X-MAS CTF 2019: Binary Exploiting & Reversing Write-Ups

Hello, Here are my write-ups for the X-MAS CTF 2019 organized by . Reversing: Santa’s crackme Santa’s crackme is easy to solve when using Ghidra, all you need to do is open up the binary, read the code and use the XOR Memory script from Ghidra. The flag is retrieved from flag_matrix and xored by 3. Select the flag data, right click on Script Manager and execute the XorMemory script We get the flag, except for the first character...

December 21, 2019 · 2 min · Denis Nuțiu

Practical Binary Analysis – CTF Walkthrough – Level 3, 4

Hello, In this article I’ll present you my solution on the Chapter 5 CTF from the book Practical Binary Analysis. For this binary, the hint is to fix four broken things. Running file gives us the following response: binary@binary-VirtualBox:~/ctf$ file ./lvl3 ./lvl3: ERROR: ELF 64-bit LSB executable, Motorola Coldfire, version 1 (Novell Modesto) error reading (Invalid argument) And the readelf command gives us: binary@binary-VirtualBox:~/ctf$ readelf -h ./lvl3 ELF Header: Magic: 7f 45 4c 46 02 01 01 0b 00 00 00 00 00 00 00 00 Class: ELF64 Data: 2's complement, little endian Version: 1 (current) OS/ABI: Novell - Modesto ABI Version: 0 Type: EXEC (Executable file) Machine: Motorola Coldfire Version: 0x1 Entry point address: 0x4005d0 Start of program headers: 4022250974 (bytes into file) Start of section headers: 4480 (bytes into file) Flags: 0x0 Size of this header: 64 (bytes) Size of program headers: 56 (bytes) Number of program headers: 9 Size of section headers: 64 (bytes) Number of section headers: 29 Section header string table index: 28 readelf: Error: Reading 0x1f8 bytes extends past end of file for program headers At this moment, it was clear that the ELF header is broken, in order to fix it I opened up Wikipedia and the elf specification....

September 19, 2019 · 3 min · Denis Nuțiu

BLE CTF: How to flash the ESP32

Hello! If you want to do Hackgnar’s BLE CTF but you’ve been struggling with flashing the ESP worry not! I have created a vagrant developer environment just for this. The environment can be found here: To use it you need to have Vagrant and VirtualBox installed. After you got those installed, clone the repo and run the following commands on the terminal. This will start up the VM and ssh into it....

July 9, 2018 · 2 min · Denis Nuțiu