This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
=========== (0x000301fd) len=0x2b =========== Main | |
00 : pop V_60 | |
01 : V_1 = "squirrelware" | |
02 : resolve method V_2 => System.Void System.Console::set_Title(System.String) | |
03 : push V_1 | |
04 : call V_2 | |
05 : V_3 = "enter your username" | |
06 : resolve method V_4 => System.Void System.Console::WriteLine(System.String) | |
07 : push V_3 | |
08 : call V_4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import idautils | |
import idaapi | |
import idc | |
f = open('chall_constraints.txt', 'w+') | |
for func_addr in idautils.Functions(): | |
func_name = idc.get_func_name(func_addr) | |
if "flag" in func_name: | |
print(f"[+] Extracting constraints from {func_name}") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The main algo for encryption can be depicted as : | |
''' | |
==== flag.enc ==== | |
636d 6668 6e66 676a 636c 676a 666d 6a68 ____ | |
2f3e 2670 6659 6e06 0902 6d24 250d 380e ----\------------- | |
6e6d 6b73 6b6c 6d6b 6c66 6d68 6b76 7a6d _____\ \ | |
3314 566d 2704 5234 442e 3e02 180c 153e ------\------------XORED | |
6468 6b6d 6868 666a 6876 6d66 7a62 676d ______/__SHUFFLED / | |
003f 6756 2337 2176 6071 0f74 4c4b 2161 -----/------------/ | |
736e 686b 6468 666b 7361 6e68 6278 6161 ____/ / |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import r2pipe | |
import struct | |
password = "" | |
fname = "rec_pwd.txt" | |
f = open(fname, 'w') | |
with open('rec_profile.rr2', 'w') as prof: | |
prof.write('#!/usr/bin/rarun2\nstdin="%s"\n'%('A'*80)) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Writeup : https://ctftime.org/writeup/17193 | |
flag = "" | |
i=1 | |
for x in range(1,1000): | |
gdb.execute('set python print-stack full') | |
gdb.execute('set confirm off') | |
gdb.execute('file {:03}.c.out'.format(x)) | |
gdb.execute('b *main') | |
gdb.execute('run < test') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from z3 import * | |
import string | |
def algo(myinput): | |
# stolen arr (seed[0xDEFEA7], rand arr[0-255], swapped vals) | |
rand_num_0_255 ="29, 24, 74, 0E8, 18, 0D6, 91, 43, 8B, 2D, 3D, 62, 75, 32, 88, 0EA, 0C2, 4F, 83, 0E9, 67, 2B, 0AC, 0A9, 6F, 8F, 0C7, 13, 0A3, 0AD, 5F, 66, 0E5, 59, 15, 5A, 2F, 11, 4E, 61, 55, 16, 0CC, 0B, 80, 42, 5, 2E, 0D, 0, 5D, 82, 2A, 0B9, 3B, 8E, 3F, 41, 0A1, 8A, 0D5, 89, 49, 69, 12, 0FB, 0DD, 22, 0C0, 3E, 3C, 4C, 56, 44, 0C6, 8D, 40, 0AA, 0B1, 14, 9B, 0BE, 0F4, 0BA, 78, 1, 0D8, 94, 0EC, 50, 0EE, 0ED, 0AE, 1F, 71, 76, 6B, 47, 0BC, 0D0, 33, 10, 0B4, 0DA, 57, 6E, 93, 7, 8C, 37, 6C, 98, 0E, 0BF, 2C, 0C4, 25, 0F3, 7C, 17, 7E, 0DC, 7A, 0D7, 6D, 0C1, 0AB, 0C, 2, 77, 0D3, 68, 5C, 0F0, 0E6, 79, 0D9, 46, 58, 9, 1E, 0CE, 6, 35, 5E, 0CF, 85, 0B2, 0CA, 0F9, 0C3, 70, 45, 0FC, 0F, 26, 0AF, 19, 7F, 4D, 0BD, 5B, 0A2, 52, 1D, 99, 0BB, 36, 84, 72, 0EF, 0B0, 38, 0A5, 0B3, 0B8, 9F, 0FE, 21, 97, 20, 0C5, 90, 0A8, 31, 0E2, 0A7, 0D4, 0D2, 0DE, 0B5, 0E0, 4B, 92, 87, 0E4, 0F5, 0DB, 6A, 65, 9C, 34, 95, 0F8, 0D1, 0A0, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
''' | |
Challenge Source Backup : | |
https://gist.github.com/mrT4ntr4/4e02a52c0bc89ecac7f03e38e0934628 | |
Manually dissecting the assembly code and porting it to python | |
''' | |
def f(x): | |
if(x): | |
if(x != 1): |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
start(int, int): | |
push rbp | |
mov rbp, rsp | |
sub rsp, 48 | |
mov DWORD PTR [rbp-36], edi | |
mov DWORD PTR [rbp-40], esi | |
mov eax, DWORD PTR [rbp-36] | |
mov edi, eax | |
call f(int) | |
mov DWORD PTR [rbp-4], eax |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#encoding: utf-8 | |
from z3 import * | |
def algo(inp): | |
got = "ow0_wh4t_4_h4ckr_y0u_4r3" | |
realflag = [9,4,23,8,17,1,18,0,13,7,2,20,16,10,22,12,19,6,15,21,3,14,5,11] | |
therealflag = [20,16,12,9,6,15,21,3,18,0,13,7,1,4,23,8,17,2,10,22,19,11,14,5] | |
theflags = ['*'] * 24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from z3 import * | |
s = Solver() | |
serial = list("76876-77776") | |
inp = [] | |
for i in range(4): | |
b = BitVec("%d" % i, 16) |
NewerOlder