Skip to content Skip to navigation

reverse

writeup
24 Oct

Gunslinger Joe's Gold (Reversing - 200)

Category: 

Task:

Silly Gunslinger Joe has learned from his mistakes with his private terminal and now tries to remember passwords. But he's gotten more paranoid and chose to develope an additional method: protect all his private stuff with a secure locking mechanism that no one would be able to figure out! He's so confident with this new method that he even started using it to protect all his precious gold. So … we better steal all of it! 

SSH: joes_gold@wildwildweb.fluxfingers.net
PORT: 1415
PASSWORD: 1gs67uendsx71xmma8

Solution:

writeup
01 Jun

yayaya

Category: 

After decompilation of given SWF file we have found that the code can be divided in two parts. First one is responsible for moving sections of ELF file from SWF's resources to virtual memory. The second one draws black font picture and small colored blocks. The most intresting thing is that position and size of these small colored blocks are defined from ELF binary.

So we get SWF using Crossbridge. So the swf generating the pictures every n milliseconds, but n is always different, and we just need to sum the frames, to get flag

writeup
19 Mar

PIN (reverse 400)

Category: 

The task was to reverse file main. This is an executable for MS DOS.

Fortunately, this binary isn't packed and it's logic can be easily understand without dynamic analysis. After few minutes of analysis is becames obvius that this executable set hook for interupt int9 (keyboard handler) and for every input character makes some changes with global variable byte_178. If this variables equals 0x14 then we get success message.

First of all let's take a look at the begging of main function:

writeup
17 Mar

Arcfour (reverse 500)

Category: 

In reverse category this task was the easiest one, except Harm (reverse 10), of course:)

The task was to reverse x86 PE executable. There was 2 ways to solve this task: the easiest one and little more complicated. But let's start with their commom part.

The file seems to be packed by UPX, so start debugging! After unpacking by upx we can find that OEP is at address 0x6d28, but there is a very strange code:

writeup
04 Mar

NEOQUEST 2014 Quals - Hasta la vista

Category: 

Дано андроид приложение.

Распаковываем, декомпилим. Видим, что проверяется deviceId -> нет смысла запускать, т.к. будет работать только на одном устройстве.

Анализируем исходники, полученные с помощью декомпилятора:

1) Замечаем формирование ссылки и скачиваение файла с адреса вида:

writeup
24 Feb

Automata

Category: 

Task:

==========================================

OS : Ubuntu 13.10 x86

IP : 58.229.183.18 / TCP 8181

http://58.229.183.26/files/automata_7329666edefb3754ec91b7316e61bb7d

==========================================

Pages

Subscribe to RSS - reverse