solution - All things reversed

solution

A collection of 21 posts

Rusty

So I had my debut as an author of a task for a public CTF event. I've created a challenge called Rusty, and let's say it collected some mixed reactions. I've labeled it as an easy RE challenge, but only ten teams managed to solve it in the end -

GynvaelEN - Mission 023 - Solution

GynvaelEN - Mission 023 - Solution

Prefere videos? You can also watch it - if not, continue reading. Mission status: http://gynvael.vexillium.org/ext/43bf753f/mission023.txt We are given the package that consists of one .exe file and system.img. The .exe looks like a .NET application (default name for Console project is ConsoleApp1.

Gynvael - Mission 22 - Solution

Gynvael - Mission 22 - Solution

This was a hard one. Information about this mission can be found in stream #64 [https://www.youtube.com/watch?v=NXxxvt80T6o] and the mission itself is here [http://gynvael.vexillium.org/ext/876cad97a05cdb39c4fc749f99c3a4b5ae9317edb1271a23c5b82457996e5cbd_misja022.txt] . It's in Polish but the most relevant information here is that there's a RISC-V

GynvaelEN - Mission 022 - Solution

GynvaelEN - Mission 022 - Solution

Blokchain. *Coin. Hot topis for today. The 22nd mission [http://gynvael.vexillium.org/ext/180da8f7c52ec8b4de96b26168cbc6374fc5fad33ad8b1a48b7230de22f491c9_mission022.txt] is about blokchain and about coins. SpyCoins. The mission can be found on Stream #49 [https://www.youtube.com/watch?v=LzypD_NaWAs]. The SpyCoin center is here: http://gynvael.coldwind.pl/mission022_

Gynvael - Mission 021 - Solution

Gynvael - Mission 021 - Solution

The source [goo.gl/uk8RZB] for this mission can be found in stream 63 [https://www.youtube.com/watch?v=4OmK-7ULYd4]. It is in Polish but it can be easily spotted that the main source is a PCAP file that can be downloaded from here [goo.gl/p1Pwgm]. Wireshark(ing)

Finding "Praktyczna Inżyniera Wsteczna" last hidden flag.

Finding "Praktyczna Inżyniera Wsteczna" last hidden flag.

If you read this blog you can see that from time to time I participate in missions published by Gynvael Coldwind on his English [https://www.youtube.com/GynvaelEN] and Polish [https://www.youtube.com/user/GynvaelColdwind] streams. You might not know that he is an author of 2 (one

Assembly job offer... "Follow the white rabbit" solution

Assembly job offer... "Follow the white rabbit" solution

In a cold Novemeber night I was standing at a bus stop and saw and advertisement on the streets of Wrocław. What was odd about it it was written purely in assembly. Ok, to tell you the truth I was nothing like that. In reallity I was just browsing through

Gynvael - Mission 015 - Solution

Gynvael - Mission 015 - Solution

Last time, there was no mission on EN stream, so I've decided to describe the one from PL stream [https://www.youtube.com/watch?v=FN_TyVAK0Hw] sice it was also quite a nice one. The mission is located under https://goo.gl/rs1A2f and the most important part there

GynvaelEN - Mission 19 - Solution

GynvaelEN - Mission 19 - Solution

Gynvael is back with streams and with missions. The 39th stream [https://www.youtube.com/watch?v=ZUXP9ZbPv9s] contains mission no 19 that can be found here [http://goo.gl/56PLi4]. In this mission we are given a CHIP-8 ROM image. This is clearly a reference to the latest streams

ECSM 2017 CTF

I really liked the last year ECSM 2016 CTF [https://ctfs.ghost.io/ecms-2016-ctf/] created by CERT & p4 team and I was a bit down learning that this year it was scheduled on the days I was pretty busy traveling. In fact only yesterday I had some time to look

SecurityPWNing 2017 - p4 CTF

SecurityPWNing 2017 - p4 CTF

On 6th & 7th November 2017 there was a 2nd edition of Security Pwning conference held in Warsaw and, like the last time (link1 [https://ctfs.ghost.io/security-pwning-ctf-by-p4/], link2 [https://ctfs.ghost.io/security-pwning-ctf-by-p4-cont/]), there was a CTF organized by the P4 team [https://pwning2017.p4.team]. This year I

