bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Vessel Cartographer - HTB CyberApocalypse 2023

retr0ds
2023-03-24
Reversing

tl;dr

  • Dynamically resolved hashed API
  • Tls_call_back based anti-debug check
  • AntiDebugFlag check implemented using ProcessInformationClass
  • AES_CBC decryption of image to find flag
Read More
Writeup HTBCA23 Reversing AES_CBC

BlueLock - bi0sCTF22

AmunRha
2023-02-10
Reversing / Windows

tl;dr

  • Implemented two SEH and two VEH Exception Handlers
  • Two stage malware challenge with process injection technique
  • CPP binary where logic is wrapped in classes and their member functions
Read More
Windows bi0sCTF Reversing ExceptionHandling

Miz - InCTF Internationals 2021

AmunRha
Freakston
2021-08-19
Reversing / Linux

tl;dr

  • This is a fairly simple Maze challenge
  • Challenge is written in rust
Read More
InCTFi Linux Reversing Maze Rust

2k - redpwnctf 2021

AmunRha
2021-07-22
Reversing / Linux

tl;dr

  • This is a simple stack based VM
  • 25-27 opcodes and 8 different constraints
  • Extract the constraints
  • Use z3 to find a satisfying model
Read More
Linux VM Reversing

dummyper - AeroCTF 2021

fug1t1v3
2021-02-28
Reversing / Linux

tl;dr

  • The dump has some encrypted functions
  • The encrypted bytes are being xorred with a 32 byte key
  • Find the xor_key in the dump
  • Use xor_key offset to find the offset of AES_key and iv
  • AES_CBC decrypt to find flag
Read More
Linux Reversing AES_CBC AeroCTF

Reversing - InCTF Internationals 2020

4le31
2020-08-14
Reversing

A brief write-up detailing solutions of Reversing Challenges from InCTF Internationals 2020

Read More
InCTFi

P1ayground - InCTF Internationals 2020

leArner
2020-08-14
Reversing / Windows

A brief write-up of the intended solution of P1ayground challenge from InCTF Internationals 2020

tl;dr

  • Challenge is based on function hooking at runtime.
  • On reversing you will find 4 functions at the same address but executing different code(basically hooked at runtime).
  • Jump inside each function, reverse the algorithms to pass the checks.
  • Ignore the FAKE flag check.
Read More
InCTFi Windows Reversing APIhooking

EV3 Arm - HITCON Quals 2019

f4lc0n
2019-10-16
Reversing / Automation

tl;dr

  1. Decompile the given RBF file
  2. Extract the low level instructions.
  3. Write a script to plot the lines.
Read More
EV3 Robot HITCON PIL RBF

Wannavmbe - InCTF Internationals 2019

Freakston
2019-09-30
Reversing / Windows

Intended solution of Wannavmbe challenge from InCTF Internationals 2019

tl;dr

  • Challenge is a VM.
  • Reverse Instruction types and implementation.
  • Understand that it has a fucntion which takes the base64 of CWD (Current working directory).
  • Find the corrcect directory where it needs to be placed.
Read More
VM Windows Reversing Automation

Signal VM de1ta (Part 2) - de1CTF 2019

R3x
2019-08-09
Reversing / Linux

tl;dr

  • Challenge is a VM implemented over signals and ptrace
  • Reverse Instruction types and implementation
  • Use gdb scripting to find the executed code and get the pseudo VM code
  • Find out the algorithm (Max triangle sum) from VM instructions
  • Find an more optimized way to solve the problem (Or lazy solve it!).
Read More
Linux VM Reversing Automation

1 / 2

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.