picoCTF2019 Reverse Engineering Asm

Hello, here’s my take on the picoCTF2019 reverse engineering asm challenges. If you don’t know assembly, please watch a few tutorials on it: asm1 – Points: 200 CMP: Compares the first source operand with the second source operand and sets the status flags in the EFLAGS register according to the results. The comparison is performed by subtracting the second operand from the first operand and then setting the status flags in the same manner as the SUB instruction. When an immediate value is used as an operand, it is sign-extended to the length of the first operand. ...

February 23, 2020 · 3 min · Denis Nuțiu

PicoCTF 2019: whats-the-difference (Points 200)

Can you spot the difference? kitters cattos. They are also available at /problems/whats-the-difference… on the shell server In order to easily solve this challenge, I’ve used xxd and cut to generate an ascii hexdump of the images: 1 2 3 4 ➜ Downloads xxd kitters.jpg | cut -d ' ' -f 11 > kittens_text.txt ➜ Downloads xxd cattos.jpg | cut -d ' ' -f 11 > cattos_text.txt Since I wanted to do a per character diff I wrote the following Python script: 1 2 3 4 5 6 7 8 9 10 11 12 13 <pre class="wp-block-prismatic-blocks">```python def main(): new = open("cattos_text.txt") old = open("kittens_text.txt") old_file = old.readlines() new_file = new.readlines() print("Loaded lines", len(old_file), len(new_file)) for line in zip(old_file, new_file): for number, old_char in enumerate(line[0]): if old_char != line[1][number]: print(line[1][number], end="") main() And finally run the script: ...

January 3, 2020 · 1 min · Denis Nuțiu

X-MAS CTF 2019: Binary Exploiting &amp; Reversing Write-Ups

Hello, Here are my write-ups for the X-MAS CTF 2019 organized by . Reversing: Santa’s crackme Santa’s crackme is easy to solve when using Ghidra, all you need to do is open up the binary, read the code and use the XOR Memory script from Ghidra. The flag is retrieved from flag_matrix and xored by 3. Select the flag data, right click on Script Manager and execute the XorMemory script We get the flag, except for the first character ...

December 21, 2019 · 2 min · Denis Nuțiu