Nice video with a detailed explanation.I like people who deeply understand what they are doing. A small request: You are so quick with the IDA shortcuts, it would be great to see a little animation of the hotkeys pressed in some moments :)
This is really a great showcase of IDA features I wished I have learnt earlier to solve this challenge quicker! I am using IDA Free at the moment, so no access to IDAPython. But I will definitely try everything else that was featured (function chunks, conditional breakpoints, scripts in breakpoints, etc.).
Very cool to see how you dissect the challenge, Is there a chance you can release all the scripts in your github repo so many of us can try to follow along or study the script? I personally have trouble following the video with: 00:20:21 - Computing all API hashes 00:21:30 - Stack pointer tracking and fixing the disassembly 00:23:41 - Using the "Decompile as" decompiler feature Would love to see how you did that programmatically. Thanks for the great video!
Hey@@allthingsida, totally makes sense! I hope you didn't take my comment as rushing you... In fact, I think go into details for all small sections would be super beneficial as I can see them being applicable for many of the Flare-on/real world challenges. Plz keep up the good work, I am learning alot from your videos! Do you have a Discord server by any chance?
@@kaihuang5420not at all. I am happy that you are interested. Many people are. The plan is to fulfill the promises made in this video and break all the challenges found in this big video into smaller pieces. Surely they are beneficial for real life scenarios. No, no Discord, but I have a community under the same name on X (/Twitter).
You should do this for #3 +. I got stuck midway on #3 and even with the solutions available, It's difficult to obtain the necessary skills. Would love to see you just go through the flare on challenges
Really educational video, I still have not watched the entire thing but so far I have already learnt a ton. One question, my IDA (7.6) initially figured out the strcpy at the top of the function 0x18003CEDE but now that I have performed some more configuration, it suddenly assigns the bytes to stack variables, like: v25 = 0x205F5F5F5F202020i64; v26 = 0x2020202020202020i64; v27 = 32; v28 = 32; v29 = 32; v30 = 32; v31 = 32; v32 = 32; v33 = 32; v34 = 32; v35 = 32; v36 = 13; v37 = 10; v38 = 32; v39 = 32; v40 = 32; v41 = 32; Is the version a problem for this unstability or it can be fixed in some way? (perhaps via configuring the IDA microcode which I don't have any idea how)
Had to tell what's the issue. Go to the beginning of the strings (one of those vXX variables), press Y, change its prototype from a 'char' to a proper 'char []' size.
@@allthingsida Hey, sorry for late answer but after a few days I could be able to reproduce my problem (IDA suddenly decided to display the yoda string properly) and this approach seems to not work as I get an error when changing prototype. Also I have tried this solution with other samples too where the prototype is already char[] but still displays the characters as numbers.
Nice video with a detailed explanation.I like people who deeply understand what they are doing. A small request:
You are so quick with the IDA shortcuts, it would be great to see a little animation of the hotkeys pressed in some moments :)
Any standalone software you recommend I use?
@@allthingsidafilmora video editor would be great
This is really a great showcase of IDA features I wished I have learnt earlier to solve this challenge quicker! I am using IDA Free at the moment, so no access to IDAPython. But I will definitely try everything else that was featured (function chunks, conditional breakpoints, scripts in breakpoints, etc.).
Very cool to see how you dissect the challenge, Is there a chance you can release all the scripts in your github repo so many of us can try to follow along or study the script? I personally have trouble following the video with:
00:20:21 - Computing all API hashes
00:21:30 - Stack pointer tracking and fixing the disassembly
00:23:41 - Using the "Decompile as" decompiler feature
Would love to see how you did that programmatically. Thanks for the great video!
As promised, I will go into details for all those sub challenges. Please be patient so I have time to clean all the scripts and release them as well.
Hey@@allthingsida, totally makes sense! I hope you didn't take my comment as rushing you... In fact, I think go into details for all small sections would be super beneficial as I can see them being applicable for many of the Flare-on/real world challenges. Plz keep up the good work, I am learning alot from your videos! Do you have a Discord server by any chance?
@@kaihuang5420not at all. I am happy that you are interested. Many people are.
The plan is to fulfill the promises made in this video and break all the challenges found in this big video into smaller pieces. Surely they are beneficial for real life scenarios.
No, no Discord, but I have a community under the same name on X (/Twitter).
@@allthingsida yeah I have been following that channel! Thanks for sharing your knowledge!
You should do this for #3 +. I got stuck midway on #3 and even with the solutions available, It's difficult to obtain the necessary skills. Would love to see you just go through the flare on challenges
Very nice
Really educational video, I still have not watched the entire thing but so far I have already learnt a ton.
One question, my IDA (7.6) initially figured out the strcpy at the top of the function 0x18003CEDE but now that I have performed some more configuration, it suddenly assigns the bytes to stack variables, like:
v25 = 0x205F5F5F5F202020i64;
v26 = 0x2020202020202020i64;
v27 = 32;
v28 = 32;
v29 = 32;
v30 = 32;
v31 = 32;
v32 = 32;
v33 = 32;
v34 = 32;
v35 = 32;
v36 = 13;
v37 = 10;
v38 = 32;
v39 = 32;
v40 = 32;
v41 = 32;
Is the version a problem for this unstability or it can be fixed in some way? (perhaps via configuring the IDA microcode which I don't have any idea how)
Had to tell what's the issue. Go to the beginning of the strings (one of those vXX variables), press Y, change its prototype from a 'char' to a proper 'char []' size.
@@allthingsida Hey, sorry for late answer but after a few days I could be able to reproduce my problem (IDA suddenly decided to display the yoda string properly) and this approach seems to not work as I get an error when changing prototype. Also I have tried this solution with other samples too where the prototype is already char[] but still displays the characters as numbers.