Suninatas Game 09

Posted on Edited on In Views: Disqus:

challenges

Game 09

Challenge: Reverse engineering a Windows executable

Step 1: Extract Archive

1
7z x SuNiNaTaS.zip

Step 2: Identify File

1
file Project1.exe

Output: PE32 executable for MS Windows 4.00 (GUI), Intel i386, 8 sections

Step 3: Analyze with IDA

Run the executable in a virtual environment (Windows 10, VirtualBox).

The program displays an input box with two buttons.

Use IDA Pro and press Shift+F12 to view strings. Look for the “Congratulation!” message, then double-click to find cross-references.

Step 4: Find Password

From IDA disassembly:

1
2
3
4
5
6
7
8
9
10
CODE:00450388 ; ---------------------------------------------------------------------------
CODE:00450389                 align 4
CODE:0045038C _str_913465     _strings <0FFFFFFFFh, 6, '913465'>
CODE:0045038C                                         ; DATA XREF: _TForm1_Button1Click+1B↑o
CODE:0045039B                 align 4
CODE:0045039C ; const CHAR aSuninatas[]
CODE:0045039C aSuninatas      db 'SuNiNaTaS',0        ; DATA XREF: _TForm1_Button1Click+45↑o
CODE:004503A6                 align 4
CODE:004503A8 ; const CHAR aCongratulation[]
CODE:004503A8 aCongratulation db 'Congratulation!',0  ; DATA XREF: _TForm1_Button1Click+4A↑o