All things reversed

The Gambler - Midnight Sun CTF 2022

The Gambler - Midnight Sun CTF 2022

> The secret is 'Knowin' what the cards were'. Apart from the message we are give the file, with the instruction to run it with mono the_gambler.exe. This alone gives away the fact that, this is a .NET assembly and we can skip any initial analysis and go straight

Tinybit - 1337up CTF

Tinybit - 1337up CTF

> Just try a little bit harder! Brb, shouting intigriti.rocks! > 🔗 Download link: mw.linux [https://downloads.ctf.intigriti.io/1337UPLIVECTF2022-894ff411-aff8-453c-87b1-20ea939a7b6c/tinybits/2fdd9f50-0296-4caf-beaa-10826948f6d0/mw.linux] 🔗 Download link: mw.darwin [https://downloads.ctf.intigriti.io/1337UPLIVECTF2022-894ff411-aff8-453c-87b1-20ea939a7b6c/tinybits/2fdd9f50-0296-4caf-beaa-10826948f6d0/mw.darwin] 🔗 Download link: mw.windows [https://downloads.ctf.intigriti.io/1337UPLIVECTF2022-89

Bitcoins for Flags

Bitcoins for Flags

> BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP BIP > 🔗 Download link: BitcoinsForFlags.zip [https://downloads.ctf.intigriti.io/1337UPLIVECTF2022-894ff411-aff8-453c-87b1-20ea939a7b6c/bitcoinsforflags/

Insomni'Hack - Corona Virus

Insomni'Hack - Corona Virus

> A devastating computer virus infected millions of machines around the world. Security experts were able to capture a sample, but the virus seems to be looking for something specific, and acts frustrated if it is not happy. Who knows the horrors it may unleach onto the world if...or when

babyRust - N1CTF

babyRust - N1CTF

This fun, little challenge was RE challenge during N1CTF. We are given the following Rust source code: macro_rules! check { (@s n1ctf{$Never:tt}) => { check!(stringify!($Never)) }; (@e ($Never:expr,$Gonna:expr,$Give:expr); (Never gonna give you up $($code:tt)*)) => { $Give += true as usize; check!(@e ($Never,$Gonna,$Give)

Flare-On 8 - Antioch

Flare-On 8 - Antioch

> To solve this challenge, you’ll need to …AAARGH This challenge was really AAARGH for me. In retrospect I wonder why I didn't see what I was supposed to see and due to that lost almost a week on this fairly easy challenge. But let's start from the beginning. We

Flare-On 8 - Flare VM

Flare-On 8 - Flare VM

> Because of your superior performance throughout the FLARE-ON 8 Challenge, the FLARE team has invited you to their office to hand you a special prize! Ooh – a special prize from FLARE ? What could it be? You are led by a strong bald man with a strange sense of humor into

Flare-On 8 - known

Flare-On 8 - known

> We need your help with a ransomware infection that tied up some of our critical files. Good luck. With the second challenge, it's a bit step up in the difficulty. We are given an EXE with some files (different types; images images and text) that has been encrypted. Opening file

Flare-On 8 - credchecker

The first task in this year competition. It is a single HTML file. Inside we can find a simple check for credentials. function checkCreds() { if (username.value == "Admin" && atob(password.value) == "goldenticket") { var key = atob(encoded_key); var flag = ""; for (let i = 0; i < key.length; i++) { flag += String.fromCharCode(

Flare-On 8 - Beelogin

Flare-On 8 - Beelogin

In this challenge we are given a huge, 3.10 MB html file. Opening it, we can see there's a HTML form, and a lot of JavaScript. A lot. It's obfuscated too. Looking closer, it appears that it contains mostly the garbage and only some parts are relevant. One valid

Flare-On 8 - Pet the Kitty

Flare-On 8 - Pet the Kitty

> Hello, Recently we experienced an attack against our super secure MEOW-5000 network. Forensic analysis discovered evidence of the files PurrMachine.exe and PetTheKitty.jpg; however, these files were ultimately unrecoverable. We suspect PurrMachine.exe to be a downloader and do not know what role PetTheKitty.jpg plays (likely a second-stage

