Reverse Engineering

I’ve been reading the MIASM.re blog recently and I wanted to give miasm a try. The scope of this article is to provide guidance on how to build miasm on macOS and introduce miasm to my readers. Miasm is a free and open source (GPLv2) reverse engineering framework. Miasm aims to analyze / modify / generate binary programs. Here is a non exhaustive list of features: – https://github.com/cea-sec/miasm/ If you’re curious about miasm’s powers you should give these articles a quick read:...

Keygenme or Not is a cute reversing challenge I found on root-me.org. It requires an username and an activation key. I particularly enjoyed this challenge and decided to make a blog post about it. The twist of this challenge is that you can solve it without writing any code, thus the name ‘Keygenme or Not’. If you want to solve this challenge but you’re stuck you should definitely give it one more try because solving it is very easy....

I started reading this book in november and it took me about two weeks to finish it. You should be a bit comfortable Linux and programming if you plan to give it a try. Here are my thoughts about it. What I like the most about this book is that it explains the subject in a straightforward and concise way! The author is a very knowledgeable security researcher and his work is state of the art!...

I’ve recently finished reading a book called Practical Binary Analysis which I consider a state of the art book (review will come soon) and I would like to post my solution to the crackme found in chapter 5. 1. A New CTF ChallengeComplete the new CTF challenge unlocked by the oracle program!You can complete the entire challenge using only the tools discussedin this chapter and what you learned in Chapter 2....

As I continue my Reverse Engineering journey, I picked up some challenges from root-me and some from crackmes.one. This is a solution for a challenge that can be found here: easy_reverse it’s solution can be found at the bottom of this article, both with IDA Free and with GDB, so careful with the scrolling, it may spoil your challenge. A picture’s worth one thousand words! If you look at the screenshot from IDA you could already guess what the flag is....

Hello, This challenge is not that hard but it’s quite confusing. To solve this challenge very quickly all you have to do is patch it in 2 places and then run it with different arguments until the flags get’s spiten out. Here’s a sample script that runs the binary 100 times with arguments from 1 to 100 [code language=”bash”] printf ‘start\n’ for i in {1..100} do printf “$i ” ./program “$i” | xxd -r -p...

Hello, If you open this binary in Binary Ninja or any other disassembler, you’ll see a that the flow is quite weird. After looking at the strings tab I found UPX listed in there, this explains the weird graph. UPX is an open-source packer. A packer is just a piece of software that compresses the binary, when the binary is run it will unpack itself. Packing an exe could reduce it’s size by 30% or so....

The Art of Reversing challenge was a fun and quick challenge! I did get the flag but I did not write a keygen for it, I didn’t even need to look under the hood in order to get the flag. The scheme is very simple actually. The days are represented by roman numbers. The letters are not the original and the number is read from right to left. Fuzzing with the input you can deduce the following values:...

Since this challenge has 0 protection we can easily solve it by searching for the string in the strings window of IDA. Select from the menu: View -> Open Subviews -> Strings then double click on the: .rdata:00404053 0000000D C Gratz man 🙂 Now you should be in the .rdata section on the binary, while the string is still selected, right click on it and click on: Xrefs graph to… this will give you a nice graph that you can look at....

I’ve just found out about this amazing website which offers a wide variety of challenges. Here’s my solution for the first challenge, this one is extremely easy, you just have to pay attention to the assembly code: Observe that the password is in plaintext and is loaded into [ebp+s2]. [ebp+s1] is passed to [esp] and is a pointer to the getString function, I just assumed that the function gets a string from stdin and puts it into [ebp+s1]....