Writeup: Solving the Reverse Engineering Challenge

This writeup details the process of solving a reverse engineering challenge involving an ELF64 x86-64 binary named chall. The goal is to determine the correct input string that, when provided to the program via ./chall, results in the output:

Congratss!! you can now submit the flag

Through disassembly, analysis of the .rodata section, and reverse engineering, we derive the 40-character flag: nexus{vm_revers1ng_1s_f45c1n4t1ng_4nd_3xtremely_p41nful}.

Challenge Overview

• Binary: chall, an ELF64 x86-64 executable.

  Read More…

CTF Writeup: Virtual Machine Flag Extraction

This writeup details the process of solving a Capture The Flag (CTF) challenge that involves reverse-engineering a virtual machine (VM) implemented in C. The VM reads instructions from a binary file (code.bin), processes an input flag, and outputs “Correct!” if the flag is valid. The goal is to determine the correct flag by analyzing the VM’s behavior and extracting the necessary computations from code.bin.

CTF Challenge Writeup: NATIVI

Challenge Overview

This challenge involves reverse-engineering a C++ program to uncover a hidden flag in the format nexus{...}, commonly used in Capture The Flag (CTF) competitions. The program performs a series of bitwise transformations and XOR operations on provided byte arrays (fakeflag, key, affus, and key2) and attempts to read a file whose name and contents are derived from these arrays. A provided Python script replicates the necessary transformations to compute the flag directly.

Writeup: Patching pong.com with Python Script

Overview

The provided Python script, patch_pong.py, modifies the MS-DOS COM executable pong.com to reveal a hidden flag in a Capture The Flag (CTF) challenge. The script applies two byte patches to ensure the program jumps directly to the flag-displaying routine and exits cleanly, displaying the flag when run in DOSBox. This writeup explains the problem, the script’s functionality, and its effect.

Problem Context

The pong.com binary is a DOS-based game (likely Pong) containing a hidden flag. The flag is displayed when the game state byte at memory address 0x086B (referred to as byte_1086B, file offset 0x086B - 0x0100 = 0x076B) is set to 0x03. This triggers a routine at 0x0796 that prints:

Rusty Steps Writeup

Overview

This writeup details the steps to reverse engineer and analyze the binary rustySteps. The challenge has 7 solves and is tagged as “easy”. The flag is nexus{RusT_R3v_15_Fun_Right}.

Step 1: Identifying UPX Packing

After running the strings command on the binary, we observe indications of UPX packing:

To unpack the binary, we use the following command:

upx -d rustySteps

Step 2: Analyzing with strings Again

After unpacking, running strings again reveals more interesting strings. This gives us clues for further analysis.

IngeHack2k25 - reverse/mjsc Write-up

Challenge Overview

Challenge Name: reverse/printer
Category: Reverse Engineering
Event: IngeHack 2k25
Difficulty: Medium
Flag: ingehack{...}

Fourier Transformation-Based Image Decryption

Challenge Analysis

Upon analyzing the provided files, we observed the following directory structure:

➜  solver ls 
decrypted.png  enc  main  reconstructed_data.txt  sol.py

The main objective is to decrypt the file enc to retrieve an image. By inspecting main, we determined that it applies a Fourier transformation, meaning the encryption likely involves transforming the image into the frequency domain.

ingehack2k25 - reverse/mjsc

MJSC CTF Challenge Write-up

Challenge: reverse/mjsc
Event: IngeHack 2k25
Author: 4ymen
Points: 469
Solves: 4
Difficulty: Medium
Original Challenge Author: itskarudo

Challenge Information

• Category: Reverse Engineering
• Type: Web/JavaScript
• Flag: ingehack{i_hate_js_rev_chals_they_never_have_a_new_idea}

Initial Analysis

The challenge presented us with a web application that needed to be analyzed. The initial reconnaissance showed:

1. Web interface requiring input validation
2. Heavy use of JavaScript for validation
3. Obfuscated code to hide the validation logic

Technical Environment

Platform: Web
Primary Language: JavaScript
Key Components:
  - React Application
  - Obfuscated JavaScript
  - Client-side validation

Investigation Process

1. Source Code Retrieval

   Read More…

ingehack2k25 - reverse/dados

• Write-Up Author : 4ymen

• Flag: ingehack{security_by_obscurity}

Challenge Description:

infinite luck in exchange for a flag

dados.apk

title: "Reverse Engineering Challenge "
difficulty: Easy
category: Reverse Engineering
platform: Android
tools: ["apktool", "smali", "Frida", "adb"]
author : "godsword"
date: "2025-02-23"
tags: ["Reverse Engineering", "Android", "Frida", "Smali", "CTF"]
---

Write up

Step 1: Identifying the Main Activity

After decompiling dados.apk, I checked AndroidManifest.xml to find the app’s entry point. The <activity> tag with <intent-filter> containing android.intent.action.MAIN and android.intent.category.LAUNCHER revealed that the main activity is:

smileyCTF2025 :

rev/DNA

Flag : .;,;.{we_ought_to_start_storing_our_data_as_dna_instead}

Description

deoxy ribo nucleic acid deoxy meaning without oxygen ribo meaning the 5-carbon sugar backbone nucleic meaning of the nucleus acid meaning proton donor

Solution

Initial Recon

We start by looking at the challenge directory:

➜  dna ls
main.cpython-310.pyc  vm.dna
➜  dna 

We can see that this is a virtual machine challenge, and the Python code has been compiled with Python 3.10 into a .pyc file ,Before diving into the challenge, let’s take a moment to understand what a virtual machine (VM) is.