CTF writeups

ghaaf

Challenge with PIC16F87

Three or four years ago, a friend of mine asked me to check a memory card of the stone crushing device to find a way to change its data. It contained a counter which decreased from X to zero, and the zero means no more stone crushing. At first glance, it looked like a CF memory for me with the same size and style, but it was a failed mission Read More

HITCON 2021 – mercy

Recently we(retirees) played Hitcon and mercy was the challenge I solved during the competition, and this is how I did it. At first, I checked the file and saw raw binary data, which I didn’t find interesting, but after a while, my teammate sent a link of legitbit[1]https://blog.legitbs.net/2017/10/clemency-showing-mercy.html and said he thinks it should be a cLEMENCy challenge. I searched to find out more and skip reading the whole documentation Read More

Kaspersky CTF – help (Forensic 500)

We were given a memory dump; First we’ll get image info to understand the image type:   It is Windows 7 x64. As usual we check running processes to find possible suspicious ones: There are only two suspect processes: ‘Keepass.exe’ and ‘Cmd.exe’; The first one interested me more and probably I should try to find ‘kdbx’ or ‘kdb’ file, so I scanned for file lists to get something to start: Read More

RC3 CTF – GoReverseMe

We were given a 64-bit ELF file and as the file name suggests, it was a compiled Go file. The file does not need any runtime hence there are too many functions which makes reversing difficult. I was looking for some pointer or obvious place to start with; After running the file, I saw the message “Specify the file to package as argv1, will overwrite, existing”. I tried searching the Read More