Don't trust the decompilers

Don't trust the decompilers

Decompilers can be your greatest ally or your greatest enemy. Basing the analysis only by the result of only one tool can fail you greatly. See for yourself. -------------------------------------------------------------------------------- Prefer to watch? Check out this video. Recently, I was solving one of the challenge from ångstromCTF 2021 and after opening

Solving Geanu

Geanu was a simple RE challenge from MidnightsunCTF. The task starts by print the following ASCII-art of Keanu and awaits our input. Keanu from Geanu ;)After getting user input it finishes. Let's fire up Ghidra and load the binary. Since the binary is written in Go, we can apply 'golang_

Debugging r2 - child processes

Debugging r2 - child processes

If you ever want to debug r2 while it is debugging another process (so basically debug while debug r2 -d /bin/ls or when using ood) remember about few important things. Radare2 will create a new process so it is important to be sure if gdb is set to attach

Debugging r2

This will be a short one. If you ever need to debug Radare2, and after running it under dbg you can't get into the debugger after hitting ^C as it should, remember that r2 handles this shortcut and this won't work. Instead use this: > kill -SIGTRAP $(pidof r2) This cause

Automating Ghidra - part 3

Automating Ghidra - part 3

In the third installment of this series (if you haven't read/seen here's - part 1 & part 2) we will be reconstructing program flow. This is useful for tasks such as Towel's armageddon [https://crackmes.one/crackme/5edb0b8533c5d449d91ae73b]. -------------------------------------------------------------------------------- Note: If you prefer watching, have a look at my YouTube

net user /times

net user /times

net user /times

You probably know this but in case you don't, Windows has built in feature for setting up allowed login days and hours for a particular account. It can be done in the following way net user account_name /times:[{times | ALL}] but when I used it to restrict my kids

Rusty - Technical background

Rusty - Technical background

This post a technical part to the challenge Rusty. If you haven't read the post you can do it here [https://allthingsreversed.io/rusty/]. Technical background I had few difficulties when creating it. So it might be interesting for some people to read how I've managed to overcome them. The

Rusty

So I had my debut as an author of a task for a public CTF event. I've created a challenge called Rusty, and let's say it collected some mixed reactions. I've labeled it as an easy RE challenge, but only ten teams managed to solve it in the end -

radare2 can do java

radare2 can do java

I was once asked on my YT channel to do a Java crackme. It only took 7* months to fulfill this request. So, wile waiting for Part 4, Professor this is for you. -------------------------------------------------------------------------------- We will do a Java crack-me, but an easy one created by me. This is as

Ultimate list of resources for learning Reverse Engineering

It supposed to be the list of resources to learn Reverse Engineering but there's a lot of such lists already in the wild. So this post will sometimes list links of resources to learn RE - kind of meta. In no particular order: * https://hshrzd.wordpress.com/how-to-start/ * https://github.

Automating Ghidra - part 2

Automating Ghidra - part 2

In the last Automating Ghidra post [https://allthingsreversed.io/scripting-ghidra/] we looked at how we can script Ghidra to do some mundane operations on the Memory Map of our binary. This time we will automate renaming labels for the data based on the values. -------------------------------------------------------------------------------- During ASIS CTF 2020 a

Making pwnlib.gdb.attach work under WSL2

Making pwnlib.gdb.attach work under WSL2

I'm doing my CTFing under Windows. I used to spawn a VirtualBox or Hyper-V with Ubuntu from time to time when needed or used Digital Ocean's droplet but since WSL is in town and especially with the speed-up improvements that WSL2 brings I rarely do that. I do "all" my

Gynvael's challenges - Solutions to collection of small web security challs

Gynvael's challenges - Solutions to collection of small web security challs

Recently Gynvael started to post little web challenges that are around topics of web security with NodeJs/Express (mostly) and Flask. Since I used to participate actively in Missions [https://allthingsreversed.io/tag/gynvael/] (that you could see at the end of his streams [https://www.youtube.com/watch?v=

Automating ghidra

Automating ghidra

Ghidra is an awesome RE tool that quickly took off after its initial launch in 2019. It can display not only the disassembly of our binary but also have a decompiler that allows us to see a bit higher level code. You can also extend it by using python or