Update On Radeco

This post is to outline the work completed during the Google Summer of Code 2015 (GSoC) period and show you a glimpse of radeco and where we are heading with it. For those who are not aware, radeco is a decompiler framework that is developed and maintained by the radare…

CSAW CTF – RE500 – wyvern

We got a 64-bit ELF for this challenge. Running strings shows the use of Obfuscator-LLVM Obfuscator-LLVM clang version 3.6.1 (tags/RELEASE_361/final) (based on Obfuscator-LLVM 3.6.1) The binary expects a valid key! $ ./wyvern_c85f1be480808a9da350faaa6104a19b +-----------------------+| Welcome Hero |+-----------------------+[!] Quest: there is a dragon prowling the domain. brute strength and magic is our…

CSAW CTF – RE500 – wyvern

We got a 64-bit ELF for this challenge. Running strings shows the use of Obfuscator-LLVM Obfuscator-LLVM clang version 3.6.1 (tags/RELEASE_361/final) (based on Obfuscator-LLVM 3.6.1) The binary expects a valid key! $ ./wyvern_c85f1be480808a9da350faaa6104a19b +-----------------------+| Welcome Hero |+-----------------------+[!] Quest: there is a dragon prowling the domain. brute strength and magic is our…

CSAW CTF – Exploitables100 – precision

Given 32-bit ELF reads user input using scanf("%s", &buf), resulting in buffer overflow. Just before returning, it does a floating point comparison .text:08048529 fld ds:floating_num.text:0804852F fstp [esp+0A0h+check].text:08048596 fld [esp+0A0h+check].text:0804859D fld ds:floating_num.text:080485A3 fucomip st, st(1).text:080485A5 fstp st.text:080485A7 jz short ret The floating point number is a 64 bit value, which acts…

CSAW CTF – Exploitables100 – precision

Given 32-bit ELF reads user input using scanf("%s", &buf), resulting in buffer overflow. Just before returning, it does a floating point comparison .text:08048529 fld ds:floating_num.text:0804852F fstp [esp+0A0h+check].text:08048596 fld [esp+0A0h+check].text:0804859D fld ds:floating_num.text:080485A3 fucomip st, st(1).text:080485A5 fstp st.text:080485A7 jz short ret The floating point number is a 64 bit value, which acts…