Category: Reverse Engineering
-
IOLI crackme0x03
https://github.com/Maijin/radare2-workshop-2015/tree/master/IOLI-crackme/bin-linux Check the file. Test the program out. Analyze the program in GDB. crackme0x03x is very similar to crackme0x02x but has a test function built instead of compare. There are two ways to find the password. The lines inside the orange box can be equated to give us an answer. Set a breakpoint at the…
-
picoCTF : GDB Test Drive
Run GDB and set the layout. Set a breakpoint at call function sleep@plt jump to the variable [rbp-0x30] to find the flag.
-
IOLI crackme0x00
https://github.com/Maijin/radare2-workshop-2015/tree/master/IOLI-crackme/bin-linux Check the file. Test out the program. Use the strings command. Password can be obtained in plaintext. Check the program
-
IOLI crackme0x02
https://github.com/Maijin/radare2-workshop-2015/tree/master/IOLI-crackme/bin-linux Check the file. Test the program out. Analyze the program in GDB. There are two ways to find the password. The lines inside the orange box can be equated to give us an answer. Set a breakpoint at the cmp line and print out the variable for [ebp-0xc] We can also analyze the program…
-
IOLI crackme0x01
https://github.com/Maijin/radare2-workshop-2015/tree/master/IOLI-crackme/bin-linux Check the file. Test the program out. Analyze the program in Ghidra. Assembly: Decompile: Password is hard coded = 0x149a = 5274 User Input is compared with password Test the password
-
picoCTF : Bbbbloat
Test out the program. Start up Ghidra and analyze the file. Flag is hard coded in the program.
-
My Reverse Engineering notes
Instructions Explanation db Define bytes (expressions) CALL Call a function ADD Perform an addition SUB Perform a subtraction CMP Compares two numeric data fields JNZ Jump non zero Reverse engineering my own programs To start learning assembly and reverse engineering I decided to make my own simple C programs and observe the program flow through…
-
Reverse Engineering – 0x01
Download the challenge : here Tools used : Test out the program Use gdb to disassemble Set to intel syntax and disassemble the main function. Let’s use ghidra to color code and analyze the assembly code. Let’s head back to gdb and crack the program. Set a breakpoint in the main function. A breakpoint is…
-
Reverse Engineering : 7
https://crackmes.one/crackme/60318a0a33c5d42c3d016b5d Test the program. Analyze the file in Ghidra Password is hard coded function will compare the hard coded password with the user input
-
HTB Challenge : Behind the Scenes
https://app.hackthebox.com/challenges/behind-the-scenes
-
picoCTF : Static ain’t always noise
Flag can be obtained easily from the strings command.
-
HTB Challenge : WIDE
https://app.hackthebox.com/challenges/wide Start up Ghidra to find for clues. In the menu function we find the password hardcoded. Flag is found
-
picoCTF : vault-door-training
Flag can be obtained easily from reading the java source code.
-
picoCTF : file-run2
The flag can be obtained easily from running the file. 2rd Method Using Ghidra
-
Reverse Engineering : 6
https://crackmes.one/crackme/5b8a37a433c5d45fc286ad83 Start up Ghidra to analyze the program. Program requires an input of 10 characters and has a “@” in the fifth character of the input. It returns a flag with the user input if true.
-
picoCTF : file-run1
The flag can be obtained easily from running the file. 2nd Method 3rd Method Using Ghidra
-
Reverse Engineering : 5
https://crackmes.one/crackme/5c8e1a9533c5d4776a837ecf Test out the program. Run the program in Ghidra. Code will compare each character in the password array and call the success function if all is true. Password : H1DD3N
-
Reverse Engineering : I
https://www.begin.re/playground-exercises Good_Luck Dissemble in Ghidra Assembly Code Program compares user input with 6170 if (UserInput * 5 == 6170) : 6170 / 5 = 1234
-
Reverse Engineering : 4
https://crackmes.one/crackme/60b92a0433c5d410b8842bd3 Convert the hexadecimal to text : 07/10/97
-
Basic Malware RE
This room aims towards helping everyone learn about the basics of “Malware Reverse Engineering”.