All things reversed

Automating Ghidra - part 3

In the third installment of this series (if you haven't read/seen here's - part 1 & part 2) we will be reconstructing program flow. This is useful for tasks such as Towel's armageddon. Note: If you prefer watching, have a look at my YouTube channel. The difficulty of this

net user /times

You probably know this but in case you don't, Windows has built in feature for setting up allowed login days and hours for a particular account. It can be done in the following way net user account_name /times:[{times | ALL}] but when I used it to restrict my kids

rusty

Rusty - Technical background

This post a technical part to the challenge Rusty. If you haven't read the post you can do it here. Technical backgroundI had few difficulties when creating it. So it might be interesting for some people to read how I've managed to overcome them. The process was done in three

challenge

Rusty

So I had my debut as an author of a task for a public CTF event. I've created a challenge called Rusty, and let's say it collected some mixed reactions. I've labeled it as an easy RE challenge, but only ten teams managed to solve it in the end -

radare2

radare2 can do java

I was once asked on my YT channel to do a Java crackme. It only took 7* months to fulfill this request. So, wile waiting for Part 4, Professor this is for you. We will do a Java crack-me, but an easy one created by me. This is as I

resources

Ultimate list of resources for learning Reverse Engineering

It supposed to be the list of resources to learn Reverse Engineering but there's a lot of such lists already in the wild. So this post will sometimes list links of resources to learn RE - kind of meta. In no particular order: https://hshrzd.wordpress.com/how-to-start/https://github.

ghidra

Automating Ghidra - part 2

In the last Automating Ghidra post we looked at how we can script Ghidra to do some mundane operations on the Memory Map of our binary. This time we will automate renaming labels for the data based on the values. During ASIS CTF 2020 a task was present that posses

pwntools

Making pwnlib.gdb.attach work under WSL2

I'm doing my CTFing under Windows. I used to spawn a VirtualBox or Hyper-V with Ubuntu from time to time when needed or used Digital Ocean's droplet but since WSL is in town and especially with the speed-up improvements that WSL2 brings I rarely do that. I do "all" my

security

Gynvael's challenges - Solutions to collection of small web security challs

Recently Gynvael started to post little web challenges that are around topics of web security with NodeJs/Express (mostly) and Flask. Since I used to participate actively in Missions (that you could see at the end of his streams) I was more than happy to participate in those challenges too.

ghidra

Automating ghidra

Ghidra is an awesome RE tool that quickly took off after its initial launch in 2019. It can display not only the disassembly of our binary but also have a decompiler that allows us to see a bit higher level code. You can also extend it by using python or

nes

Solving Space Fights CTF

Few months back I was solving a CTF challenge for the NES system. It was one of the Flare-On challenges for 2019. This time we will solve another one for the same system. A challenge named Space Fights CTF could be found on github along with the source code but

tamctf

TAMUCtf - leaning tower

There were multiple things wrong with this CTF but this one challenge was an interesting one. Windows binary, no noticeable entry point and no messages on screen. It's time to use our tools to dissect this one. Prefer watching? As usually, if possible, starting this task from running the binary

debugging

Debugging .Net applications without source code with dotPeek Symbol Server

Few years ago I've made a video that demonstrates how one can debug (from Visual Studio) without having source code by using the dotPeek Symbol Server. You can see the video below: DotPeek is one of many competed .NET decompiler (I ❤ dnSpy) but it has a great feature that allows

insomnihack

Kaboom!

This wasn't a difficult task but it had one tricky trick that made it took way more time than it should be required. We started with an exe file that when loaded in any disassembler tool (e.g. Ghidra) or do some preliminary checking to see that the file was

hitcon

Core Dumb - HitCon 2019

Note: challenge was solved together with Disconnected. Damn it my flag checker is so buggy it destroyed the program itself 😱 All I left is a core dump file :( Could you help me recover the flag ? Q_QLet's start by checking the file that we are given in this challenge: λ

lego

Hitcon 2019 Qualification - EV3 Arm

It's one of those challenges that brings together two things that I like - this time it was reverse engineering nad lego bricks. What was the input in this challenge was a picture that, supposedly depict how the robot was programmed and a rbf file that contains the aforementioned robot

flare-on

Flare-On 2019 solutions/notes (upd. 11.02)

I'm well aware that there's multiple write-ups/solutions presenting 2019's Flare-On solutions but I've decided to provide my own for two reasons. Firstly, to have some notes I can easily find for future. Secondly, I think some of my solutions were non-standard so it might be useful in some other

SEGA

Solving SEGA Genesis ROM CTF Challenge

File fot the challenge can be downloaded from here. In order to run the file we need an emulator. There are few available but I've used gens. Probably a better one could be found but at least for my purpose this was enough. After running gens and loading the jump.

reversing

Oldschool - CONFidence Teaser 2019

Gynvael did a survey lately to see what kind of assembly is taught in Polish universities, and if any of them is still teaching the old 8086. Let us extend this question to the CTF scene! This challenge is a clear reference to Gynvael's survey which is obvious from the

ctf

Never ever be fooled to pay ransomware!

— Has Your Android Phone Been Infected with Malware? — Yes! — It’s awful but we have a cure! #rev #forensics Solved together with: disconnect3d The challange was part of CTFZone 2018 Quals by BiZone. We are given a phonedump.zip.e87a72e6edd605e73ce49dc926fc6c87 file that after unzipping produces two files: backup.android and

radre2

Handling self-modifying code with radare2

This is a post that explains a little bit in details what was shown in the two videos that could be watched on my YT channel. If you haven't seen them and are not yet confused enough about I recommend go check them out. As they might not explain the

gynvael

GynvaelEN - Mission 023 - Solution

Prefere videos? You can also watch it - if not, continue reading. Mission status: http://gynvael.vexillium.org/ext/43bf753f/mission023.txt We are given the package that consists of one .exe file and system.img. The .exe looks like a .NET application (default name for Console project is ConsoleApp1.

ctf

Stop KrkAnalytica - solution

NeverLeaks is in danger and your help is needed! An anonymous hacker reported that Krakow Analytica company had prepared some actions to sabotage a befriended producer of aircraft tanks - NeverLeaks. The sabotage campaign can be stopped only if you discover the secret codes, give an admin access to their

gynvael

Gynvael - Mission 22 - Solution

This was a hard one. Information about this mission can be found in stream #64 and the mission itself is here. It's in Polish but the most relevant information here is that there's a RISC-V firmware that needs to be analyzed and password to be extracted. Analyze with R2. Since

gynvael

GynvaelEN - Mission 022 - Solution

Blokchain. *Coin. Hot topis for today. The 22nd mission is about blokchain and about coins. SpyCoins. The mission can be found on Stream #49. The SpyCoin center is here: http://gynvael.coldwind.pl/mission022_spycoin/ First failed attempt I've tried to main SpyCoin. That would be an obvious solution to