Easy Bengali Typing

Allover30 Siterip Hardcore R-t -

Download Bengali fonts for FREE

Allover30 Siterip Hardcore R-t - 

# locate the `ptrace` call offset with radare2
$ r2 -A rip
[0x00401430]> afl | grep ptrace
0x00401455    4  8  0  1   0 0 0 0  ptrace
# patch the return value to 0 (no tracer)
[0x00401430]> wv 0 0x00401455+4   # overwrite the syscall return register (eax) with 0
[0x00401430]> wq 0xdeadbeef 0x00401460   # NOP out the abort routine
[0x00401430]> q
# verify the patch
$ r2 -A rip
[0x00401430]> pd 30 @ 0x00401450
...
0x00401455  b8 00 00 00 00    mov eax, 0   ; patched
0x0040145a  eb 0c             jmp 0x00401468   ; jump over abort

Now the binary runs without aborting:

$ ./rip
[+] Starting rip…
[+] Connected to 127.0.0.1:1337
[+] Sending request…
[+] Done. (no flag printed)

While the accessibility of adult content has its benefits, such as providing a safe space for sexual exploration and education, it also raises concerns:

Create log_send.c:

#define _GNU_SOURCE
#include <dlfcn.h>
#include <stdio.h>
#include <sys/socket.h>
#include <unistd.h>
ssize_t send(int sockfd, const void *buf, size_t len, int flags) 
    static ssize_t (*real_send)(int, const void*, size_t, int) = NULL;
    if (!real_send) real_send = dlsym(RTLD_NEXT, "send");
    FILE *f = fopen("/tmp/rip_out.log", "ab");
    fwrite(buf, 1, len, f);
    fclose(f);
    return real_send(sockfd, buf, len, flags);

Compile and run:

$ gcc -shared -fPIC -o log_send.so log_send.c -ldl
$ LD_PRELOAD=./log_send.so ./rip

/tmp/rip_out.log now contains the full HTTP request, including the ticket and the HTTP response (the token line). AllOver30 SiteRip Hardcore R-T

The binary contains the following typical anti‑debug patterns (detected by radare2 -AA and objdump -d):

The check is performed early (first ~50 instructions). To bypass it we have two clean approaches:

Running the VM inside GDB with a trace of registers quickly reveals the high‑level flow:

  • Decrypt the hidden payload – the VM loads an encrypted blob from .data (offset 0x6000) and XORs it with the derived key.
    The decrypted payload is a small HTTP request: # locate the `ptrace` call offset with radare2

    POST /store HTTP/1.1
Host: 10.10.10.42:1337
Content-Type: application/octet-stream
Content-Length: 32
<32‑byte “ticket”>

  • Generate the ticket – the ticket is a HMAC‑SHA256 of the string "ALLOVER30" using the same derived key as HMAC secret.

  • Send the request – the OUT opcode writes the full HTTP request to the socket (opened earlier to 10.10.10.42:1337).

  • Terminate – after sending, the VM returns to the native code which simply exits.

    • Conclusion: The binary does not fetch the flag itself; it stores a ticket on the remote service. The flag is then available at the path returned by the server. Now the binary runs without aborting: $

    The “R‑T” suffix stands for Reverse‑Trace – the binary tries to detect when it is being traced (e.g., ptrace, strace, gdb) and will abort with a “Cheater!” message.

    With the anti‑debug checks neutralised, the rest of the binary is a custom virtual machine (VM) that interprets a small bytecode embedded in the binary.

    First, let's decode the given string: "AllOver30 SiteRip Hardcore R-T." This could potentially refer to a type of video or content available on a website, possibly related to fitness, hardcore workouts, or another form of adult content. The "AllOver30" might imply it's targeted towards individuals over 30 or content that is comprehensive ("all over") in nature. "SiteRip" could mean it's content ripped or downloaded from a site, and "Hardcore R-T" might imply a hardcore approach to something, possibly workouts or an extreme form of entertainment, with "R-T" potentially standing for a rating or a specific context not widely recognized.