As every year, the organizers of the « No Such Con » event give the opportunity to the motivated people to solve some challenges just before the conference. The purpose of the challenge is really simple, you have a light GUI asking you for a login and a password and when they are submitted you either get a bad or a good boy message box. The winner of the challenge wins a trip to Hack In The Box Amsterdam 2014, quite cool: congratulation to Florent Marceau who solved it the first one! The challenge has been solved by approximately eight guys at the moment.
I haven’t seen yet a public writeup, so here is mine: I will try to exactly explain the process I have been through from the beginning of the challenge until the very end, even when my ideas sucks. Last thing, I am really new in breaking those kind of binaries, so if you have figured a part in a different and more elegant/clever way I would really like to have a little chat with you, shoot me an email!
You can find the article here: 0vercl0k_aes_whitebox_unboxing_no_such_problem.pdf, and the github repository here: https://github.com/0vercl0k/stuffz/tree/master/NoSuchCon2013; I hope you will have some fun :).