Categories
hexionCTF 2020 Reverse Engineering

“PIL”

A BMP image and C# bytecode file are provided. One of my teammates used a decompiler from JetBrains to recover the original C# program. See here: https://pastebin.com/aHMP04xj I wrote a python program to emulate what the C# program does, since I don’t know C# and didn’t want to have to keep checking the docs to […]

Categories
hexionCTF 2020 Reverse Engineering

“Nameless”

Challenge Problem : “Strip my statically linked clothes off” The given executable is statically linked and stripped which means reversing will be a bit tougher. However, “main” isn’t too complicated and so we’ll be able to guess what functions are used. Unique disassembled functions from top to bottom: syscall with eax=0xc9 (time syscall) – time. […]

Categories
hexionCTF 2020 Reverse Engineering

“Serial Killer”

In the Serial Killer challenge, you are given a GameBoy ROM and need to extract the flag from it. To make debugging this ROM easier, we will use the gameboy emulator BGB which has great debugging abilities and runs well under wine. Here’s what we’re greeted with upon starting the ROM: If you’re familiar with […]

Categories
hexionCTF 2020 Reverse Engineering

“Wannasmile 1”

For the first part of Wannasmile, we need to get the ./wannasmile program on hexionCTF’s shell server to give us a flag. We are given a version of this executable with the flag stripped out, and are not given read permissions to the real version of the program. Looking at radare2’s graph-view disassembly for this […]