CTFtime.org

hack_or_hack

Points: 300

Poll rating:

You are given a download for an old dos game called "Tony and Friends", you extract it and open it in dosbox and load into the game. The clue for this was that any more than 64 sprites on screen at any given time will crash the game. If you pay normally you will be unable to progress legitimately because there are literally so many enemies you'd just die, instead I used CheatEngine and found the 2byte code that was my health, then set it to 9999, I then found the 2 byte code that turned on and off the "super milk" powerup (basically a mario star) and set it to FFFF to kill all enemies on contact. Just by doing this you can make it through 19/21 levels, for 3 the doors that let you progress are broken (stages 2-3 and 3-1) in order to get past them I used the game's weird timeout feature to my advantage. When time runs out the game pushes you out of the map and kills you, so I found the 2 byte code for the timer and set it to 2-3 seconds, then had the cheatengine pause button pulled up, when my character phased through the walls in to the space betweem 2 rooms I would pause the game and set time back to 9999, I could then freely move between rooms in the game without having to use the doors.
Every stage had 1 character for the flag next to the end of the level, so 1-1 was H written in coins, 1-2 was X written in coins, 1-3 was P written in coins, and so on.
The final flag was: hxp{E4620CCC29475F11}

Sorry i didn't add any pictures, I already deleted everything by the time I though about making a writeup
p.s: I did not say the exact memory locations for health and time and such because the location of them changed each time I restarted dosbox. To find them I would go into the tutorial world, search for a hex value of 000C (12) with cheat enginge which is the number of starting health you get. intentionally take 3 hearts of dmg (3 hearts = 6 health) and then look through the list for values that were 000C when I first looked but are now 0006. There would be 2 values, one was the health value and the other was the sprites for the health, just set the health value up and the sprites follow. 
p.s.s: To find the time and milk powerup I went to the memory location of the health and for time looked for a value changing down by 1 every second ( found up a little, very easy to spot) and for the milk looked for what values changed when I picked up the milk and it wore off (hard to spot at first, but once you know you're looking for  0000 --> FFFF it becomes much easier.

You need to authenticate and join a team to post writeups

Comments