tl;dr

• Dynamically resolved hashed API
• Tls_call_back based anti-debug check
• AntiDebugFlag check implemented using ProcessInformationClass
• AES_CBC decryption of image to find flag

tl;dr

• Implemented two SEH and two VEH Exception Handlers
• Two stage malware challenge with process injection technique
• CPP binary where logic is wrapped in classes and their member functions

tl;dr

• This is a fairly simple Maze challenge
• Challenge is written in rust

tl;dr

• This is a simple stack based VM
• 25-27 opcodes and 8 different constraints
• Extract the constraints
• Use z3 to find a satisfying model

tl;dr

• The dump has some encrypted functions
• The encrypted bytes are being xorred with a 32 byte key
• Find the xor_key in the dump
• Use xor_key offset to find the offset of AES_key and iv
• AES_CBC decrypt to find flag

A brief write-up detailing solutions of Reversing Challenges from InCTF Internationals 2020

A brief write-up of the intended solution of P1ayground challenge from InCTF Internationals 2020

tl;dr

• Challenge is based on function hooking at runtime.
• On reversing you will find 4 functions at the same address but executing different code(basically hooked at runtime).
• Jump inside each function, reverse the algorithms to pass the checks.
• Ignore the FAKE flag check.

tl;dr

1. Decompile the given RBF file
2. Extract the low level instructions.
3. Write a script to plot the lines.

Intended solution of Wannavmbe challenge from InCTF Internationals 2019

tl;dr

• Challenge is a VM.
• Reverse Instruction types and implementation.
• Understand that it has a fucntion which takes the base64 of CWD (Current working directory).
• Find the corrcect directory where it needs to be placed.

tl;dr

• Challenge is a VM implemented over signals and ptrace
• Reverse Instruction types and implementation
• Use gdb scripting to find the executed code and get the pseudo VM code
• Find out the algorithm (Max triangle sum) from VM instructions
• Find an more optimized way to solve the problem (Or lazy solve it!).