Discover more from NucuLabs.dev
Solving MalwareTech's Strings challenges with Binary Ninja.
MalwareTech's string challenges are so easy that everyone can do them. I'm writing this article in order to help those who struggle with them, but of course you could cheat and use a debugger.
The challenges can be found here: https://www.malwaretech.com/beginner-malware-reversing-challenges.
The first two challenge are so easy that I'm not even bothering writing too much about them.
Open strings1.exe into BN then right click data pointer twice -> FLAG.
Open strings2.exe into BN then press the hex on the right and then R in order to display them as characters -> VERTICAL FLAG.
This one may be fun so I'm not gonna spoil everything it for you. You need to know a little ASM for this one.
First you should Google on MSDN what does KERNEL32!FindResourceA@IAT and USER32!LoadStringA@IAT mean.
Then you should check with what parameters the function calls are made and finally use a tool like ResourceHacker in order to extract the correct flag.
Hint: flag index is related to one of the arguments
Thanks for reading!