Solving MalwareTech’s Strings challenges with Binary Ninja.

MalwareTech’s string challenges are so easy that everyone can do them. I’m writing this article in order to help those who struggle with them, but of course you could cheat and use a debugger.

The challenges can be found here: https://www.malwaretech.com/beginner-malware-reversing-challenges.

The first two challenge are so easy that I’m not even bothering writing too much about them.

Open strings1.exe into BN then right click data pointer twice -> FLAG.

Open strings2.exe into BN then press the hex on the right and then R in order to display them as characters -> VERTICAL FLAG.

Strings 3

This one may be fun so I’m not gonna spoil everything it for you. You need to know a little ASM for this one.

Steps:

First you should Google on MSDN what does KERNEL32!FindResourceA@IAT and USER32!LoadStringA@IAT mean.

Then you should check with what parameters the function calls are made and finally use a tool like ResourceHacker in order to extract the correct flag.

Hint: flag index is related to one of the arguments

Thanks for reading!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.