2016-04-15: Sources of ReRe, a Python RE500 challenge

The CONFidence Teaser CTF 2016 by Dragon Sector is now over and the results are in (congratz 9447!). Therefore I decided to share the sources of my task called ReRe, which was a Python rainbow-heavy obfuscation-heavy bytecode-all-around challenge. I won't spoil too much in case you would like to try to solve it (crackme/rere.py in the archive), but if you would like to read more on it, just see the SOLUTION.md file in the zip file. I'll add, that the obfuscation used self-modifying bytecode, some bytecode-level obfuscation and minor string obfuscation as well, so if you would like to learn more about Python 2.7 internal code representation, try your luck with ReRe :) It was solved 5 times btw.

Download: confidence-teaser-2016-ds-gynvael-rere.zip
"Video": rere_anim.gif (a 3 MB gif, you have been warned)

Read more... [ 6 comments ]

2016-04-20: Rozwiązanie problemu z window.frames[0].frames[0] ze streama

Wczoraj podczas livestreamu m.in. pokazywałem jak rozwiązywało się zadanie plaiddrive (WEB450) z PlaidCTF 2016, i jak to zwykle bywa podczas demo ciekawszych rzeczy, coś nie zadziałało. Konkretniej, w kluczowym momencie chciałem pokazać, że można przejść po ramkach obiektu window niezależnie od originu przebywanych ramek, aż do ramki z tym samym originem; a następnie dostać się do jej treści - i zamiast dostępu do location/document dostałem widoczny wyżej wyjątek, że originy się nie zgadzają. Stwierdziłem wtedy, że pewnie robię jakiś głupi błąd - i w rzeczywistości tak było ;)

Czytaj dalej... [ 3 komentarze ]

Five newest or recently updated notes (these are unfinished posts, code snippets, links or commands I find useful but always forget, and other notes that just don't fit on the blog):

Click here for a list of all notes.

EN Security papers and research notes

Some conference slides are linked at the bottom of this page.

EN Selected vulnerabilities

The full list of vulnerabilities discovered by me (including collaborative work) can be found here (please note that the list might be out of date).

The Google Application Security / Research site might also contain some of my findings.

EN Coding (selected posts)
EN Tools and libraries
  • PiXieServ is a simplified PXE (network boot) server for Windows and Linux-based OS, created for testing of very small home-made OS. See also the post about it.
  • ExcpHook, a system-wide exception monitor for Windows XP 32-bit. Useful if you're fuzzing something that doesn't like having a debugger attached.
  • Ent is an entropy measuring tool for reverse engineering reconnaissance (see also a post explaining how to use it).
  • HiperDrop is a simple command line process memory dumper for Windows, with a few different work modes.
  • asmloader - this little app executes headerless machine code (compiled assembly code). It's meant to be an aid in learning/teaching and playing with assembly, as well as the right tool when you just need to execute some machine code.
  • NetSock is a simple socket/networking lib/wrapper for C++ I've wrote back in 2003 and update from time to time - I use it for most of my network-enabled projects.
PL Videotutoriale i podcasty [ 344 700 views | 147 videos | 3 992 subscribers ]

Subscribe to me on YouTube Nagrywane w wolnym czasie videotutoriale o programowaniu, reverse engineeringu oraz hackingu/security: Kanał na YT | Spis odcinków | Wishlista.

Najnowszy odcinek: https://youtube.com/devicesupport
[ 94 thumbs up | 25 comments | 33 749 260 views ]

Dodatkowo: ReverseCraft - starsza seria podcastów o reverse engineeringu i assembly.

PL Edukacyjnie (wybrane posty)

Dla programistów:

Security / hacking:

  • Hacking - jak uczyć się security/hackingu i spać spokojnie.

Dodatkowo, kilka przemyśleń na temat odnajdywania się na rynku pracy w IT:

PL Programowanie (wybrane posty)

← trochę więcej postów jest po angielskojęzycznej stronie.

PL Gamedev i GFX (wybrane posty)

Grafika generowana proceduralnie:

【 design & art by Xa / Gynvael Coldwind 】 【 logo font (birdman regular) by utopiafonts / Dale Harris 】