This is a write-up for the 0ctf 2016 quals “VM” reverse challenge worth 7 points.
The main process of solving this challenge contains 3 phase:
- Find the location of input check algorithm
- Reverse input transform algorithm
I wasted much life in the second phase. This function is flattend by a big switch structure and contains a lot of goto instruction. It’s hard to reverse such a function statically, So we use dynamic analysis and black box analysis. we make a few assumptions on the transform pattern. We can reverse the algorithm without understanding assembly or decompiled code.
Continue reading “0ctf 2016 writeup for VM challenge(reverse 7 pts)”
1. prodmanager(180 points)
prodmanager is a product manage system. After a short investigation of the source code, I found that there is a UAF vulnerability of double linked list. Actually the program did not manage product list and lowerest price list properly, an item which is freed in the product list still presents in the lowerest price list. Continue reading “Plaid CTF 2015 writeup(prodmanager, clifford, ebp, unknown)”
This is a list of handy gdb commands for reference: Continue reading “gdb commands”
I am reading ch3 “windows kernel” of Bruce Dang’s book–“Practical Reverse Engineering” and decides to write some notes down for later reference. Continue reading “Windows software drivers(part1: memory description list)”