GynvaelEN - Mission 018 - Solution

GynvaelEN - Mission 018 - Solution

This is an another GynvaelEN mission [https://www.youtube.com/watch?v=adHOlKKbFXM] solution. This time, the task is simple [http://goo.gl/2MYXfu]. We're given a script and we nned to find the correct password to get the flag. The script is a simple MD5/SHA1 comparison that uses

Gynvael - Mission 012 - Solution

Gynvael - Mission 012 - Solution

This mission [http://gynvael.vexillium.org/ext/020ed17f3fb2ccda168a6eefe9d47e1a0c1abd60_misja012.txt] was on the Polish stream, but it's a nice one so I've decided to describe it anyway. If you don't understand the language let me quickly bring you up to speed - you are given a ZIP file in order

How do I approach this ctf debugging program - step by step

How do I approach this ctf debugging program - step by step

Another good question from RE on Stack Exchange. I've already posted an answer [https://reverseengineering.stackexchange.com/a/16387/18014] there, but here let's put a bit more explanation and answer the question in the title. So how do you approch this CTF challenge? Well basicly the sam way you

GynvaelEN - Mission 17 - Solution

GynvaelEN - Mission 17 - Solution

Another stream from Gynvael - another mission [http://gynvael.vexillium.org/ext/05d08b59a5d818c05c711223ef0b701abcc33b40_mission017.txt] . This time we need to extract a message from a restriced admin panel. What we see on the page is a welcome message, and an info that the cookie was stored and a request to

GynvaelEN - Mission 16 - solution

GynvaelEN - Mission 16 - solution

Another week another mission on English side of the youtube channel. This time we are given an info that the transmission was intercepted. You can read more info here [http://gynvael.vexillium.org/ext/edd3c47b8db1c4c04751095f1e30cd66302eec31_mission016.txt] . After inspecting the link we are given a huge file [http://gynvael.vexillium.

GynvaelEN - Mission 15 - Solution

GynvaelEN - Mission 15 - Solution

Another Wednesday, another mission. This time we've got a vulnerability that allows leaking any via as a image - link [http://gynvael.vexillium.org/ext/315b8f1b6995d1d67244c04d4da9e5421dfc708a_mission015.txt] :) So we download the attached image and got this: The immediate conclusion is that the bars represent chars in the file and

Gynvael - Mission 010 - Solution

Gynvael - Mission 010 - Solution

This mission [http://goo.gl/oAdvWe] is actually published on the Polish stream [https://www.youtube.com/watch?v=UpGB9Ka6-Ps] but I've decided to write the solution here, in English. So what's this mission is about? We are given the PDF file [https://goo.gl/wgt94W] with the instructions to

GynvaelEN - Mission 13 - Solution

GynvaelEN - Mission 13 - Solution

> “Never stop dreaming, never stop believing, never give up, never stop trying, and never stop learning.” ― Roy T. Bennett, The Light in the Heart Boy, that was a hard one but also very challenging task. In this mission [http://goo.gl/yEBeVh] we're given a PCAP file [goo.gl/JSyinL]

GynvaelEN - Mission 12 - Solution

GynvaelEN - Mission 12 - Solution

In this mission [http://gynvael.vexillium.org/ext/a5da6349803f65783958b51c3b9fd15c3c35c0d5_mission012.txt] we are given the data from the hardware logger. On the first look we see some printable characters but nothing obvious. To solve this we need to get some knowledge about scancodes [https://en.wikipedia.org/wiki/Scancode]. The

GynvaelEN - Mission 11 - Solution

GynvaelEN - Mission 11 - Solution

If you don't know Gynvael - check his channel [https://www.youtube.com/gynvaelen] where he shows some RE/hacking stuff. After each video he posts some small challenge for solving by viewers. In this post I'll show how to solve mission 11 [https://www.youtube.com/watch?v=s5gOW-N9AAo]