All things reversed

Don't trust the decompilers

Decompilers can be your greatest ally or your greatest enemy. Basing the analysis only by the result of only one tool can fail you greatly. See for yourself. Prefer to watch? Check out this video. Recently, I was solving one of the challenge from ångstromCTF 2021 and after opening the

midnightsun

Solving Geanu

Geanu was a simple RE challenge from MidnightsunCTF. The task starts by print the following ASCII-art of Keanu and awaits our input. Keanu from Geanu ;)After getting user input it finishes. Let's fire up Ghidra and load the binary. Since the binary is written in Go, we can apply 'golang_

r2

Debugging r2 - child processes

If you ever want to debug r2 while it is debugging another process (so basically debug while debug r2 -d /bin/ls or when using ood) remember about few important things. Radare2 will create a new process so it is important to be sure if gdb is set to attach

r2

Debugging r2

This will be a short one. If you ever need to debug Radare2, and after running it under dbg you can't get into the debugger after hitting ^C as it should, remember that r2 handles this shortcut and this won't work. Instead use this: kill -SIGTRAP $(pidof r2) This cause

ghidra

Automating Ghidra - part 3

In the third installment of this series (if you haven't read/seen here's - part 1 & part 2) we will be reconstructing program flow. This is useful for tasks such as Towel's armageddon. Note: If you prefer watching, have a look at my YouTube channel. The difficulty of this

net user /times

You probably know this but in case you don't, Windows has built in feature for setting up allowed login days and hours for a particular account. It can be done in the following way net user account_name /times:[{times | ALL}] but when I used it to restrict my kids

rusty

Rusty - Technical background

This post a technical part to the challenge Rusty. If you haven't read the post you can do it here. Technical backgroundI had few difficulties when creating it. So it might be interesting for some people to read how I've managed to overcome them. The process was done in three

challenge

Rusty

So I had my debut as an author of a task for a public CTF event. I've created a challenge called Rusty, and let's say it collected some mixed reactions. I've labeled it as an easy RE challenge, but only ten teams managed to solve it in the end -

radare2

radare2 can do java

I was once asked on my YT channel to do a Java crackme. It only took 7* months to fulfill this request. So, wile waiting for Part 4, Professor this is for you. We will do a Java crack-me, but an easy one created by me. This is as I

resources

Ultimate list of resources for learning Reverse Engineering

It supposed to be the list of resources to learn Reverse Engineering but there's a lot of such lists already in the wild. So this post will sometimes list links of resources to learn RE - kind of meta. In no particular order: https://hshrzd.wordpress.com/how-to-start/https://github.

ghidra

Automating Ghidra - part 2

In the last Automating Ghidra post we looked at how we can script Ghidra to do some mundane operations on the Memory Map of our binary. This time we will automate renaming labels for the data based on the values. During ASIS CTF 2020 a task was present that posses

pwntools

Making pwnlib.gdb.attach work under WSL2

I'm doing my CTFing under Windows. I used to spawn a VirtualBox or Hyper-V with Ubuntu from time to time when needed or used Digital Ocean's droplet but since WSL is in town and especially with the speed-up improvements that WSL2 brings I rarely do that. I do "all" my

security

Gynvael's challenges - Solutions to collection of small web security challs

Recently Gynvael started to post little web challenges that are around topics of web security with NodeJs/Express (mostly) and Flask. Since I used to participate actively in Missions (that you could see at the end of his streams) I was more than happy to participate in those challenges too.

ghidra

Automating ghidra

Ghidra is an awesome RE tool that quickly took off after its initial launch in 2019. It can display not only the disassembly of our binary but also have a decompiler that allows us to see a bit higher level code. You can also extend it by using python or

nes

Solving Space Fights CTF

Few months back I was solving a CTF challenge for the NES system. It was one of the Flare-On challenges for 2019. This time we will solve another one for the same system. A challenge named Space Fights CTF could be found on github along with the source code but

tamctf

TAMUCtf - leaning tower

There were multiple things wrong with this CTF but this one challenge was an interesting one. Windows binary, no noticeable entry point and no messages on screen. It's time to use our tools to dissect this one. Prefer watching? As usually, if possible, starting this task from running the binary

debugging

Debugging .Net applications without source code with dotPeek Symbol Server

Few years ago I've made a video that demonstrates how one can debug (from Visual Studio) without having source code by using the dotPeek Symbol Server. You can see the video below: DotPeek is one of many competed .NET decompiler (I ❤ dnSpy) but it has a great feature that allows

insomnihack

Kaboom!

This wasn't a difficult task but it had one tricky trick that made it took way more time than it should be required. We started with an exe file that when loaded in any disassembler tool (e.g. Ghidra) or do some preliminary checking to see that the file was

hitcon

Core Dumb - HitCon 2019

Note: challenge was solved together with Disconnected. Damn it my flag checker is so buggy it destroyed the program itself 😱 All I left is a core dump file :( Could you help me recover the flag ? Q_QLet's start by checking the file that we are given in this challenge: λ

lego

Hitcon 2019 Qualification - EV3 Arm

It's one of those challenges that brings together two things that I like - this time it was reverse engineering nad lego bricks. What was the input in this challenge was a picture that, supposedly depict how the robot was programmed and a rbf file that contains the aforementioned robot

flare-on

Flare-On 2019 solutions/notes (upd. 11.02)

I'm well aware that there's multiple write-ups/solutions presenting 2019's Flare-On solutions but I've decided to provide my own for two reasons. Firstly, to have some notes I can easily find for future. Secondly, I think some of my solutions were non-standard so it might be useful in some other

SEGA

Solving SEGA Genesis ROM CTF Challenge

File fot the challenge can be downloaded from here. In order to run the file we need an emulator. There are few available but I've used gens. Probably a better one could be found but at least for my purpose this was enough. After running gens and loading the jump.

reversing

Oldschool - CONFidence Teaser 2019

Gynvael did a survey lately to see what kind of assembly is taught in Polish universities, and if any of them is still teaching the old 8086. Let us extend this question to the CTF scene! This challenge is a clear reference to Gynvael's survey which is obvious from the

ctf

Never ever be fooled to pay ransomware!

— Has Your Android Phone Been Infected with Malware? — Yes! — It’s awful but we have a cure! #rev #forensics Solved together with: disconnect3d The challange was part of CTFZone 2018 Quals by BiZone. We are given a phonedump.zip.e87a72e6edd605e73ce49dc926fc6c87 file that after unzipping produces two files: backup.android and

radre2

Handling self-modifying code with radare2

This is a post that explains a little bit in details what was shown in the two videos that could be watched on my YT channel. If you haven't seen them and are not yet confused enough about I recommend go check them out. As they might not explain the