247CTF - The Secret Lock Writeup

247CTF - The Secret Lock Writeup
Read more →

[0x0] FRIDA Playground

[0x0] FRIDA Playground
Read more →

Qiling Scripting and Simple RE Task

Read more →

Comparision of Reverse-Engineering Tools

Comparision of Reverse-Engineering Tools
Read more →

Writeup - Securinets2020 Warmup

Warmup Warmup : Welcome to securinets CTF In this task we are dealing with very simple function main: undefined8 main(void) { int64_t iVar1; undefined8 uVar2; uint32_t var_8h; undefined8 var_4h; write(1, 0x988, 0x1a); read(0, 0x201080, 0x31); iVar1 = strlen(0x201080); *(undefined )(iVar1 + 0x20107f) = 0; var_8h = 0; strcpy(rsi, 0x201080); uVar2 = strlen(0x201080); memfrob(0x201080, uVar2); var_4h.0_4 = 0; while ((int32_t)var_4h < 0x14) { var_8h = var_8h + (int32_t)(char)((uint8_t *)((int64_t)(int32_t)var_4h + 0x201020) ^ *(uint8_t *)((int64_t)(int32_t)var_4h + 0x201080)); var_4h.
Read more →

Writeup - HTB Snake

[re] Snake (10) Description Short info about task: Name: Snake Difficulty: easy Score: 10 Flag should be in the format: HTB{username:password} Overview We have got the python script that is waiting for some username and password: $ python snake.py . _________ __ _ /| | ____ / / ____ _____ | | __ ____ | | | | _/ __ \ _ \ / _ \ | |/ // __ \ | | | Y \ / / \ | / __ | <\ / || || /_ > /_ /___| (____ /__|_ ___ > / / / / / / / The Snake Created by 3XPL017 Your number is 809 Authentication required Enter your username QWE Wrong username try harder Let’s look into code to get more info about how to get username and password.
Read more →

Ida Pro Plugins

Read more →

Unmap PE Manually

Prerequisities Make sure that you have dumped binary from memory (optionally) Fix PE headers if necessary Unmap With PE bear Open PE-bear > Sections > Section Headers Make sure that VA and VS matches RA and RS, so: RA[i] = VA[i] RS[i] = RA[i+1] - RA[i] RS.reloc = 0 VS[i] = RS[i] If you see some red blocks it means that PE is probably misalligned, check: Fix misalligned sections Fix misalligned sections Open binary in hex editor Go to the 1st section (on example above to 0x1000) Section should start in this place, nulls should be before.
Read more →

Disable Aslr

Linux echo 0 | sudo tee /proc/sys/kernel/randomize_va_space radare2 # disable ASLR & reanalyse dor aslr=no aaa Windows Windows 7 Open RegEdit Goto: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ Create new value (not a key): MoveImages with value 0. Reboot. Windows 10 Disable ASLR per file Set-Processmitigation -Name name.exe -Disable ForceRelocateImages Disable ASLR by default Search in Windows for: “windows defender Security Center” Click on the second icon from the bottom: “App & browser control” Scroll to the bottom and click on: “Exploit protection settings” Set “Force randomization for images “ to OFF.
Read more →

C++ assembly

Structures C struct vs C++ class C struct functions are loosely correlated with paramaters, parameters are usually passed via pointer, it may look like array for struct with 2 identical parameters in struct, for structures created dynamically look for malloc with non-usual size. C++ class Find constructor, it have always 1 argument (this pointer -> thiscall), main() function have initialization function __main with ctor initlizers, after creation of class with new operator the class constructor is called (can be empty), Methods are called with thiscall convention.
Read more →