Posts

This is my first book review that I did my blog, I’m not really good at reviewing books and I’m not a native english speaker either, so bear with me and my clumsy english. I must also say that the subject covered by the book overwhelms me, I don’t claim to be an expert on the topic and and to be honest I don’t really want to become one, reading this book has provided me with enough information in order to be able to hold a basic discussion about cryptography related topics, had I put more effort, time and thought in this book I could probably become proficient....

As I continue my Reverse Engineering journey, I picked up some challenges from root-me and some from crackmes.one. This is a solution for a challenge that can be found here: easy_reverse it’s solution can be found at the bottom of this article, both with IDA Free and with GDB, so careful with the scrolling, it may spoil your challenge. A picture’s worth one thousand words! If you look at the screenshot from IDA you could already guess what the flag is....

I signed up for the Database Design course at my university, the courses are great but the practical laboratories are not, it’s just a bunch of tiresome SQL queries and incomplete instructions. If you too have to do a lot of tiresome SQL queries I suggest the following setup: Download Docker. Download any Intellij IDE (if you’re a student you can get it for free). Preferably DataGrip. After you installed the aforementioned tools you start with a some docker commands:...

Lately I’ve been busy with university, work and learning something new. I’ve started my programming journey when I was in high school with Python, I didn’t have any informatics classes so I had to study on my own. I confess that I didn’t really understood how Python works, until I’ve tried Java. Python had a dynamic type system and it was very confusing for a newbie like me. After finishing Introduction to Computing with Java course from HKUST on edX I started to get a better grasp on programming....

Hello, This challenge is not that hard but it’s quite confusing. To solve this challenge very quickly all you have to do is patch it in 2 places and then run it with different arguments until the flags get’s spiten out. Here’s a sample script that runs the binary 100 times with arguments from 1 to 100 [code language=”bash”] printf ‘start\n’ for i in {1..100} do printf “$i ” ./program “$i” | xxd -r -p...

Hello, If you open this binary in Binary Ninja or any other disassembler, you’ll see a that the flow is quite weird. After looking at the strings tab I found UPX listed in there, this explains the weird graph. UPX is an open-source packer. A packer is just a piece of software that compresses the binary, when the binary is run it will unpack itself. Packing an exe could reduce it’s size by 30% or so....

I had to do a project for a friend and because Hugo is a nice tool yet a bit uncomfortable to use, I decided to use Angular. After finishing the website’s routes, css and images I have the project to my friend and he had a bit of a trouble deploying it on his Apache server. His host wouldn’t allow .htaccess. Q.Q The solution? Rename index.html to contact.html, team.html, project.html, objectives....

The Art of Reversing challenge was a fun and quick challenge! I did get the flag but I did not write a keygen for it, I didn’t even need to look under the hood in order to get the flag. The scheme is very simple actually. The days are represented by roman numbers. The letters are not the original and the number is read from right to left. Fuzzing with the input you can deduce the following values:...

Since this challenge has 0 protection we can easily solve it by searching for the string in the strings window of IDA. Select from the menu: View -> Open Subviews -> Strings then double click on the: .rdata:00404053 0000000D C Gratz man 🙂 Now you should be in the .rdata section on the binary, while the string is still selected, right click on it and click on: Xrefs graph to… this will give you a nice graph that you can look at....

I’ve just found out about this amazing website which offers a wide variety of challenges. Here’s my solution for the first challenge, this one is extremely easy, you just have to pay attention to the assembly code: Observe that the password is in plaintext and is loaded into [ebp+s2]. [ebp+s1] is passed to [esp] and is a pointer to the getString function, I just assumed that the function gets a string from stdin and puts it into [ebp+s1]....