picoCTF2019 Reverse Engineering Asm

Hello, here’s my take on the picoCTF2019 reverse engineering asm challenges. If you don’t know assembly, please watch a few tutorials on it: http://opensecuritytraining.info/IntroX86.html http://opensecuritytraining.info/IntermediateX86.html asm1 – Points: 200 CMP: Compares the first source operand with the second source operand and sets the status flags in the EFLAGS register according to the results. The comparison is performed by subtracting the … Read more

picoCTF 2019 Reverse Engineering Vault Doors

I’m always late to the party but here’s my solutions to the PicoCTF2019 Vault Doors challenges from the reverse engineering section. I did it this mainly to improve my skills and hopefully to learn some new things. vault-door-training – Points: 50 Your mission is to enter Dr. Evil’s laboratory and retrieve the blueprints for his Doomsday Project. The laboratory is … Read more

Bypassing ptrace calls with LD_PRELOAD on Linux

Hello, Here’s a quick article on how to bypass calls to ptrace when debugging a Linux executable. By calling ptrace with the PTRACE_TRACEME option, a process can detect if it’s being debugged and execute different instructions. This an effective anti-debugging technique. For example, take the following C program: If we execute the program from above we get Normal flow on … Read more

Root-Me: GB – Basic GameBoy crackme walkthrough

Hello, In this article I will describe how I solved the GB – Basic GameBoy crackme challenge from Root-Me. Before reading this article you should attempt to solve the challenge on your own. Start by reading/skimming through the GameBoy CPU manual then download an emulator such as mGba and play with the ROM. To disassemble the ROM I’ve used Ghidra and mgbdis. After reading through the GameBoy … Read more

Ghidra Scripting: Annotating Linux system calls

I had some fun this weekend messing around with Ghidra. Having such a powerful tool for free is truly a game changer. To start scripting in Ghidra, I downloaded the latest Eclipse for Java Developers Version: 2019-09 R (4.13.0), Ghidra and Open JDK, I believe any JDK version 11+ will work. After downloading the JDK, extract the zip, put it … Read more

Root Me – Xor Madness – Walkthrough

Hello, In this article I will describe how I solved the PE x86 – Xor Madness challenge from Root-Me This challenge will ask you for a password and the password is also used to validate the flag. What makes this challenge interesting is that it only uses xor, sub, call and ret. Here’s how I approached the challenge: Since the binary had a few function and some strings … Read more

Practical Binary Analysis – CTF Walkthrough – Level 3, 4

Hello, In this article I’ll present you my solution on the Chapter 5 CTF from the book Practical Binary Analysis. For this binary, the hint is to fix four broken things. Running file gives us the following response: And the readelf command gives us: At this moment, it was clear that the ELF header is broken, in order to fix it … Read more

Root-Me Reversing: crackme_wtf hints

It’s been some time since I’ve done some Reverse Engineering and today I’ve completed a simple challenge on https://www.root-me.org/. The filename of the challenge is crackme_wtf and here are some hints to get you started: Determine type of FILEs. Don’t be afraid to patch and use a debugger. Try to eliminate the randomness. Maybe some functions that have to do … Read more

Root-Me: ExploitMe – Basic Buffer Overflow

Hello,

In this article I present you the solution to nice and short cracking challenge from Root-Me. After opening it up in Ghidra, I saw that the challenge is easy to solve, all you need is to find the password, which is in plain text. Basically just copy paste and you get the flag, but wait, there’s a twist!

Read moreRoot-Me: ExploitMe – Basic Buffer Overflow