Matthieu Walter matthw

## chaussette.py
from unicorn import *
from unicorn.x86_const import *
from capstone import *
from pwn import *
import copy
from z3 import *
import sys
import time

UINT_MAX = 0xffffffffffffffff

## xpacker.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                matthw
                / xpacker.md
            
            
              Created
              February 21, 2023 08:08
            
              
                XPacker 0xL4ugh CTF
              
          
    XPacker

1. Quick Peek

We get 2 PE files evil.exe and mypacker.exe.
Looking at evil.exe, we can follow the invoke_main() function up to
undefined8 FUN_1400117f0(void)

  
## anubis_string_decrypt_cae0c0d33e68be9cf81099680b815eb714d8296cb219b7a6247f7f081820f39a.py
from base64 import b64decode
from Crypto.Cipher import ARC4

#s = "mpntingadxedMTBjMDc2NGZiNDNiOTYzMjk3NjhkZTRmM2ZlOWMyMGE5NDAwMGUwMzFmMmQ0ZGIxMDdlOGY3ODE4ZWJlMGVhNzlhNTQ="
s = "wfycyqhbrwfxMWFjMWYxOGM1MjljZDI1M2UxNjUzNDY2ZTRlNDYwNDk5MWUxYjc2OTVjODc2YWYxOTI0YTgxYzUwMWQ4NGUzZGIxZjYwMGVjZWViNDhkYTYyMTkyNjQ0MjllYzhhMDUyZjg2MGM3NGEyYjZkYmU="

def decrypt_string(s):
    key = s[:12].encode()
    data = bytes.fromhex(b64decode(s[12:]).decode())
    c = ARC4.new(key=key)

## lactf2023.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                matthw
                / lactf2023.md
            
            
              Last active
              February 13, 2023 08:18
            
          
    LACTF 2023

1 rev/universal

Open class file in jadx
package p000;

import java.nio.charset.Charset;
import java.util.Scanner;

  
## optimize.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                matthw
                / optimize.md
            
            
              Last active
              July 31, 2023 11:26
            
          
    Useless code:
#include <stdio.h>


void nop(void)
{
    asm("nop");
}

  
## overengineering.md

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              0 stars
            
          
                matthw
                / overengineering.md
            
            
              Created
              February 7, 2023 13:51
            
              
                not-baby-parallelism
              
          
    DiceCTF not-baby-parallelism

totally overengineered solution
1. Generate an execution trace with qemu magic

#!/bin/bash
	from unicorn import *
	from unicorn.x86_const import *
	from capstone import *
	from pwn import *
	import copy
	from z3 import *
	import sys
	import time

	UINT_MAX = 0xffffffffffffffff
	from base64 import b64decode
	from Crypto.Cipher import ARC4

	#s = "mpntingadxedMTBjMDc2NGZiNDNiOTYzMjk3NjhkZTRmM2ZlOWMyMGE5NDAwMGUwMzFmMmQ0ZGIxMDdlOGY3ODE4ZWJlMGVhNzlhNTQ="
	s = "wfycyqhbrwfxMWFjMWYxOGM1MjljZDI1M2UxNjUzNDY2ZTRlNDYwNDk5MWUxYjc2OTVjODc2YWYxOTI0YTgxYzUwMWQ4NGUzZGIxZjYwMGVjZWViNDhkYTYyMTkyNjQ0MjllYzhhMDUyZjg2MGM3NGEyYjZkYmU="

	def decrypt_string(s):
	key = s[:12].encode()
	data = bytes.fromhex(b64decode(s[12:]).decode())
	c = ARC4.new(key=key)