DisARMing a Raspberry Pi - BSides San Francisco CTF 2017

Before we start, you should grab a copy of the challenge file from the CTF write-ups 2017 repository page. The executable we are going to analyze is an ELF for ARM architecture; I took this chance to go and fetch my Raspberry Pi from my dusty drawers to put it to good use. I have installed the Ubuntu MATE for ARM image, but you can probably use whichever distribution you like. [Read More]

Solving SmokeStack, from the third Flare-On Challenge

Note: This article has been published right after the Flare-On Challenge 3 has ended. Official writeups can be found here: 2016 Flare-On Challenge solutions from fireeye.com SmokeStack is the fifth level of the third edition of the Flare On Challenge organized by FireEye. I’ve decided to write a post about it because this is one of the two levels I’ve enjoyed the most (the other being CHIMERA). I will be using the assembly I’ve annotated from the start take make things easier to understand. [Read More]

Writeup for the Transformer challenge from VolgaCTF 2016 Quals

This is another challenge from the Volga CTF Quals 2016, involving an x64 ELF executable that encodes files. Our objective is to recover the clear text data from the encrypted file. Here’s the description for this challenge: This binary does something with the data. The transformation must be reversible, but the details are unknown. It shouldn’t be too difficult to reverse that transformation and obtain the flag, should it? [Read More]

Writeup for the Broken challenge from VolgaCTF 2016 Quals

This is a pretty nice challenge from the VolgaCTF 2016 Quals; sadly, I couldn’t join the r/OpenToAllCTFteam and play because I was too busy, but I noticed it was missing a writeup and decided to write one. The first thing I always do when I want to analyze an executable is to run it inside a disposable virtual machine; the first thing you will notice is that it doesn’t seem to be doing anything at all, and that it will closes itself after half a minute with the following message: “The processing has taken too long, terminating the process…”. [Read More]