Ok, this is the thread for T2_05 challenge, the challenge is over so we can freely talk about it.

There are some nice cool tricks inside and the solution is not the classical hardcoded serial, this time you'll have to use your brain.
Good luck!!!

my solution.
I'm not 100% sure its for t205 but it looks like that

Well done upb!

Yes, it should be the right message but I still have some doubts about it mainly because the message is a simple phrase, nothing special. The english translation is: "There are three kinds of people, those who are mathematically gifted, and those who are not." I was expecting something else... maybe I'm not mathematically gifted :-D

I have looked at the picture inside your archive but it's not the good one; I mean, when you open the picture it doesn't show the mail address, did you change it? Maybe you submit the original file and not the modified version. To let it show the address you have to change the image a little.

I don't like unpacking really (and I'm far from being an expert) but in my notes I read it's a modified version of it. So, I agree with you upb; for the others, you can trust me or you can directly take a look at Pex source code which is available online ;-)

I used softice with Iceext 'protect on' feature so I didn't have any problem stepping trhought the code, I didn't investigate too much in it but I believe there's atleast an anti-debugging method implemented in the challenge.

The main problem of the challenge is -imho- to find an easy way to trace the files involved in the challenge. Some times ago, talking with Kayaker about a possible "mini project" with t205, he suggested some task for newbies (and not :-p):

1. Identify the processes and threads used by the challenge, as well as noting their starting addresses.
What tools or techniques can be used to accomplish this important first step?

2. Determine the general course of program flow by identifying the API's involved, and their purpose, at crucial points in the challenge. What suitable API breakpoints can be used to "break into" real program code and avoid having to trace extensive amounts of SMC or packer code?

3. What "anti-analysis" tricks are being used? Antitrace, antidump, SEH? How do you bypass or trace through them?
Are packers used here and does dumping serve any purpose?

4. Can portions of the challenge be extracted as isolated elements suitable for analysis in IDA?
Could any IDA scripts be used to decrypt certain portions of the code to "expose" the hidden message and/or email address?

For the moment 4 questions are enough, we can add something else later.

If you have some problems with this challenge I suggest you to give it a try answering to the 4 questions above, I'm pretty sure you'll learn something new. So... good luck!

yep i speak finnish myself too (a bit)
the image opens with mspaint but not with win image viewer.
btw the author confirmed it was correct solution, i was a little baffled myself too that it was so easy.
sry for not writing a deeper analysis :P

On my home system I can't see the image with both mspaint and win image viewer, only now I realize I can see the image using tools like photoshop or photoimpact... that's why I modified the image file. A useless task just for viewing it under win image viewer, shame on me :-p