NoRadar — HackTheBox

Description

Track the elusive green cube through a labyrinth of obscure clues and cryptic messages to unravel its hidden location.

The challenge provides an ELF 64-bit PIE executable (not stripped) — an SDL2 raycasting game in the style of Wolfenstein 3D, along with an assets.dmp file (3.8MB) containing the map and assets. The game renders a first-person view with no minimap (hence the name "NoRadar"). Three types of green cubes move around the map, but only one of them — green_cube3 — contains the flag encoded in its movement trajectory.

Flag format: HTB{...}

Analysis

Step 1: Initial Recon

file noradar
# ELF 64-bit LSB pie executable, x86-64, not stripped

strings noradar | grep -i "green\|cube\|player\|raycast\|entity"
# green_cube, green_cube1_new, green_cube2_new, green_cube3_new
# green_cube1_update, green_cube3_update
# raycast, player_init, entity_move_toward, load_assets

Source files referenced in symbols: colf.c, entity.c, texture.c, event.c, player.c, raycast.c, window.c.

The binary is not stripped — all function and symbol names are available, which significantly simplifies reverse engineering.

Step 2: Analyzing assets.dmp

The load_assets function parses assets.dmp:

Offset	Type	Value	Description
0x00	float	144.0	Player initial X position
0x04	float	10.0	Player initial Y position
0x08	int	350	Map width (tiles)
0x0C	int	21	Map height (tiles)
0x10	int	N	Number of entities
...	byte[]	0/1/2	Tile map 350×21

Tile values: 0 = empty space, 1 = wall type 1, 2 = wall type 2.

The map is huge (350×21) — a long horizontal labyrinth.

Step 3: Three Types of Green Cubes

...