Skip to content Skip to navigation
23 Jan

Isomni'hack 2017 teaser mindreader writeup



Machines infected lots of Android smartphones and try to collect information on human behaviour... Have a look to their application and try to steal information on them.

So we have an android application file. Let's decompile its code!

First, we need to translate Dalvik bytecode to equivalent Java bytecode. I used enjarify for this:

08 May

Web2 writeup


This is the Web2 problem

The challenge simply states "Find the key!" and it gives us the challenge URL.
The first thing I usually do with a web challenge is to run dirbuster, spider the target and check the it with Nmap. 

Checking with Nmap didn't result in anything interesting. However dirbuster did. I found two interesting folders.
The first one is "SecretAdminPanel" and the second one was "logs"

I visited "SecretAdminPanel" and I saw this.

04 Mar

Wood Island (Crypto - 150)



You can try to sign messages and send them to the server, port 60231. Sign the right message and you\'ll get the flag! Only problem---you don\'t have the signing key. I will give you this, though: sigs.txt is a file containing a bunch of signatures. I hope it helps. (P.S. Don\'t try and send the exact signatures in that file---that\'s cheating!)

Given archieve attached below.


21 Jan

cloudfs forensics(200)


We have just finished Ghost in the Shell code CTF in 12th place. Though GITS CTF is usually one of the best CTFs, but this year they weren't that good. The web task had a good idea but wan't correctly implemented, some people got the flag right away from others' exploitations. Forensics tasks wasn't really PURE forensic. Yet, I personally enjoyed the CTF and enjoyed cloudfs challenge. 

28 Nov

This week for our team

This weekend we are going to take part in three on-site final challenges.


First one is D-CTF 2014 Final at DefCamp Conference ( on information security, Bucharest, Romania. 

The second is CSCAMP CTF 2014 Final held at Cairo, Egypt (


Subscribe to BalalaikaCr3w RSS