http://pandalabs.pandasecurity.com/archive/Panda-Challenge.aspx ("http://pandalabs.pandasecurity.com/archive/Panda-Challenge.aspx")

A level each week for three weeks, starting on Tuesday.

Could be fun

Lets see what they provide

Regards,
OHPen

First challenge has been released: http://pandalabs.pandasecurity.com/archive/Panda-Challenge-_2D00_-_2200_All-that-glitters-is-not-gold_2200_.aspx

EDIT: As well as first answers it seems.

That was pretty easy . Let's see what the next one is.

don't really got that. stuck upon ...the key for second stage??

inside JPG @070

harder Question: where to put PWD?! 0:

okey, i get:



Don Wooma, i ready to sell secret message! just 5$ for you 0:

PS. discount! 4,99$

i'm surprised it took you that long, evaluator

just realized how to execute LFN exe in dos

i made BAT file.

First challenge was kind of bullshiting. Has not much to do with reverse engineering...

Is the second challenge already released ?

Regards,
OHPen

Second challenge should be out sometime in the next few hours, according to the PDF in the previous post and judging by last week's

write here url

http://pandalabs.pandasecurity.com/blogs/PandaLabs/2009/07/14/level.exe.patch.exe.zip

Anyone could explain me how to "talk" to the panda program in C ?

I have the solution I guess, but I am unable to write the required program that talks to the console application

I feel stupid.

I sent you a PM, just to make sure not to spoil anything for the others . I completed reversing as well after a day, even though I spent most time trudging through what turned out to be the initialization of the runtime... Will write my program tomorrow.

is interesting to play with it?

is this really packed or a bogus? never played with encryptpe tho. if it was packed, why there is console API in the beginning and can see strings clearly?

evaluator: I'm having fun with this, yes. I didn't expect the type of challenge that the program contains. It even contains some of its own antidebug this time, although most of the protection is again in the (third party) packer.

dion: let's just say that as with most packers/protectors, EncryptPE can be used to selectively protect certain functions. You will know it when you see it.

wow, unpacking need!? =)

It's not really encrypted at all. Just lots and lots of junk code inserted.

well, it surely junking debugview. wierd, is it supposed to made it crash? but it didn't

That is anti-Olly. Those huge format strings exploit a bug in Ollydbg to make it crash, it's a very common trick. Correspondingly there are also many options available for fixing it.

Second?! Argh. Must try harder tomorrow

the hard one... looks a bit 'malicious'. it peeks my boot sector and hash them. still stuck on it tho.

I'm pretty stumped on this one as well. If the message is not inside the program as the challenge description states, then where is it? They can't really make assumptions about specific other files with specific contents existing on the drive... Even ntdlr probably changes between Windows versions

Reversing the hashes is pretty hopeless as well, considering the length of the input data (255 bytes most times)...

from what said, it is closer to you than it seems, i took liberty to point 'it' to the panda file itself. dunno, it runs 2 times, watched in filemon, and nothing more... maybe overflowed inside

saw alots of fork() there. my wild guess could be overflowed. well. i got no idea how it works.