Root-Me: GB – Basic GameBoy crackme walkthrough

Hello, In this article I will describe how I solved the GB – Basic GameBoy crackme challenge from Root-Me. Before reading this article you should attempt to solve the challenge on your own. Start by reading/skimming through the GameBoy CPU manual then download an emulator such as mGba and play with the ROM. To disassemble the ROM I’ve used Ghidra and mgbdis. After reading through the GameBoy CPU manual, I’ve opened the file in Ghidra and found these interesting strings: ...

October 27, 2019 · 3 min · Denis Nuțiu

Root Me – Xor Madness – Walkthrough

Hello, In this article I will describe how I solved the PE x86 – Xor Madness challenge from Root-Me This challenge will ask you for a password and the password is also used to validate the flag. What makes this challenge interesting is that it only uses xor, sub, call and ret. Here’s how I approached the challenge: Since the binary had a few function and some strings were in plain text, I tried to figure out the big picture and labeled all the function accordingly: win, lose, check and so on. I’ve figured out that there are 6 stages, each stage tries to process a part of the password. The start function is also a stage and other stages are similar. Next, I’ve spend a few hours debugging this challenge and documenting everything it does in order to see what it wants. To solve this challenge you need to know how the XOR operation works, please check that you know this before moving forward. ...

October 6, 2019 · 5 min · Denis Nuțiu

Practical Binary Analysis – CTF Walkthrough – Level 3, 4

Hello, In this article I’ll present you my solution on the Chapter 5 CTF from the book Practical Binary Analysis. For this binary, the hint is to fix four broken things. Running file gives us the following response: 1 2 binary@binary-VirtualBox:~/ctf$ file ./lvl3 ./lvl3: ERROR: ELF 64-bit LSB executable, Motorola Coldfire, version 1 (Novell Modesto) error reading (Invalid argument) And the readelf command gives us: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 binary@binary-VirtualBox:~/ctf$ readelf -h ./lvl3 ELF Header: Magic: 7f 45 4c 46 02 01 01 0b 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: Novell - Modesto ABI Version: 0 Type: EXEC (Executable file) Machine: Motorola Coldfire Version: 0x1 Entry point address: 0x4005d0 Start of program headers: 4022250974 (bytes into file) Start of section headers: 4480 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 9 Size of section headers: 64 (bytes) Number of section headers: 29 Section header string table index: 28 readelf: Error: Reading 0x1f8 bytes extends past end of file for program headers At this moment, it was clear that the ELF header is broken, in order to fix it I opened up Wikipedia and the elf specification. ...

September 19, 2019 · 3 min · Denis Nuțiu

Root-Me: ELF C++ – 0 protection solution

Hello! My daily work is doing full stack web development, and reversing is a side thing that I do for fun and in my free time. In this article I will show you an easy way to solve for ELF C++ – 0 protection challenge, which can be found on https://www.root-me.org under the cracking section. I found this challenge a bit difficult mostly because I’m not used to reverse C++ code but, since it doesn’t contain any protection at all, all you need to do is to inspect the parameters. ...

August 12, 2019 · 2 min · Denis Nuțiu

Root-Me Reversing: crackme_wtf hints

It’s been some time since I’ve done some Reverse Engineering and today I’ve completed a simple challenge on . The filename of the challenge is crackme_wtf and here are some hints to get you started: Determine type of FILEs. Don’t be afraid to patch and use a debugger. Try to eliminate the randomness. Maybe some functions that have to do with time, random numbers or the current process’s id. If the last hint doesn’t yield any results… Is the required password really needed to get to the flag? Thanks for reading and good luck! ...

August 4, 2019 · 1 min · Denis Nuțiu

Practical Binary Analysis – Crackme Walkthrough – Level 2

I’ve recently finished reading a book called Practical Binary Analysis which I consider a state of the art book (review will come soon) and I would like to post my solution to the crackme found in chapter 5. 1. A New CTF ChallengeComplete the new CTF challenge unlocked by the oracle program!You can complete the entire challenge using only the tools discussedin this chapter and what you learned in Chapter 2. After completingthe challenge, don’t forget to give the flag you found to the oracle tounlock the next challenge ...

December 2, 2018 · 6 min · Denis Nuțiu