hitcon 2022 - All things reversed

All things reversed

hitcon 2022

A collection of 2 posts

HITCON 2022 - Checker

HITCON 2022 - Checker

just a deep and normal checker We have two files in this task: a Windows executable named checker.exe and a .sys file—a driver file named checker_drv.sys. Loading the first one into Ghidra, does not show much code that we can work with. There's a line that

HITCON 2022 - Meow Way

HITCON 2022 - Meow Way

Reverse-engineering like the meow way! We are given a Windows 32-bit executable that we can load into Ghidra. In the initial peak into the main, we can see the following (*DAT_0040544c)(iVar3,iVar3 >> 0x1f,iVar3,iVar3 >> 0x1f,0xc4,0,&local_10,&local_10 >> 0x1f); iVar2 = iVar3 + 1; (*DAT_004053a8)