WinCC (300 pts)


Play the game and capture the flag!


Analyze the file by PEiD for detecting the file packer!


The file packed by VMProtect! Can anybody reverse it!?

According to question the System MAC should be FC-F8-AE-16-98-C4. There are two solutions:

In the next step, the application queries for a process by image=wincc.exe. So you can simply create a PE that image name is wincc. In the next step, the application checks the process id of wincc.exe and if it's not 10033 shows an error. How do we change the pid of this process? There are two solutions:

And in the last step, the application sends an error that the time is not 25:00:00 ! Can we change the hour to 25? Yes, it's simple by hooking GetSystemTime API and changing the return value.

typedef struct _SYSTEMTIME {
  WORD wYear;
  WORD wMonth;
  WORD wDayOfWeek;
  WORD wDay;
  WORD wHour;
  WORD wMinute;
  WORD wSecond;
  WORD wMilliseconds;

And now run the app and hook functions in run time and capture the flag. flag is Solve_It_By_Simple_Ho0king_or_DKOM.