Skip to content

Instantly share code, notes, and snippets.

View mrT4ntr4's full-sized avatar
⚔️
Battling Obfuscation

Suraj Malhotra mrT4ntr4

⚔️
Battling Obfuscation
140 followers · 108 following
View GitHub Profile
@mrT4ntr4
mrT4ntr4 / mixmix_crack.py
Created June 7, 2020 14:50
z3 solver script for MixMix Rev Challenge from DefenitCTF 2020
from z3 import *
import string
def algo(myinput):
# stolen arr (seed[0xDEFEA7], rand arr[0-255], swapped vals)
rand_num_0_255 ="29, 24, 74, 0E8, 18, 0D6, 91, 43, 8B, 2D, 3D, 62, 75, 32, 88, 0EA, 0C2, 4F, 83, 0E9, 67, 2B, 0AC, 0A9, 6F, 8F, 0C7, 13, 0A3, 0AD, 5F, 66, 0E5, 59, 15, 5A, 2F, 11, 4E, 61, 55, 16, 0CC, 0B, 80, 42, 5, 2E, 0D, 0, 5D, 82, 2A, 0B9, 3B, 8E, 3F, 41, 0A1, 8A, 0D5, 89, 49, 69, 12, 0FB, 0DD, 22, 0C0, 3E, 3C, 4C, 56, 44, 0C6, 8D, 40, 0AA, 0B1, 14, 9B, 0BE, 0F4, 0BA, 78, 1, 0D8, 94, 0EC, 50, 0EE, 0ED, 0AE, 1F, 71, 76, 6B, 47, 0BC, 0D0, 33, 10, 0B4, 0DA, 57, 6E, 93, 7, 8C, 37, 6C, 98, 0E, 0BF, 2C, 0C4, 25, 0F3, 7C, 17, 7E, 0DC, 7A, 0D7, 6D, 0C1, 0AB, 0C, 2, 77, 0D3, 68, 5C, 0F0, 0E6, 79, 0D9, 46, 58, 9, 1E, 0CE, 6, 35, 5E, 0CF, 85, 0B2, 0CA, 0F9, 0C3, 70, 45, 0FC, 0F, 26, 0AF, 19, 7F, 4D, 0BD, 5B, 0A2, 52, 1D, 99, 0BB, 36, 84, 72, 0EF, 0B0, 38, 0A5, 0B3, 0B8, 9F, 0FE, 21, 97, 20, 0C5, 90, 0A8, 31, 0E2, 0A7, 0D4, 0D2, 0DE, 0B5, 0E0, 4B, 92, 87, 0E4, 0F5, 0DB, 6A, 65, 9C, 34, 95, 0F8, 0D1, 0A0,
@mrT4ntr4
mrT4ntr4 / 999_bottles_solve.py
Created July 21, 2020 19:31
My messy gdb python script for 999 Bottles challenge from RITSEC CTF 2019
#Writeup : https://ctftime.org/writeup/17193
flag = ""
i=1
for x in range(1,1000):
gdb.execute('set python print-stack full')
gdb.execute('set confirm off')
gdb.execute('file {:03}.c.out'.format(x))
gdb.execute('b *main')
gdb.execute('run < test')
@mrT4ntr4
mrT4ntr4 / rec_solve.py
Created July 23, 2020 21:45
r2pipe solver script for https://0x00sec.org/t/reverseme-recursion/21802
import r2pipe
import struct
password = ""
fname = "rec_pwd.txt"
f = open(fname, 'w')
with open('rec_profile.rr2', 'w') as prof:
prof.write('#!/usr/bin/rarun2\nstdin="%s"\n'%('A'*80))
@mrT4ntr4
mrT4ntr4 / stratum_solve.py
Created September 7, 2020 07:47
Solution Script for stratum challenge from InterkosenCTF 2020
# The main algo for encryption can be depicted as :
'''
==== flag.enc ====
636d 6668 6e66 676a 636c 676a 666d 6a68 ____
2f3e 2670 6659 6e06 0902 6d24 250d 380e ----\-------------
6e6d 6b73 6b6c 6d6b 6c66 6d68 6b76 7a6d _____\ \
3314 566d 2704 5234 442e 3e02 180c 153e ------\------------XORED
6468 6b6d 6868 666a 6876 6d66 7a62 676d ______/__SHUFFLED /
003f 6756 2337 2176 6071 0f74 4c4b 2161 -----/------------/
736e 686b 6468 666b 7361 6e68 6278 6161 ____/ /
@mrT4ntr4
mrT4ntr4 / ida_extract_constraints.py
Created January 9, 2022 10:42
Solution files for Fourcore reversing chall - operator
import idautils
import idaapi
import idc
f = open('chall_constraints.txt', 'w+')
for func_addr in idautils.Functions():
func_name = idc.get_func_name(func_addr)
if "flag" in func_name:
print(f"[+] Extracting constraints from {func_name}")
@mrT4ntr4
mrT4ntr4 / crocodile_disas.txt
Created April 3, 2023 14:23
Disassembly for Crocodile VM - Initial Analysis
=========== (0x000301fd) len=0x2b =========== Main
00 : pop V_60
01 : V_1 = "squirrelware"
02 : resolve method V_2 => System.Void System.Console::set_Title(System.String)
03 : push V_1
04 : call V_2
05 : V_3 = "enter your username"
06 : resolve method V_4 => System.Void System.Console::WriteLine(System.String)
07 : push V_3
08 : call V_4