App patching 2 ....

crashbird wrote: It was much simple if you follow the logic…

Anyways i found two ways to patch it.. but the site only takes one of them..

hint: the one that solves the problem easier..or rather first…

I can't find the right solution for this challenge. Could you give me another hint ? (there are multiple ways to get the correct message.. but with an incorrect hash :P)

May I PM someone with a question about App Patching 2?

You should really just post your question in the thread , then it can help others with the same issues .

I don't think I could without spoiling the challenge for everyone else. And I hate spoilers.

Just got through with this. I wanted to drop a few hints though, for anybody having trouble, since there are a near endless number of ways to manipulate the application such that the tested condition is always true.

First, examine the code that changes your initial value very carefully. Your first instinct might suggest that the only way to get the desired result into the correct location, is to hard-code that value directly. But, it IS mathematically possible to produce the correct result using the application code itself, provided certain conditions are met (i.e. an operation is performed a specific number of times, a value is incremented or decremented at a certain time, etc.), and of course, that the result of said operations actually survives until the test condition.

Using what I wrote above, producing the correct result mathematically should seem incredibly easy. If it's not completely clear, try making a mock-up of the process that changes the value in a different language, and dumping the results to the screen during each pass. You should be able to see it now, and that the changes required should seem pretty elementary.

Now to make sure the result survives until the test is performed. Follow the execution path once more. You'll see that there are only three possible ways to ensure the value doesn't get overwritten. One destroys an entire section of processing. One avoids a section of processing, and one simply nullifies the process, by using a certain instruction's "sister" in place of the instruction itself. Only one of those methods will give you the correct checksum, and it might not be the one you think. But, at least now, your search space isn't nearly as limitless. Good luck.

Just want to say thanks to OnlyHuman. Your post helped me to make the necessary changes to my patch. Thanks!