CodeGateCTF - Angrybird

Angrybird was the first challenge that I solved on the 2017 CodeGate2017 CTF. There was no description for the challenge just a binary. When we opened the binary with IDA, we can see the graph overview of the main function: if we have a closer look at the call graph, every basic block is composed of a small check. if that check holds, then the flow of execution continues to the next block.
Read more →

AlexCTF - PackedMovement

PackedMovement was the last Reverse Engineering challenge on AlexCTF 2017. The puntuation of this challnege was of 350 points. The only hint given to this challenge was its name. You will see why later on in this writeup. The retrieved binary is called move. if we run the file command over it we find the following: move: ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped Even more interesting is when we see the binaries segments with readelf -l move
Read more →

SharifCTF7 - Nanomites

Nanomites was a Reverse engineering challenge of 300 point in SharifCTF7. The specification of this problem was the following: Analyze the given file. Find the C&C IP address and the data sent to it in plain text. Flag = SharifCTF{md5(strcat(IP, Data))}_ For the ones that coud not attend the competition, You can download the challenge from here. After running the command file against the binary, I got the following output:
Read more →