

There are two ways to solve it, you can just play and get the flag:

Use the mouse scroll to make the coins move faster.

But if you want to bypass it and understand what happens, we can go straight a head to the function game_screen() in filder.py because it call to the victory_screen function and we need to understand how to get to this function:

To get the victory_screen we need that our current_coins will be between the following limits:

We will pick up a number between these limits: 103078166529.

The math calculation int(103078166529 / 10**8) will convert it to 1030 which will pass as the token to victory_screen(..) which will call the decode_flag() function:

It will print the flag:

Of course we can also bypass all these stages and just try to call the decode_flag() function with a random number:

It easy to complete it, we need to have “i” in the beginning.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Eviatar Gerzi

Security researcher interested in reversing, solving CTFs, malware analysis, penetration testing and DevOps security (docker and Kubernetes)