Writeup: FlareOn 2022: 002 - Pixel Poker

Task description


TLDR graph

2. Input data

The challenge file is here. Password: flare.

The subject of the task was the PE file:


Before proceeding with the analysis, I read the contents of the text file:

Welcome to PixelPoker ^_^, the pixel game that's sweeping the nation!

Your goal is simple: find the correct pixel and click it

Good luck!

3. Initial analysis

I have verified the file type PixelPoker.exe:

$ file PixelPoker.exe
PixelPoker.exe: PE32 executable (GUI) Intel 80386, for MS Windows

The program, when launched, presented a window as below:

main window

I then loaded the program into the IDA environment

4. Code analysis

As a result of the code analysis, I pointed out the place in the code that conditioned the flag to be displayed:

main window

There were two conditional instructions:

if ( pixel_x == var_ralf % (unsigned int)rect_width )
if ( pixel_y == var_n0E % (unsigned int)rect_height )

The width and height of the window were fixed at 0x2E5 and 0x281, respectively. Therefore, it was enough to calculate the expected pixel and indicate it:

>>> import struct
>>> struct.unpack(">I", b"RALF")[0] % 0x2E5
>>> struct.unpack(">I", b"nO-E")[0] % 0x281

The coordinates of the pixel were (x,y)=(95,313)

5. Reading the flag

The flag was displayed when the correct pixel was indicated: